Edit tour

Windows Analysis Report
oyCvLcfl3R.exe

Overview

General Information

Sample name:	oyCvLcfl3R.exe renamed because original name is a hash value
Original sample name:	933EB414285EA29140928E633E8EC34E.exe
Analysis ID:	1550621
MD5:	933eb414285ea29140928e633e8ec34e
SHA1:	228a81ed40af52d0d4f7740401440c2d9a8e496d
SHA256:	4079c8b353cbed438c29fe62ff7315fea2a90ff3cc16055801939f647d2f2d26
Tags:	exeXenoRATuser-abuse_ch
Infos:

Detection

XenoRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Scheduled temp file as task from temp location

Suricata IDS alerts for network traffic

Yara detected XenoRAT

.NET source code contains potential unpacker

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Machine Learning detection for dropped file

Machine Learning detection for sample

Uses schtasks.exe or at.exe to add and modify task schedules

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

oyCvLcfl3R.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\oyCvLcfl3R.exe" MD5: 933EB414285EA29140928E633E8EC34E)

oyCvLcfl3R.exe (PID: 7532 cmdline: "C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe" MD5: 933EB414285EA29140928E633E8EC34E)

schtasks.exe (PID: 7620 cmdline: "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

oyCvLcfl3R.exe (PID: 7680 cmdline: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe MD5: 933EB414285EA29140928E633E8EC34E)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XenoRAT		No Attribution	https://blog.talosintelligence.com/moonpeak-malware-infrastructure-north-korea/ https://github.com/moom825/xeno-rat https://hunt.io/blog/good-game-gone-bad-xeno-rat-spread-via-gg-domains-and-github	https://malpedia.caad.fkie.fraunhofer.de/details/win.xenorat

Malware Configuration

Threatname: XenoRAT

{"C2 url": "194.113.106.81", "Mutex Name": "szczur_nd8912d", "Install Folder": "appdata"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
oyCvLcfl3R.exe	JoeSecurity_XenoRAT	Yara detected XenoRAT	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	JoeSecurity_XenoRAT	Yara detected XenoRAT	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1390245336.00000000001D2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_XenoRAT	Yara detected XenoRAT	Joe Security
Process Memory Space: oyCvLcfl3R.exe PID: 7440	JoeSecurity_XenoRAT	Yara detected XenoRAT	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.oyCvLcfl3R.exe.1d0000.0.unpack	JoeSecurity_XenoRAT	Yara detected XenoRAT	Joe Security

Sigma Signatures

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F, CommandLine: "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe" , ParentImage: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe, ParentProcessId: 7532, ParentProcessName: oyCvLcfl3R.exe, ProcessCommandLine: "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F, ProcessId: 7620, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Persistence and Installation Behavior

Sigma detected: Scheduled temp file as task from temp location

Source: Process started

Author: Joe Security: Data: Command: "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F, CommandLine: "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe" , ParentImage: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe, ParentProcessId: 7532, ParentProcessName: oyCvLcfl3R.exe, ProcessCommandLine: "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F, ProcessId: 7620, ProcessName: schtasks.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-06T22:42:18.680736+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.8	49709	TCP
2024-11-06T22:42:58.152095+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.8	62529	TCP

ET MALWARE [ANY.RUN] Xeno-RAT TCP Check-In

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-06T22:44:48.249589+0100	2050110	1	Malware Command and Control Activity Detected	194.113.106.81	2271	192.168.2.8	49707	TCP

ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-06T22:43:05.496747+0100	2050111	1	Malware Command and Control Activity Detected	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:43:36.990466+0100	2050111	1	Malware Command and Control Activity Detected	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:44:02.833234+0100	2050111	1	Malware Command and Control Activity Detected	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:44:28.812111+0100	2050111	1	Malware Command and Control Activity Detected	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:44:54.693034+0100	2050111	1	Malware Command and Control Activity Detected	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:45:20.647568+0100	2050111	1	Malware Command and Control Activity Detected	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:45:46.504767+0100	2050111	1	Malware Command and Control Activity Detected	192.168.2.8	49707	194.113.106.81	2271	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: oyCvLcfl3R.exe

Malware Configuration Extractor: XenoRAT {"C2 url": "194.113.106.81", "Mutex Name": "szczur_nd8912d", "Install Folder": "appdata"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

ReversingLabs: Detection: 73%

Multi AV Scanner detection for submitted file

Source: oyCvLcfl3R.exe

ReversingLabs: Detection: 73%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: oyCvLcfl3R.exe

Joe Sandbox ML: detected

Source: oyCvLcfl3R.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2050111 - Severity 1 - ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive : 192.168.2.8:49707 -> 194.113.106.81:2271
Source: Network traffic	Suricata IDS: 2050110 - Severity 1 - ET MALWARE [ANY.RUN] Xeno-RAT TCP Check-In : 194.113.106.81:2271 -> 192.168.2.8:49707

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 194.113.106.81

Source: global traffic

TCP traffic: 192.168.2.8:49706 -> 194.113.106.81:2271

Source: Joe Sandbox View

ASN Name: RACKTECHRU RACKTECHRU

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.8:49709
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.8:62529

Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81
Source: unknown	TCP traffic detected without corresponding DNS query: 194.113.106.81

Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000002F4C000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Code function: 0_2_00A50B12	0_2_00A50B12
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Code function: 2_2_01350B12	2_2_01350B12
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Code function: 2_2_01359360	2_2_01359360
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Code function: 2_2_01359C30	2_2_01359C30
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Code function: 2_2_01352CC8	2_2_01352CC8
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Code function: 2_2_01359018	2_2_01359018
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Code function: 5_2_00E60B15	5_2_00E60B15

Source: oyCvLcfl3R.exe, 00000000.00000002.1394850776.00000000006DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs oyCvLcfl3R.exe
Source: oyCvLcfl3R.exe, 00000000.00000000.1390265734.00000000001DE000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamejava.exe> vs oyCvLcfl3R.exe
Source: oyCvLcfl3R.exe, 00000002.00000002.3859075977.00000000011BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs oyCvLcfl3R.exe
Source: oyCvLcfl3R.exe	Binary or memory string: OriginalFilenamejava.exe> vs oyCvLcfl3R.exe
Source: oyCvLcfl3R.exe.0.dr	Binary or memory string: OriginalFilenamejava.exe> vs oyCvLcfl3R.exe

Source: oyCvLcfl3R.exe, Encryption.cs	Cryptographic APIs: 'CreateDecryptor'
Source: oyCvLcfl3R.exe.0.dr, Encryption.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@7/4@0/1

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe

File created: C:\Users\user\AppData\Roaming\XenoManager

Jump to behavior

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Mutant created: \Sessions\1\BaseNamedObjects\szczur_nd8912d-admin
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7632:120:WilError_03

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

File created: C:\Users\user\AppData\Local\Temp\tmpD917.tmp

Jump to behavior

Source: oyCvLcfl3R.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: oyCvLcfl3R.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: oyCvLcfl3R.exe

ReversingLabs: Detection: 73%

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe

File read: C:\Users\user\Desktop\oyCvLcfl3R.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\oyCvLcfl3R.exe "C:\Users\user\Desktop\oyCvLcfl3R.exe"
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe "C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe"
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe "C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F	Jump to behavior

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: oyCvLcfl3R.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: oyCvLcfl3R.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: oyCvLcfl3R.exe, DllHandler.cs	.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
Source: oyCvLcfl3R.exe, DllHandler.cs	.Net Code: DllNodeHandler
Source: oyCvLcfl3R.exe.0.dr, DllHandler.cs	.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
Source: oyCvLcfl3R.exe.0.dr, DllHandler.cs	.Net Code: DllNodeHandler

Source: oyCvLcfl3R.exe

Static PE information: 0xB6F61BA2 [Sat Apr 9 13:44:02 2067 UTC]

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe

File created: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Memory allocated: A50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Memory allocated: 24A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Memory allocated: 44A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Memory allocated: 1350000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Memory allocated: 2F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Memory allocated: 4F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Memory allocated: E60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Memory allocated: 2C90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Memory allocated: 2AC0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Window / User API: threadDelayed 4770			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Window / User API: threadDelayed 5001			Jump to behavior

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe TID: 7460	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe TID: 7568	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe TID: 7612	Thread sleep count: 4770 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe TID: 7612	Thread sleep count: 5001 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe TID: 7704	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: oyCvLcfl3R.exe, 00000002.00000002.3859075977.00000000011F3000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Process created: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe "C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe"			Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F			Jump to behavior

Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000002F4C000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000003105000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.00000000033F2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000003220000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: explorer - Program Manager@\
Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000002F4C000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000003105000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.00000000033F2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: explorer - Program Manager
Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000002F4C000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000003105000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.00000000033F2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerX#
Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000002F4C000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000003105000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.00000000033F2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerlB
Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000002F4C000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000003105000.00000004.00000800.00020000.00000000.sdmp, oyCvLcfl3R.exe, 00000002.00000002.3860737322.00000000033F2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: q explorer - Program Manager
Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.000000000335A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: explorer - Program ManagerLR
Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000002F4C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: explorer - Program ManagerX#
Source: oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000002F4C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerMoX#

Source: C:\Users\user\Desktop\oyCvLcfl3R.exe	Queries volume information: C:\Users\user\Desktop\oyCvLcfl3R.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Queries volume information: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	Queries volume information: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: oyCvLcfl3R.exe, 00000002.00000002.3859075977.00000000011F3000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct

Stealing of Sensitive Information

Yara detected XenoRAT

Source: Yara match	File source: oyCvLcfl3R.exe, type: SAMPLE
Source: Yara match	File source: 0.0.oyCvLcfl3R.exe.1d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1390245336.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: oyCvLcfl3R.exe PID: 7440, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe, type: DROPPED

Remote Access Functionality

Yara detected XenoRAT

Source: Yara match	File source: oyCvLcfl3R.exe, type: SAMPLE
Source: Yara match	File source: 0.0.oyCvLcfl3R.exe.1d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1390245336.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: oyCvLcfl3R.exe PID: 7440, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 Scheduled Task/Job	12 Process Injection	1 Masquerading	OS Credential Dumping	121 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
oyCvLcfl3R.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.Bigisoft
oyCvLcfl3R.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.Bigisoft

Source	Detection	Scanner	Label	Link
194.113.106.81	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
194.113.106.81	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	oyCvLcfl3R.exe, 00000002.00000002.3860737322.0000000002F4C000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
194.113.106.81	unknown	Russian Federation		208861	RACKTECHRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1550621
Start date and time:	2024-11-06 22:41:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	oyCvLcfl3R.exe renamed because original name is a hash value
Original Sample Name:	933EB414285EA29140928E633E8EC34E.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@7/4@0/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 174 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target oyCvLcfl3R.exe, PID 7440 because it is empty
Execution Graph export aborted for target oyCvLcfl3R.exe, PID 7532 because it is empty
Execution Graph export aborted for target oyCvLcfl3R.exe, PID 7680 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: oyCvLcfl3R.exe

Simulations

Behavior and APIs

Time	Type	Description
16:42:53	API Interceptor	7394409x Sleep call for process: oyCvLcfl3R.exe modified
22:42:06	Task Scheduler	Run new task: Java Update path: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
RACKTECHRU	qsKo.ps1	Get hash	malicious	RHADAMANTHYS	Browse	194.113.106.180
	GsrDwm0DJG.ps1	Get hash	malicious	RHADAMANTHYS	Browse	194.113.106.180
	HeggBkMoYE.ps1	Get hash	malicious	RHADAMANTHYS	Browse	194.113.106.180
	b2J6hgvd51.elf	Get hash	malicious	Unknown	Browse	45.128.232.191
	TbFoReHi2v.elf	Get hash	malicious	Mirai	Browse	45.128.232.235
	gmA11dfzc2.elf	Get hash	malicious	Mirai	Browse	45.128.232.235
	naoen3DFXE.elf	Get hash	malicious	Mirai	Browse	45.128.232.235
	BrKoH01YHR.elf	Get hash	malicious	Mirai	Browse	45.128.232.235
	JV1eMPUdHV.elf	Get hash	malicious	Mirai	Browse	45.128.232.235
	O1OSOtRYWN.elf	Get hash	malicious	Mirai	Browse	45.128.232.235

Process:	C:\Users\user\Desktop\oyCvLcfl3R.exe
File Type:	CSV text
Category:	modified
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Temp\tmpD917.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1070
Entropy (8bit):	3.9423917543580385
Encrypted:	false
SSDEEP:	12:StLJ+DWg0Sa+Nn/WNeMS7Xp1yd3YL6WVYXqOVl7KfTShhJKShjNI0QBDO1d9HAKs:StLJ+S8AMEoL6fUMhEMj+0QVhXtn
MD5:	88900189E8AAA06DC00F0C4A610406C1
SHA1:	FD9EA9D4E06D67C378F4A8969EFBC97035D511C0
SHA-256:	87A64E6D16C2FA5E6D65AF8B051B09F7A7A296BB3D909D58C261E3151D61F342
SHA-512:	C1C540048F09F618CCF2FA8DF8199A559166AB2B325641C4463B26BEB1E777E78E28B22D1C6B2A6B7A8C5D435268B58D1C41825D6F3268A061B008A1F1F02E98
Malicious:	true
Reputation:	low
Preview:	.. <Task xmlns='http://schemas.microsoft.com/windows/2004/02/mit/task'>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. </LogonTrigger>.. </Triggers>.. <Principals>.. <Principal id='Author'>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. </Settings>.. <Actions>.. <Exec>.. <Command>C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe</Command>..

C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

Download File

Process:	C:\Users\user\Desktop\oyCvLcfl3R.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	46592
Entropy (8bit):	5.64403761286576
Encrypted:	false
SSDEEP:	768:wdhO/poiiUcjlJIn4hYH9Xqk5nWEZ5SbTDaEbuI7CPW5W:iw+jjgn4SH9XqcnW85SbThbuIe
MD5:	933EB414285EA29140928E633E8EC34E
SHA1:	228A81ED40AF52D0D4F7740401440C2D9A8E496D
SHA-256:	4079C8B353CBED438C29FE62FF7315FEA2A90FF3CC16055801939F647D2F2D26
SHA-512:	71FC1A046D3B60DD91EE6D6BD4D9D433D5361F02D781A56B9677BA02748497C0284288DC128CCE24438BC22AB3FC6256882744AC63A35061CF692D8AEC088868
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 74%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.................. ........@.. ....................... ............`.....................................S.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......,l...^......^...................................................moom825......e....g.Pr..:.r&.O.x>r.B"...(......s....}.....r...p}.....(....(...........s....o......o....s....( ...r...p(!...,.("....6.\|.....(?...V.(......}......}.....6.\|.....(?...6.\|.....(?...6.\|"....(?...6.\|&....(?...6.\|-....(?...6.\|2....(?...6.\|;....(?...6.\|A....(?.....sl...}F.....}I.....}J.....}K....(......}G.....}E...6.{F....om...f..i..i3.....ij(+.......6.{G....oL...2.{G...oM...*

C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\oyCvLcfl3R.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.64403761286576
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	oyCvLcfl3R.exe
File size:	46'592 bytes
MD5:	933eb414285ea29140928e633e8ec34e
SHA1:	228a81ed40af52d0d4f7740401440c2d9a8e496d
SHA256:	4079c8b353cbed438c29fe62ff7315fea2a90ff3cc16055801939f647d2f2d26
SHA512:	71fc1a046d3b60dd91ee6d6bd4d9d433d5361f02d781a56b9677ba02748497c0284288dc128cce24438bc22ab3fc6256882744ac63a35061cf692d8aec088868
SSDEEP:	768:wdhO/poiiUcjlJIn4hYH9Xqk5nWEZ5SbTDaEbuI7CPW5W:iw+jjgn4SH9XqcnW85SbThbuIe
TLSH:	F623F88C579C8923E6AF1ABD98324263C7B3E3669532E38F08CCD4E937973855845397
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.................. ........@.. ....................... ............`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x40cb2e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xB6F61BA2 [Sat Apr 9 13:44:02 2067 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xcad8	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe000	0x5cc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x10000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xab34	0xac00	59c10e68372041503c87f06128970f5e	False	0.44980922965116277	data	5.72755701728677	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xe000	0x5cc	0x600	3abb05bf6b4b296f4b5a4ae2a101a852	False	0.453125	data	4.418080868017604	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x10000	0xc	0x200	fe4084463397825adcd6699b3e113e89	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xe0a0	0x340	data			0.45913461538461536
RT_MANIFEST	0xe3e0	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-06T22:42:18.680736+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.8	49709	TCP
2024-11-06T22:42:58.152095+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.8	62529	TCP
2024-11-06T22:43:05.496747+0100	2050111	ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive	1	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:43:36.990466+0100	2050111	ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive	1	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:44:02.833234+0100	2050111	ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive	1	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:44:28.812111+0100	2050111	ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive	1	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:44:48.249589+0100	2050110	ET MALWARE [ANY.RUN] Xeno-RAT TCP Check-In	1	194.113.106.81	2271	192.168.2.8	49707	TCP
2024-11-06T22:44:54.693034+0100	2050111	ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive	1	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:45:20.647568+0100	2050111	ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive	1	192.168.2.8	49707	194.113.106.81	2271	TCP
2024-11-06T22:45:46.504767+0100	2050111	ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive	1	192.168.2.8	49707	194.113.106.81	2271	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 6, 2024 22:42:09.296869993 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:09.301841021 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:09.301939011 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:11.150015116 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:11.198084116 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:11.268665075 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:11.275017023 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:11.558118105 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:11.560842991 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:11.566919088 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:11.848503113 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:11.848579884 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:11.848627090 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:11.921622038 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:12.236449957 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:12.323492050 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:12.323506117 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:12.632961988 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:12.639617920 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:12.648216009 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:12.648382902 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:12.673973083 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:13.451858997 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:13.453954935 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:13.459454060 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:13.741643906 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:13.743854046 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:13.744518042 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:13.745084047 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:13.745536089 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:13.748980999 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:13.749491930 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:13.750226021 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:13.751638889 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:14.034071922 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:14.035283089 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:14.038992882 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:14.040189028 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:14.040282011 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:14.080137014 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:14.080138922 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:14.754043102 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:14.759149075 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:14.837162971 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:14.838579893 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:14.843745947 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:15.120773077 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:15.122288942 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:15.123023987 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:15.123426914 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:15.123836994 CET	49706	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:15.127392054 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:15.127830982 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:15.128349066 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:15.128624916 CET	2271	49706	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:15.410193920 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:15.425878048 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:15.430900097 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:16.035068035 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:16.036911011 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:16.042228937 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:17.332184076 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:17.344014883 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:17.349102020 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:17.712937117 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:17.718219995 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:17.723349094 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:18.627854109 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:18.631475925 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:18.636255026 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:19.924973965 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:19.926588058 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:19.931509018 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:20.013873100 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:20.020790100 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:20.025665998 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:21.222132921 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:21.223803997 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:21.228780031 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:22.294387102 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:22.301604986 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:22.306574106 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:22.506076097 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:22.507563114 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:22.512459993 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:23.799926996 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:23.801917076 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:23.806813002 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:24.580408096 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:24.587918997 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:24.592811108 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:25.095329046 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:25.097461939 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:25.102680922 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:26.426784992 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:26.428236008 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:26.433024883 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:26.872750044 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:26.880115986 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:26.884989977 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:27.723995924 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:27.726008892 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:27.730920076 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:29.020065069 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:29.064582109 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:29.073144913 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:29.080604076 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:29.169852972 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:29.197278023 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:29.202125072 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:30.686695099 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:30.687494040 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:30.687542915 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:30.688040018 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:30.695540905 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:31.482031107 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:31.494447947 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:31.499461889 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:31.978125095 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:31.982590914 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:31.987421989 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:33.268989086 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:33.270627022 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:33.275481939 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:33.783807993 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:33.790756941 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:33.795644999 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:34.562979937 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:34.565661907 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:34.570530891 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:35.847213984 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:35.849143982 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:35.854016066 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:36.067835093 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:36.073637009 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:36.078824997 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:37.128757000 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:37.132430077 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:37.137254953 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:38.356158018 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:38.362739086 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:38.367557049 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:38.424514055 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:38.425997019 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:38.430866957 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:39.716346025 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:39.719355106 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:39.724294901 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:40.638673067 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:40.671792030 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:40.676832914 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:41.169784069 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:41.171277046 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:41.176523924 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:42.462835073 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:42.464508057 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:42.469643116 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:42.957140923 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:42.966779947 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:42.971540928 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:43.932363987 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:43.933722019 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:43.938622952 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:45.207936049 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:45.209197044 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:45.214272976 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:45.248444080 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:45.254940987 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:45.259928942 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:46.503243923 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:46.538043022 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:46.542828083 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:47.659275055 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:47.666106939 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:47.671269894 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:47.816755056 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:47.818036079 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:47.823015928 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:49.107471943 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:49.158313990 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:49.161235094 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:49.166141987 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:49.950392962 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:49.959223986 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:49.964359045 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:50.441118002 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:50.442368984 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:50.447185993 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:52.113729954 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:52.114147902 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:52.114197969 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:52.130496979 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:52.135333061 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:52.246999025 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:52.272501945 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:52.277288914 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:53.413244963 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:53.414474964 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:53.419284105 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:54.560363054 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:54.564784050 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:54.570319891 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:54.706831932 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:54.708250046 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:54.714493990 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:55.990552902 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:55.992281914 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:55.997179031 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:56.864391088 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:56.868765116 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:56.874829054 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:57.284732103 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:57.285917044 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:57.290769100 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:58.579513073 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:58.581243992 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:58.586412907 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:59.144457102 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:59.149584055 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:59.154558897 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:59.876257896 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:42:59.877870083 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:42:59.882783890 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:01.357656956 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:01.358869076 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:01.364068985 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:01.427911043 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:01.433051109 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:01.438323975 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:02.915788889 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:02.917665005 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:02.924065113 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:03.926381111 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:03.941528082 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:03.941711903 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:04.001637936 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:04.006452084 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:04.191431999 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:04.205118895 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:04.209923029 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:05.495481968 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:05.496747017 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:05.501873970 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:06.290544987 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:06.295665026 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:06.300587893 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:06.784548998 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:06.830204964 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:06.830658913 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:06.835469007 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:08.122035027 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:08.125580072 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:08.130430937 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:08.576366901 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:08.581988096 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:08.587347984 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:09.412167072 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:09.414597034 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:09.419583082 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:10.705974102 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:10.707191944 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:10.712153912 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:10.872848034 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:10.878465891 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:10.883341074 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:11.987432003 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:11.988831997 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:11.993781090 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:13.163561106 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:13.168673992 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:13.173543930 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:13.280884981 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:13.284377098 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:13.289397001 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:14.576031923 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:14.577837944 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:14.582714081 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:15.457484961 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:15.462388039 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:15.467335939 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:15.874361992 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:15.875901937 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:15.881006002 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:17.164305925 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:17.165652990 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:17.171040058 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:17.745765924 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:17.751291037 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:17.756589890 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:18.462934971 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:18.464734077 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:18.469618082 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:19.974592924 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:19.976078987 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:19.982666969 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:20.035362005 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:20.040278912 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:20.045224905 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:21.268978119 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:21.280395985 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:21.285403013 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:22.335869074 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:22.341640949 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:22.346590042 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:22.580419064 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:22.583894968 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:22.588834047 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:23.878684044 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:23.880096912 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:23.885839939 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:24.633725882 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:24.673979998 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:24.759052992 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:24.764098883 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:25.176462889 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:25.177799940 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:25.182660103 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:26.475064993 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:26.476406097 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:26.484101057 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:27.030077934 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:27.035111904 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:27.039936066 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:27.769077063 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:27.770250082 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:27.775326014 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:29.065434933 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:29.067169905 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:29.073316097 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:29.327418089 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:29.333367109 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:29.338244915 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:30.363065958 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:30.408390045 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:30.441812038 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:30.447223902 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:31.630724907 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:31.636516094 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:31.641520977 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:31.738948107 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:31.740262032 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:31.745237112 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:33.091955900 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:33.110363960 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:33.115417957 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:33.925095081 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:33.931519985 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:33.936359882 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:34.391114950 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:34.392407894 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:34.397243023 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:35.688446045 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:35.689896107 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:35.695307016 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:36.220397949 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:36.226866961 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:36.231707096 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:36.986522913 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:36.990466118 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:36.995697975 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:38.277996063 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:38.279531956 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:38.284383059 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:38.508979082 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:38.513982058 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:38.518980026 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:39.574944973 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:39.576756001 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:39.582336903 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:40.793946981 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:40.800052881 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:40.805003881 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:40.862716913 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:40.865844965 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:40.870959044 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:42.151827097 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:42.153283119 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:42.158104897 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:43.091327906 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:43.097183943 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:43.101974964 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:43.440960884 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:43.443504095 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:43.449662924 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:44.739895105 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:44.742480040 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:44.747473001 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:45.381102085 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:45.386652946 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:45.391969919 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:46.034477949 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:46.040015936 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:46.044960976 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:47.332022905 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:47.333444118 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:47.338346004 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:47.675129890 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:47.679579973 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:47.684448957 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:48.631999016 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:48.638315916 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:48.643297911 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:49.923923016 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:49.925821066 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:49.930716038 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:49.965658903 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:49.973923922 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:49.978763103 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:51.216227055 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:51.220866919 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:51.225698948 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:52.263071060 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:52.268564939 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:52.273396969 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:52.503437996 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:52.504852057 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:52.509778976 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:53.786797047 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:53.788218021 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:53.796581984 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:54.557027102 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:54.564291954 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:54.569664001 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:55.082489014 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:55.085885048 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:55.091375113 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:56.363432884 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:56.364960909 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:56.370101929 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:56.843765020 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:56.850284100 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:56.856976986 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:57.667242050 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:57.668447971 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:57.673439026 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:58.956079960 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:58.960555077 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:58.965809107 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:59.137754917 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:43:59.148303986 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:43:59.153146029 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:00.252957106 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:00.254188061 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:00.259042978 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:01.420090914 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:01.427957058 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:01.432851076 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:01.535166025 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:01.539905071 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:01.544771910 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:02.831572056 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:02.833234072 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:02.838862896 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:03.716052055 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:03.767929077 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:04.128490925 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:04.153157949 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:04.157963037 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:04.169548035 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:04.187570095 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:04.193367958 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:05.488143921 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:05.491451025 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:05.496351004 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:06.441310883 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:06.447671890 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:06.452620983 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:06.778019905 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:06.779377937 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:06.784364939 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:08.077255011 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:08.078943968 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:08.083899975 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:08.729875088 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:08.735801935 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:08.740698099 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:09.363276005 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:09.367785931 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:09.372752905 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:10.649921894 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:10.651758909 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:10.656810999 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:11.025666952 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:11.031413078 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:11.036624908 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:11.943629026 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:11.945811033 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:11.950767040 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:13.239110947 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:13.240530014 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:13.245418072 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:13.332411051 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:13.341675043 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:13.346585035 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:14.535022020 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:14.536223888 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:14.541109085 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:15.628206968 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:15.634113073 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:15.638885975 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:15.816420078 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:15.823602915 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:15.828607082 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:17.097043037 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:17.142848969 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:17.155493021 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:17.160310030 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:17.917395115 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:17.924482107 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:17.929668903 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:18.456499100 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:18.458151102 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:18.464008093 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:19.738337994 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:19.763082981 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:19.768264055 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:20.206008911 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:20.213167906 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:20.218286991 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:21.050185919 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:21.051467896 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:21.056672096 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:22.339015961 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:22.343539000 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:22.348905087 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:22.497484922 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:22.503113985 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:22.508128881 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:23.638690948 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:23.640093088 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:23.645066977 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:24.782855988 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:24.787970066 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:24.793273926 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:24.932074070 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:24.933432102 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:24.938368082 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:26.222397089 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:26.223731995 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:26.229341984 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:27.079735994 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:27.086023092 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:27.090972900 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:27.512454987 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:27.513770103 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:27.518677950 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:28.810398102 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:28.812110901 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:28.817034006 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:29.373786926 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:29.379020929 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:29.383945942 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:30.106177092 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:30.107568979 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:30.112529039 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:31.396470070 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:31.397770882 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:31.402653933 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:31.660996914 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:31.666239023 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:31.671183109 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:32.692677021 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:32.696711063 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:32.701700926 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:33.950364113 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:33.958460093 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:33.963362932 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:33.987401962 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:33.988754988 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:33.993576050 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:35.284564018 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:35.309931040 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:35.315092087 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:36.247540951 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:36.251720905 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:36.257062912 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:36.597960949 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:36.599554062 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:36.604661942 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:37.895343065 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:37.897712946 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:37.903316975 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:38.544344902 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:38.549352884 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:38.554251909 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:39.182462931 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:39.185769081 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:39.192296028 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:40.485574007 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:40.487147093 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:40.492037058 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:40.840965033 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:40.852819920 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:40.857676029 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:41.769309044 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:41.781218052 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:41.786134005 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:43.075831890 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:43.077497005 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:43.082459927 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:43.132716894 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:43.138978004 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:43.143930912 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:44.362811089 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:44.370764017 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:44.375648022 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:45.429730892 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:45.434982061 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:45.440157890 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:45.658631086 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:45.659899950 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:45.664815903 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:46.941518068 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:46.945522070 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:46.950644016 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:47.717580080 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:47.767874002 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:47.874241114 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:47.879173994 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:48.240494967 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:48.244633913 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:48.249588966 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:49.534105062 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:49.535563946 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:49.540369034 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:50.169701099 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:50.175390959 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:50.180381060 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:50.822705984 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:50.825606108 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:50.830648899 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:52.112210035 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:52.113518000 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:52.119901896 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:52.465902090 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:52.473987103 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:52.478979111 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:53.396733999 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:53.398025990 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:53.402920008 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:54.691576004 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:54.693033934 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:54.698332071 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:54.749829054 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:54.760432005 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:54.765969038 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:55.987701893 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:55.989111900 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:55.993949890 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:57.038325071 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:57.045655012 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:57.050540924 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:57.280946970 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:57.282522917 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:57.287425995 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:58.568145037 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:58.569382906 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:58.574338913 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:59.335221052 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:59.339874029 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:59.344789028 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:59.864845037 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:44:59.876687050 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:44:59.881534100 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:01.174963951 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:01.176469088 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:01.181324959 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:01.646819115 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:01.655745029 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:01.660660028 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:02.460508108 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:02.502274990 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:02.513360977 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:02.518165112 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:03.800143957 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:03.802094936 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:03.807336092 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:03.934974909 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:03.941597939 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:03.946896076 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:05.085812092 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:05.093085051 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:05.098140001 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:06.231935024 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:06.237644911 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:06.242582083 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:06.394185066 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:06.395908117 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:06.400813103 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:07.686237097 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:07.687482119 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:07.692562103 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:08.513187885 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:08.538446903 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:08.543678999 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:08.972537994 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:08.974020004 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:08.979065895 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:10.254144907 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:10.255671978 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:10.260508060 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:10.821053982 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:10.870023966 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:10.875250101 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:11.556739092 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:11.558060884 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:11.562947989 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:12.851800919 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:12.853363037 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:12.858200073 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:13.147583008 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:13.153561115 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:13.158363104 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:14.144397020 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:14.148042917 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:14.153500080 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:15.435527086 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:15.440690041 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:15.441344023 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:15.442177057 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:15.445455074 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:15.447005987 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:16.738977909 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:16.764209032 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:16.769337893 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:17.730698109 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:17.739562035 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:17.744592905 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:18.049786091 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:18.051800013 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:18.056824923 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:19.347220898 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:19.348344088 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:19.353173971 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:20.012897015 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:20.017891884 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:20.022983074 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:20.643896103 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:20.647567987 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:20.652486086 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:21.925333023 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:21.927645922 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:21.932504892 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:22.294487953 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:22.301578045 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:22.306462049 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:23.218003035 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:23.219468117 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:23.225236893 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:24.520509005 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:24.523117065 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:24.528114080 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:24.591681004 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:24.598900080 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:24.604157925 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:25.807859898 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:25.811662912 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:25.817843914 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:26.884593010 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:26.891305923 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:26.897450924 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:27.096947908 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:27.104434967 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:27.109441042 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:28.379431963 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:28.380676985 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:28.385560036 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:29.177119970 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:29.182323933 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:29.187211990 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:29.675532103 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:29.676794052 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:29.681746960 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:30.968177080 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:30.969863892 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:30.974879980 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:31.466666937 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:31.473426104 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:31.478842974 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:32.263581991 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:32.274975061 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:32.280781984 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:33.565606117 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:33.567051888 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:33.572026968 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:33.762973070 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:33.774420023 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:33.779381037 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:34.853024006 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:34.856523991 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:34.861538887 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:36.060435057 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:36.068286896 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:36.073283911 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:36.145437956 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:36.147816896 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:36.152707100 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:37.440984011 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:37.443574905 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:37.448579073 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:38.364770889 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:38.370682001 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:38.375588894 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:38.733288050 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:38.735584974 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:38.740869045 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:40.028006077 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:40.031613111 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:40.036591053 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:40.653481007 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:40.662817955 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:40.667701960 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:41.331659079 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:41.333024025 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:41.337856054 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:42.651184082 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:42.652617931 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:42.658632040 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:42.934338093 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:42.941148996 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:42.946196079 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:43.927103996 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:43.928395987 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:43.933685064 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:45.220319986 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:45.222322941 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:45.231781006 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:45.232433081 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:45.238353014 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:45.244954109 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:46.503385067 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:46.504766941 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:46.509635925 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:47.513721943 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:47.554197073 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:47.559111118 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:47.789771080 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:47.791768074 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:47.796662092 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:49.081346035 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:49.082743883 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:49.087650061 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:49.843641996 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:49.851202965 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:49.856081963 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:50.362943888 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:50.364279985 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:50.369477034 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:51.651283026 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:51.652687073 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:51.657579899 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:52.147841930 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:52.153420925 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:52.158375978 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:52.946234941 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:52.950475931 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:52.956176043 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:54.233160019 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:54.234816074 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:54.239723921 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:54.448111057 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:54.454153061 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:54.458985090 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:55.641051054 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:55.643894911 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:55.648835897 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:56.746552944 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:56.752794981 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:56.757689953 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:56.942286968 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:56.943459034 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:56.948317051 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:58.235450029 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:58.236725092 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:58.241683960 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:59.044863939 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:59.050240993 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:59.055249929 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:59.520803928 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:45:59.522654057 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:45:59.530638933 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:00.812397957 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:00.814285040 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:00.819197893 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:01.341027975 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:01.361005068 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:01.365982056 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:02.097193003 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:02.099354029 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:02.104268074 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:03.396286011 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:03.399857998 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:03.404778004 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:03.653774977 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:03.659462929 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:03.664336920 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:04.691082001 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:04.692226887 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:04.697484016 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:05.950834036 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:05.954688072 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:05.959585905 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:05.987734079 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:05.988694906 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:05.993766069 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:07.284146070 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:07.288567066 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:07.293483019 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:08.231772900 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:08.239341974 CET	49708	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:08.244215965 CET	2271	49708	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:08.909251928 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:08.910348892 CET	49707	2271	192.168.2.8	194.113.106.81
Nov 6, 2024 22:46:08.915230989 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:10.191107988 CET	2271	49707	194.113.106.81	192.168.2.8
Nov 6, 2024 22:46:10.236872911 CET	49707	2271	192.168.2.8	194.113.106.81

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 6, 2024 22:42:19.884205103 CET	53	64118	1.1.1.1	192.168.2.8

Target ID:	0
Start time:	16:41:59
Start date:	06/11/2024
Path:	C:\Users\user\Desktop\oyCvLcfl3R.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\oyCvLcfl3R.exe"
Imagebase:	0x1d0000
File size:	46'592 bytes
MD5 hash:	933EB414285EA29140928E633E8EC34E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: 00000000.00000000.1390245336.00000000001D2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	16:41:59
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe"
Imagebase:	0xc50000
File size:	46'592 bytes
MD5 hash:	933EB414285EA29140928E633E8EC34E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 74%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	16:42:05
Start date:	06/11/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"schtasks.exe" /Create /TN "Java Update" /XML "C:\Users\user\AppData\Local\Temp\tmpD917.tmp" /F
Imagebase:	0x9e0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	16:42:05
Start date:	06/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	16:42:06
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe
Imagebase:	0x810000
File size:	46'592 bytes
MD5 hash:	933EB414285EA29140928E633E8EC34E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Function 00A50B12 Relevance: .6, Instructions: 575COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 576090d5fce558bbafa6a886b1ebf386b0d182faf93b5f654b7c368a8da3bed2
Instruction ID: 7f28c3a2d6742fc2815f0c685f51d49396a28a3d2c73d1cddbebd25298072338
Opcode Fuzzy Hash: 576090d5fce558bbafa6a886b1ebf386b0d182faf93b5f654b7c368a8da3bed2
Instruction Fuzzy Hash: 75422974A002498FCB15DFA8D484A9DBBF2BF89324F1586A5E805EF365DB30AD49CF50

Function 00A50988 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2b2d31b80f0f817ccde691137422ee14e43687633ee05b6960102f74c4c5c2d
Instruction ID: a0983f98d44076870af0b47d03cb2e441755a21efbddb7e79ed3e429738c4402
Opcode Fuzzy Hash: d2b2d31b80f0f817ccde691137422ee14e43687633ee05b6960102f74c4c5c2d
Instruction Fuzzy Hash: 0A214F70910709DFDB41EFA8E98469DBFF1FB85705F008A69E405AF26AEB701A05DF81

Function 00A50990 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f39d3bde785675d68fff5b3e3492181a8437ad7e72895da31a9f2b5d3e2b62a2
Instruction ID: f9112f3a859f95caa331331402343a8d4be419cba76a36c249c3391dac2755c2
Opcode Fuzzy Hash: f39d3bde785675d68fff5b3e3492181a8437ad7e72895da31a9f2b5d3e2b62a2
Instruction Fuzzy Hash: B0214C709007099FDB41FFA8E94469DBFF1FB85705F008A69E404AF26AEB701A05AF80

Function 00A50877 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b544bde9af44dd60aea568caa9ee437eae7a476126700104f5a83a44c5c1844b
Instruction ID: 3f696023bbb508f84d78e836fdf4e669a9d97c80c07b829af22f14895a51d191
Opcode Fuzzy Hash: b544bde9af44dd60aea568caa9ee437eae7a476126700104f5a83a44c5c1844b
Instruction Fuzzy Hash: AB017C32D1565A8BCF10DBB4DC446DDBB72FFC6620F190716D50177150EBB0255AC790

Function 00A508F9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac747e277022d4f56fdbc284fd4f8e45b52961bd2a0b2bf619d16d1b5efd9c75
Instruction ID: bb1570053a1fd8c45efa1e09751b336a0cfd150602d604363edcd8b856ac4c9f
Opcode Fuzzy Hash: ac747e277022d4f56fdbc284fd4f8e45b52961bd2a0b2bf619d16d1b5efd9c75
Instruction Fuzzy Hash: F2F02835D152489BDF15D770C4A4AEFBFB16F84701F04856BC002AB285CF70140A9791

Function 00A50908 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9ba4bee3e352341a83c3b9445151f9f353d1b531976edf8a8d18cb7e1ea58ad
Instruction ID: ad8faa175d07a6c0a93572a7d59c2cb076034d9ce8b0a61bf4a301e6d251f018
Opcode Fuzzy Hash: e9ba4bee3e352341a83c3b9445151f9f353d1b531976edf8a8d18cb7e1ea58ad
Instruction Fuzzy Hash: A3F0E932D1010997EF05D774C454AEFBBBAAF84701F414526D412B7284DFB0190596D1

Function 00A513A1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f345b199aa6ed8af4fc40c4fb161883c0c58a38929bc8e8c92feb71b5ca03305
Instruction ID: 65c51d96be3c699aeec1c712dbbace796ca338938bcebd24a9e0d0377e009460
Opcode Fuzzy Hash: f345b199aa6ed8af4fc40c4fb161883c0c58a38929bc8e8c92feb71b5ca03305
Instruction Fuzzy Hash: ADE0EDB4C442499FCB40DFB9D8815AEBFF0FE08204F2085AAC904E7205E2311255CF90

Function 00A50839 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0982b396d4262e141c6a1d25168a8bcb5bfdc3b9ee3b162e779530f764abc48e
Instruction ID: 87de678f937719e61d0f23e9470e3807024d3b4aeb971909608cfa05be7dd824
Opcode Fuzzy Hash: 0982b396d4262e141c6a1d25168a8bcb5bfdc3b9ee3b162e779530f764abc48e
Instruction Fuzzy Hash: 70E0DF60809284AFCB12CBB48515B6C3FB0FF06251F1805EAD888CB213C6308A10D746

Function 00A513B0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fef043d575c0f54f122b0501c9fa8b484036c79d8b33f2a125a1e09fb6ee5efe
Instruction ID: f316a0ac5a0e5587fc6978f9e109c1fd8bbbbb4c05f9ecd1bd594a8688c8290b
Opcode Fuzzy Hash: fef043d575c0f54f122b0501c9fa8b484036c79d8b33f2a125a1e09fb6ee5efe
Instruction Fuzzy Hash: DEE042B4D0530E9F8B80EFB989425BEBFF5BB48211F6085AA9908E7201E67056558BD1

Function 00A50848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1395345335.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca2e463bf78cda8ab949af33758381dc39114b98fa07c455c20c509df481cadd
Instruction ID: 2c8a970f1c014a57909c4399c6017381fa80710c30213358d1ea0846f08932dd
Opcode Fuzzy Hash: ca2e463bf78cda8ab949af33758381dc39114b98fa07c455c20c509df481cadd
Instruction Fuzzy Hash: 70D01771905248AFDB11CFB8C905B6D7BB9FB05351F204596E848C7201DB319E10E791

Analysis Process: oyCvLcfl3R.exePID: 7532, Parent PID: 7440COMMON

Executed Functions

Function 01350B12 Relevance: .6, Instructions: 576COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39a11ca9805d394ad5d06133e1131d5285cc1a4fcb5da8c3a2f49f5d2068f44d
Instruction ID: 83fcdcec7bf6249a40352259b914dd69cbb670f1a701823ed9ceec1b909ac47d
Opcode Fuzzy Hash: 39a11ca9805d394ad5d06133e1131d5285cc1a4fcb5da8c3a2f49f5d2068f44d
Instruction Fuzzy Hash: CC425874A002498FDB15DFA8D484A9CBBF2FF89714F1581A9E805EB36ADB31AC45CF50

Function 01352CC8 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80adc147d5196ab6e27ab07f9f8bceb5fb5dd6bb0379b8e8ca4d8383f0161251
Instruction ID: 6df0e007362124b5e35fe04f781212a23222ed3453a7e829d85520f62420afe4
Opcode Fuzzy Hash: 80adc147d5196ab6e27ab07f9f8bceb5fb5dd6bb0379b8e8ca4d8383f0161251
Instruction Fuzzy Hash: 2402E274A01209DFDB45DF68D484A9DBBF2FF89324F1981A9E805AB366D730E885CF50

Function 01359360 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2899945ba9af747bc016306e77782a9456049f052b1ac45ee05619f7e47bd6bd
Instruction ID: 26ed8a30d58977bb3ba585140956d000de69e4cb2a498c38531734f878c468a5
Opcode Fuzzy Hash: 2899945ba9af747bc016306e77782a9456049f052b1ac45ee05619f7e47bd6bd
Instruction Fuzzy Hash: 65B15F70E00209CFDF54CFA9D885BADBBF2AF88B1CF148529D815A7294EB749845CF91

Function 01359C30 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45badd195ec8017017696f68e5bae0043bc2d36d35054e48df898beed8372c0
Instruction ID: c070e5abb8a8fddfe2bcbef2d6ad38aab6987f0bdf152a67ba29926062b4fd17
Opcode Fuzzy Hash: d45badd195ec8017017696f68e5bae0043bc2d36d35054e48df898beed8372c0
Instruction Fuzzy Hash: 46B15270E00209CFDF54CFA9D885B9DBBF2BF88B18F148529D819E7294EB759845CB81

Function 01354E20 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

c", xrefs: 01354E93

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID: c"
API String ID: 0-2139221276
Opcode ID: 1156bc9bef6fe453f56cb8ea5a216bf6447449a11a8d02cc4d0101a94d1c5321
Instruction ID: 7fe5dbe41e770b494294129148691b3432a0613ac29adba937f1b16e72f1b2fe
Opcode Fuzzy Hash: 1156bc9bef6fe453f56cb8ea5a216bf6447449a11a8d02cc4d0101a94d1c5321
Instruction Fuzzy Hash: DF01B53931060657D70AA67EA86857E3AD7BBC8A55754803DD409CB344EF70DC0687D0

Function 0135D5B0 Relevance: .6, Instructions: 581COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5e002ce4cc77ec595b0cfb8f04931470985e087407cbaa6ad4b33ca75b2d1a1
Instruction ID: 7e476372443ba54c3dadb5050f22b8e9fe01ccc8b3e94981755ebad79961e0e1
Opcode Fuzzy Hash: b5e002ce4cc77ec595b0cfb8f04931470985e087407cbaa6ad4b33ca75b2d1a1
Instruction Fuzzy Hash: 29614A7190834ADFDB42DFB8C854BADBFF5BF9A628F1440A6D804E7252E7345805CBA1

Function 0135D655 Relevance: .5, Instructions: 489COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5971643ffbff48d409cfa8e0d1d386d79b729f3386fbfc8448c5f1a678c13678
Instruction ID: 996dcb30cec20ab0f1f251b7c4f44276bde95375fabdc3d8f257ec16d1bd4ec3
Opcode Fuzzy Hash: 5971643ffbff48d409cfa8e0d1d386d79b729f3386fbfc8448c5f1a678c13678
Instruction Fuzzy Hash: 1631F831B083059FD745DB78C854BAEBBF3AF89618F1441A9D801E7362EB219C05C791

Function 0135B1DF Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf314770957ae36cf25381b9371f6d3279555c26ac6b3a86ef78de956e12eb1
Instruction ID: c187e458f16d275f4ca2de7a3754bb679cc41baa303f51f4025748d814804262
Opcode Fuzzy Hash: 0bf314770957ae36cf25381b9371f6d3279555c26ac6b3a86ef78de956e12eb1
Instruction Fuzzy Hash: EDD19C75A152488FEB06DF68C490BDCBFB2FF4A724F198296D850AB366D330D845CB61

Function 0135B3C8 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74e446887514b1006464f9ae7e8b782efe09acdfee3ec847ba97bac72011d23e
Instruction ID: 6e08c1e031838df375c5c3d8c108401b55f6b99c923c840858a20cba5df3f111
Opcode Fuzzy Hash: 74e446887514b1006464f9ae7e8b782efe09acdfee3ec847ba97bac72011d23e
Instruction Fuzzy Hash: AFD1E275A002498FDB05DFA8C480EDDBBF2BF89724F198295E855AB366D730EC45CB60

Function 0135C700 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4afd26290a1b923e334a0e61fa7c2a5cf6acc062a63e6c4e324eef31669e4416
Instruction ID: 56c5716236be9bb9d3aca1a7b6b4bc3c44ef6e209eb3ba9f5a83ac4618660bea
Opcode Fuzzy Hash: 4afd26290a1b923e334a0e61fa7c2a5cf6acc062a63e6c4e324eef31669e4416
Instruction Fuzzy Hash: 96D11275A003498FEB55CF68C480ACCBBF6FF49624F199195E845EB362D730AD81CB60

Function 0135BE20 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 906b6ba59e76d2c01507bc92affa01e33a7516ebd4fab0a38395064bebfe28a5
Instruction ID: 52e3c58b868a43eb476a14290e45771bf44e249854d1501c98c693c165907693
Opcode Fuzzy Hash: 906b6ba59e76d2c01507bc92affa01e33a7516ebd4fab0a38395064bebfe28a5
Instruction Fuzzy Hash: 4BD12471A003498FDB55CF68C480A9CBBF6BF4A318F158699E855AB362D730ED85CF60

Function 0135C6F0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf1f17a94c461c47ea98208efa823f742aa4066bcfb37b89c1be52f0394068a4
Instruction ID: 63a0dd8cb5fefde79e73f16cc519f688a39530328c70b225720fc028f97f47ee
Opcode Fuzzy Hash: cf1f17a94c461c47ea98208efa823f742aa4066bcfb37b89c1be52f0394068a4
Instruction Fuzzy Hash: 93C11275A003098FEB55CFA8C480ACCBBF6BF49724F199195E845EB362D730AD81CB60

Function 01359354 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5679e4a9af7239f549ccb639579cce8fd19852a923a1a5d4f9219ef251de1833
Instruction ID: 6c6026c027aad9163b0f1b549cd04c8de70fff7f35558a1d22d80a2ec0c0472a
Opcode Fuzzy Hash: 5679e4a9af7239f549ccb639579cce8fd19852a923a1a5d4f9219ef251de1833
Instruction Fuzzy Hash: F4B16EB0E00209CFDB50CFA9D885BADBBF1AF88B1CF148529E855E7254EB359845CF91

Function 01359C24 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12a9bf20f7a722a7c6d568f356a7e36ff421cb48b25c388d7807d0fce537393b
Instruction ID: 1b91f69389fd3cd933ab9529ad84cf846912b00f9df64facc52cca142de3c286
Opcode Fuzzy Hash: 12a9bf20f7a722a7c6d568f356a7e36ff421cb48b25c388d7807d0fce537393b
Instruction Fuzzy Hash: 0AA16F70E00209CFDF50CFA9D885B9DBBF1BF48B18F148529E819EB294EB759845CB81

Function 0135AB68 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8361ae8aa232bc5b72281dfc3f9904345b1df5c85f0d6709177eb75d1417fc17
Instruction ID: 8762860eb4271e080d5397ef652f779c5fc70906551bea86d69438978517a54f
Opcode Fuzzy Hash: 8361ae8aa232bc5b72281dfc3f9904345b1df5c85f0d6709177eb75d1417fc17
Instruction Fuzzy Hash: DCA16770A003589FDB15CF68D884D9DBBF6FF89614B198299E849AB362C730EC45DB90

Function 013512A3 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c694b7208e07813ef59445905f61d61b3786789f539e4d3ca068778a37833a2
Instruction ID: f9c25a05dd852e98cb879f39698950e4e9927ff10480623359cc490323deca0e
Opcode Fuzzy Hash: 5c694b7208e07813ef59445905f61d61b3786789f539e4d3ca068778a37833a2
Instruction Fuzzy Hash: CCA14A74A01249CFCB15DFA9C484A9CBBB2FF89724F158268E415AF3A9D731AC85CF50

Function 01353718 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64b103ea1635cb665257c079db393f856b9baf12a3e333611a62374fabead2cb
Instruction ID: fb8b20401535da7f0b9c88fc0d8f96d55184d99fa564290e7683047f23700cbb
Opcode Fuzzy Hash: 64b103ea1635cb665257c079db393f856b9baf12a3e333611a62374fabead2cb
Instruction Fuzzy Hash: 53815A75B002098FDB55CF68C544AADBBF2BF88B64F1581A8D845AB355C730EC45CBA0

Function 01354740 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 199012ed787cf63a7f8fc7af09e00b476a6b4e1421cf20a9cf90f2495dcab8cc
Instruction ID: f7fdf8b64ed8fa086681f1e06bd9e2b8259638f22e2cd947987a9ff1c60aba4e
Opcode Fuzzy Hash: 199012ed787cf63a7f8fc7af09e00b476a6b4e1421cf20a9cf90f2495dcab8cc
Instruction Fuzzy Hash: AF818335B012089FDB19DF68D484A9DBBF2FF89720F158168E505AB365DB30EC86CB91

Function 0135BE10 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c03e1505c629587e6f48012362838d020b24dc599209d87b4b659db0e94120b
Instruction ID: 25e9ae2db566a93d635cae31198379da881695f3e3fbe572f3130567c943148c
Opcode Fuzzy Hash: 2c03e1505c629587e6f48012362838d020b24dc599209d87b4b659db0e94120b
Instruction Fuzzy Hash: 10811471A002498FDB55CF6CC480A9CBBF6BF49328F158695E855AB362C730ED85CF60

Function 01355F78 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3257ecfe1c72d331315e4dfb0c02be4ff242aa8abed944143475cd9c49e512ab
Instruction ID: baa9b22246025ca55797406992c46c42d2bcccad53a0d1442fc88415b29074a4
Opcode Fuzzy Hash: 3257ecfe1c72d331315e4dfb0c02be4ff242aa8abed944143475cd9c49e512ab
Instruction Fuzzy Hash: B081D1B0A043458FDB25CF28C444AADBFF2FF89714F54866DD8969B652CB30E985CB60

Function 01351EC8 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b66d667c11a2ed988b92b90d52bd9c4f6a5831e4580c669987edf07bb86e65
Instruction ID: e1fc174b706e5e409288618671ae20573a706dc880510bf26beb76e11d43db3f
Opcode Fuzzy Hash: c2b66d667c11a2ed988b92b90d52bd9c4f6a5831e4580c669987edf07bb86e65
Instruction Fuzzy Hash: A3714B34600209CFDB45DF68C954E9EB7F2BF88714F6581A8E805AB365DB32ED41CBA0

Function 0135CCA2 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ba3b6cad899b070a48fbdd1de58f6620ffd7f473079c1aa10d9c266f56950d4
Instruction ID: 506a7616111deafa07456e81b0f3026b80b8e82f5a5a10f7ba210e2daabd3d9b
Opcode Fuzzy Hash: 5ba3b6cad899b070a48fbdd1de58f6620ffd7f473079c1aa10d9c266f56950d4
Instruction Fuzzy Hash: CE61E671A003458FDB51CF78C444A9EBFF6BF88B08F148A59D486EB255DB30AC45CB90

Function 0135AFAF Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ed44bb9b95fe1122386245790dca36bebdf7a913217402d03a7577c8ba17ffc
Instruction ID: 1dc42095fe00af1001b91c3d189e21d3516ec5d5348319498b546ec953869a40
Opcode Fuzzy Hash: 0ed44bb9b95fe1122386245790dca36bebdf7a913217402d03a7577c8ba17ffc
Instruction Fuzzy Hash: 93517B5382E3D50FE3436778DC667DA7F259F93929F4905D7C190CB5A3E508880AC3A6

Function 0135CD2C Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 370e0f19792c607934c0a5b5be4cd26279dadd2e2e565809adab5d5e8d004bbb
Instruction ID: 0ccd80cfc87c437d3cd54852141cb369278402d1cb75c1110aef03bceafa1c41
Opcode Fuzzy Hash: 370e0f19792c607934c0a5b5be4cd26279dadd2e2e565809adab5d5e8d004bbb
Instruction Fuzzy Hash: D561A070A017458FDB25CF78C440A8EBBF6FF88714B248A5AE49AEB265D730EC45CB50

Function 01356598 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f56dd7d9f4364594d418f0140d0957830bdbd3b8a1d45afb35f46aba43123f8
Instruction ID: 46494cac6a74a5c0f4a56a866625f0a3f51ed32e9c9192186027399c4b3c2a0d
Opcode Fuzzy Hash: 4f56dd7d9f4364594d418f0140d0957830bdbd3b8a1d45afb35f46aba43123f8
Instruction Fuzzy Hash: 02514A71B002049FDB44DBADD854AAEBBF6EF88720F558169E44AEB355DB30DC418B60

Function 01355F68 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6450c64b69323bd3984c70b5470a9949db8f7cda940a14a8822d85ac05c8fbd
Instruction ID: c465127db052f51bfd89273b1495d934165b07f957613ba04812977cc2fb3190
Opcode Fuzzy Hash: c6450c64b69323bd3984c70b5470a9949db8f7cda940a14a8822d85ac05c8fbd
Instruction Fuzzy Hash: DD61F1B0A04345CFDB25CF68C444AADBFF2FF88724F14866DD8969B656C730A985CB60

Function 01354731 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0279a68af87287786c0f3a6c0f86856f2cde3f13913cf135f2509e9d21b2f0a
Instruction ID: d5c1de86d037913a0cdbc0676b5ab2b14980027f27fb1d98fd83ba961a773ccb
Opcode Fuzzy Hash: c0279a68af87287786c0f3a6c0f86856f2cde3f13913cf135f2509e9d21b2f0a
Instruction Fuzzy Hash: C5511B35B012099FDB14DF68E498A9DBBF2FF89714F148168E905AB365DB31EC85CB40

Function 013549CE Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 670b15acb177e923f4bb39819f5d14bee35bff8e4e9099d52536fee68cb615f0
Instruction ID: 3a6e793fd13c8366bdb0d0e03454f8abd43e4c2b687adac761cebb0a10db0049
Opcode Fuzzy Hash: 670b15acb177e923f4bb39819f5d14bee35bff8e4e9099d52536fee68cb615f0
Instruction Fuzzy Hash: 3D518A75E0021A9FDB54DFA9D841AEEFBF5FF88714F10812AD918E3240E7309941CBA1

Function 01351EB7 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e56d9e8a5cdb4c8417c8f70c4e82c25e7024bc2dc9d736f4bdb45a1f48aa4c8
Instruction ID: 2b515a656e2194416d79ad890c480be8b4e2748fabd3c65488f04ae0796921bd
Opcode Fuzzy Hash: 8e56d9e8a5cdb4c8417c8f70c4e82c25e7024bc2dc9d736f4bdb45a1f48aa4c8
Instruction Fuzzy Hash: 48514B34B00249CFDB45DF68C454A9EB7F2BF88714B6481A9E805AB365DB32ED01CBA0

Function 01353AFF Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3af1bdb21043562ad2d22c9efc5ea84dd4e74945191b8216d6eb8e02a253b2ba
Instruction ID: 2f3697cb9f54ae872c160af2b9dea1d69a9df7551697c5a6703867431a0877ed
Opcode Fuzzy Hash: 3af1bdb21043562ad2d22c9efc5ea84dd4e74945191b8216d6eb8e02a253b2ba
Instruction Fuzzy Hash: D2519030A10705DFCB64CF6AC88099AFBF2FF88754B248A6DE49A97650D731F945CB50

Function 01355028 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b1ccb8a0e4602f6d2f5e05f9fa7e819a8fd0cf94f6f17211f13e0e51ccf91c8
Instruction ID: 6da5f70ff0c6473b94f9be5e643195f4d8285fe1cf59c6c991fbd008712645b1
Opcode Fuzzy Hash: 7b1ccb8a0e4602f6d2f5e05f9fa7e819a8fd0cf94f6f17211f13e0e51ccf91c8
Instruction Fuzzy Hash: B141163251E3954FE7039B3898649DA3FB0EF9367470A06EBC491CB1A3E624980EC771

Function 013529D8 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b18be3abd6fdb48473b41b3fe9bd62c8dd58b8c14714b1cb9f17a9067e5c2bb6
Instruction ID: 256d38672f5af77aba5cff6486a8fc3d4ee7fc280d360122339e1abcb5fa920b
Opcode Fuzzy Hash: b18be3abd6fdb48473b41b3fe9bd62c8dd58b8c14714b1cb9f17a9067e5c2bb6
Instruction Fuzzy Hash: 29513871A007058FDB15DF69C880A9EBBF2FF89720F1586A8D415AB3A1D770ED45CBA0

Function 01355AB2 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74fd7406b740acdbb8ee47a4a4a50521d6b8344670bf74257ad1b608f06c91bd
Instruction ID: 39e97d3fe71aa802b4fd7feae898bf28ec10cb38ec9ebf94133bab796ac4dcbd
Opcode Fuzzy Hash: 74fd7406b740acdbb8ee47a4a4a50521d6b8344670bf74257ad1b608f06c91bd
Instruction Fuzzy Hash: 1C31E431E053498FCB55DBACD8406DEBFF2EF86A10F1485ABC541AB241D630AC04CB61

Function 013529C7 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e57120e54e4d250c2bbb34733f981e1b43b4d74e83926c299147b7d33a7733
Instruction ID: b91c509bac0da4af3f396a14fb4c456d874e17ea1967a25bbe55ff061412cf1c
Opcode Fuzzy Hash: 77e57120e54e4d250c2bbb34733f981e1b43b4d74e83926c299147b7d33a7733
Instruction Fuzzy Hash: 8F418A30A003059FDB15DF68D8809DEBBF2FF89720F4586A8E455AB3A1D731AD45CBA0

Function 0135D07F Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d906f6b375a50916653aa7a3113146fa608db694efda24e9c486fa1afdfffc22
Instruction ID: 12ddda1aee90b80b7581f59e55a8982ae978575ad8f40bcc503955c0c6fa4864
Opcode Fuzzy Hash: d906f6b375a50916653aa7a3113146fa608db694efda24e9c486fa1afdfffc22
Instruction Fuzzy Hash: 1531F335A0434A9FCB52EFB8D91499DBFF2FF88614B1441AAD844DB251DB31AE04CB61

Function 01353DF1 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46b0f62097b123d53d01b252b117b3aca501a604d13d32d8bff5d2d1318f1f35
Instruction ID: 1bcfed84964033313774f42c87f870813f75b3772bffd5e574ff023421c206a7
Opcode Fuzzy Hash: 46b0f62097b123d53d01b252b117b3aca501a604d13d32d8bff5d2d1318f1f35
Instruction Fuzzy Hash: A2316131A012059FDB54DF69D4809AEF7F6FFC8B50F14856AE809AB205DB309D459BA0

Function 01357474 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a81adf29a28a806a9bf1fe9bee116c9e6d4eb770f8ca1b13d034bea0b4d62028
Instruction ID: 8386a5e3af5e59f071a9939fbbe7fac2f72e5f296156856265ccce2d6358bb8e
Opcode Fuzzy Hash: a81adf29a28a806a9bf1fe9bee116c9e6d4eb770f8ca1b13d034bea0b4d62028
Instruction Fuzzy Hash: 48410FB0D0034DDFDB10CFA9C880ADEBBF5BF48718F508429E809AB250DB75A945CB90

Function 01354ED8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e9b621261a4a2e7eb34f49c26c98ffa13f91535f774ce435c5494a350b2dea8
Instruction ID: 739ce46b06b72c23d20f3e8f22cfab87fd23e71c18aa9a46c4e3030b74343bfd
Opcode Fuzzy Hash: 2e9b621261a4a2e7eb34f49c26c98ffa13f91535f774ce435c5494a350b2dea8
Instruction Fuzzy Hash: 1831EE317043109FD395DB6DE814A6EBBE6EFC66A1714856AE809CB380DF31DC068BA5

Function 01355931 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c84a95eb03c737df120de091fc9fe9b8ecea651fd2df9de0a8120b63674378f2
Instruction ID: f11a77ceca4807f6b100ded5581606a16bd823ed4794e9dfe6c1e0a9d063f010
Opcode Fuzzy Hash: c84a95eb03c737df120de091fc9fe9b8ecea651fd2df9de0a8120b63674378f2
Instruction Fuzzy Hash: 9F310874B102149FCB44DFA9D498E9DBBF6AF8C724F2580A9E805EB361CB719C41CB50

Function 0135A820 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1c7090228b3bfb3440302d74afceb6631fe1189bc053595f888cdc45d3b0ae
Instruction ID: 2d825c1accbda4a4be7ced50bb68199e23455587f802897b39c9b52f52e20de1
Opcode Fuzzy Hash: 9b1c7090228b3bfb3440302d74afceb6631fe1189bc053595f888cdc45d3b0ae
Instruction Fuzzy Hash: 6231A131F012199FDB41DF68D480A9EFBF6FFC9A50B14812AE805EB301DB30AD058BA0

Function 01357480 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe5496e7c6a7742ae3c75da420a91622418c261c1bfb70418a009c9c93be0b13
Instruction ID: 4c3a0b85a45cfcf6ff6beb51337c7df0aa59239d49c9fed57d2b5f854404cdb1
Opcode Fuzzy Hash: fe5496e7c6a7742ae3c75da420a91622418c261c1bfb70418a009c9c93be0b13
Instruction Fuzzy Hash: CC41EEB0D0034DDFDB14DFA9C884A9EBFF5BF48718F508429E819AB250DB75A945CB90

Function 013568C0 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cb796dfdf9a5177d86a67e74e7e51433fb4ba8cd6b13766658a9a4308885568
Instruction ID: 458e3194bf27c0024706ca188676747b4fe951451365af1656933d6595db5127
Opcode Fuzzy Hash: 8cb796dfdf9a5177d86a67e74e7e51433fb4ba8cd6b13766658a9a4308885568
Instruction Fuzzy Hash: 8331ACB0B102168FCB54EB788851ABEBBF6BFC9A00B54446DE546DB3A1EA70DC019790

Function 01354498 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63efddf85c92f7d9be5613fad039b3fbc30435f307629303074210c7d8c838e4
Instruction ID: 63b78fb4ee2c2ee1da9c5a9f905f004ef9a70deb27d6b9cef75ff9f98a225dc9
Opcode Fuzzy Hash: 63efddf85c92f7d9be5613fad039b3fbc30435f307629303074210c7d8c838e4
Instruction Fuzzy Hash: 91310574A00114DFCB48DF69D498AADBBF2AF8C724F2580A9E905EB361CA719C40CB50

Function 01353CC0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51a3e7cdf039cb3be2a474fae96bd9d79012de2bb2bf93bee635025e686290d2
Instruction ID: ce2e0b72f33fadc3bd12ee6f8d62314e8c55c9f276447cebbde2cf09e3dd8564
Opcode Fuzzy Hash: 51a3e7cdf039cb3be2a474fae96bd9d79012de2bb2bf93bee635025e686290d2
Instruction Fuzzy Hash: E4319331B016099FDB05EF68D440AAFFBF6BFC9B50B14852AE845AB301DB30AD5487A0

Function 013569C8 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 375ba0f417c108b50b457715e9c2251e3aa8db589c5282bc11c26cb0ea9553ac
Instruction ID: daa8524c9bd6ce85d2b963c8790860646a88ebbacfccdaee614c96dd6a7ad2b6
Opcode Fuzzy Hash: 375ba0f417c108b50b457715e9c2251e3aa8db589c5282bc11c26cb0ea9553ac
Instruction Fuzzy Hash: 1C3140B4A00109CFEB54EF69C465BAD7BF6AF88B49F108479E906EB354DB309C41CB91

Function 0135A121 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0c58d2492e0b17830de1365d26da8df107ac6e8ded1808669ca22d08ac9ff73
Instruction ID: 705e5f0a46938fb19b9e26a070525c28a2348c10ebe94123ec82c812cb1261f0
Opcode Fuzzy Hash: e0c58d2492e0b17830de1365d26da8df107ac6e8ded1808669ca22d08ac9ff73
Instruction Fuzzy Hash: D3318230B002199FDB54EB79D8649AD76F6AF89A48B10443DD905AB365DF318C05DB60

Function 0135275D Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe7101b0755e2922455a5063efaa061b6bf8bd21f5b2d1c29a5f15baf8c3e00
Instruction ID: d3504448ca238f26952bb698a9d1a85ac156e9f3d7cf0545e75762ebf0c8e5cf
Opcode Fuzzy Hash: 0fe7101b0755e2922455a5063efaa061b6bf8bd21f5b2d1c29a5f15baf8c3e00
Instruction Fuzzy Hash: 82313770D0024ADFDB14CFAAC590ADEBFF2BF48700F288419E958AB250CB359945CF90

Function 0135A810 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1350646c64a70704638f03acc13c505db6e1856918e3861b11b051f313fdb884
Instruction ID: 4895ac7d5887498b984382b2c7ed03958a5cef56175955b74ade1a0f584c0845
Opcode Fuzzy Hash: 1350646c64a70704638f03acc13c505db6e1856918e3861b11b051f313fdb884
Instruction Fuzzy Hash: DC31B431E012199FDB44DF68D48099EFBF2FFC9B60F15856AD845AB201D7309D45CBA0

Function 0135D100 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dbc8f8f52b0a2432019df86eb01adafa5913b0c4ca79065e92b852b95211e6c
Instruction ID: 21fba63cdedfa5d1da637a70e767e9abf99b9ba801c77cfde88a8d782a21bf14
Opcode Fuzzy Hash: 2dbc8f8f52b0a2432019df86eb01adafa5913b0c4ca79065e92b852b95211e6c
Instruction Fuzzy Hash: AD31D470A003058FDB21DFA9C94099EBBF6FF88650B144669D895AB350DB31ED44CBA1

Function 01353CB0 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07f6f8952c4ae3ccb9e9c000e39c795066bc552b34db6f991529426da537905c
Instruction ID: 18fa6e2ca2db3e8e28272d1cac322190c0efac89f2126539d7fd01a696e8bd5d
Opcode Fuzzy Hash: 07f6f8952c4ae3ccb9e9c000e39c795066bc552b34db6f991529426da537905c
Instruction Fuzzy Hash: 3C21A531E002199FDB44DF68D440AEEBBF6BFC9B60F14856AD845AB201DB309D44CB60

Function 01352768 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c3e1016ebd0cb2299b5872a14b06a8f7e20c5e3de84fc38214868f6721fd824
Instruction ID: cb43f31dd5e98d9828289edd5d842746bf16c1e910b1fdba508174c0ab397e6d
Opcode Fuzzy Hash: 4c3e1016ebd0cb2299b5872a14b06a8f7e20c5e3de84fc38214868f6721fd824
Instruction Fuzzy Hash: 12311370D00249DFDB14CFAAC480ADEBFF5AF48710F248429E908AB250DB359945DFA0

Function 0135DF80 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8f41009bd53bbfba808010104f68f54d9559fd8d2edeec0c766b8d45e36e98f
Instruction ID: 6d0d3ce51143000dae5dc7cf2855fc95eba0c61070f924e7d6c2ffa138065f7f
Opcode Fuzzy Hash: a8f41009bd53bbfba808010104f68f54d9559fd8d2edeec0c766b8d45e36e98f
Instruction Fuzzy Hash: 1231D271A002098FDB21DF69C540A9EBBF6FF88710B24466DE895EB344DB31AD44CF60

Function 0135A130 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e06ae37125bb0f7f4d1b34d306286a216bc9af9b4f477ef3107b70a03020627c
Instruction ID: 4ebd356eb812f1edf63c1330ade75fdc565892535800854b029148ab7a71a174
Opcode Fuzzy Hash: e06ae37125bb0f7f4d1b34d306286a216bc9af9b4f477ef3107b70a03020627c
Instruction Fuzzy Hash: DB21A630B00219DFDB54EB7DD8549AD7AF6AF88A44F10443DD906A7364DF358C05DBA0

Function 013569B9 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f825e93f7ab648ca4c1d2e20edae00feb4d9e096255064bd83a43c31ab405782
Instruction ID: 44e21cb69e02d5b00db5872a1e0ea33d41e3d0a33b4f530457aaa8bb86ce52b6
Opcode Fuzzy Hash: f825e93f7ab648ca4c1d2e20edae00feb4d9e096255064bd83a43c31ab405782
Instruction Fuzzy Hash: C03132B4B00215CFEB94DF79C465AAD77B5AF89B48B108479E905EB364DB309C41CB90

Function 0135D9B0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9b0a064877f94fcf717842acf31559c773e199589e0b536cd997edfd38461c0
Instruction ID: a649728d28c96f0e33b5b7e43b65ed647c333fbcc86d67c88bb7a578cfb0a98d
Opcode Fuzzy Hash: b9b0a064877f94fcf717842acf31559c773e199589e0b536cd997edfd38461c0
Instruction Fuzzy Hash: 03215E75B10109DFCB44EBACC4509AEBBF6BB9CA18B140578E806E7365EB319C418B90

Function 0135D0D2 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb65320abbc6273ddbc24b044931f7d1e7859d4125b826c78dbe886cb8b175e
Instruction ID: 32f48eb2f4134b47435c000f31367e28944770adddc43203690df2d3cafa555c
Opcode Fuzzy Hash: 1cb65320abbc6273ddbc24b044931f7d1e7859d4125b826c78dbe886cb8b175e
Instruction Fuzzy Hash: 9021D331A043458FDB52DFA9C850DDEBFF6FF89A14B0481AAD844DB251D7319D04CB61

Function 013567C0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4085a96e3f35c87bb7ad5ef8561df1b4e37443c74d9a061ae27789e44c875dbc
Instruction ID: e6cb60fc2f0c9cbb8904f0eebfc85d50f7a6a4f6f67301478a7ce64040a6baa1
Opcode Fuzzy Hash: 4085a96e3f35c87bb7ad5ef8561df1b4e37443c74d9a061ae27789e44c875dbc
Instruction Fuzzy Hash: EB219F70B002159FDB44EBBD98583BEBAEAEFC8A51B61442DD40BD7740EF348C0157A0

Function 01351890 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd87cf56366aab8579c1be33601ac3320e85918be5b3f95a328a9dda1d62e830
Instruction ID: 900782587d756ca323ead1de8234b51818b407a7a22855e5dea7a69c1d422094
Opcode Fuzzy Hash: fd87cf56366aab8579c1be33601ac3320e85918be5b3f95a328a9dda1d62e830
Instruction Fuzzy Hash: AE219232A01309AFDB15DFA4D880ADEBFF6FF8A710F118166E501A7200DB305D54CB61

Function 01356396 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8725502f9c1b2ea3c263d48a6336b90e698b5cb4bb54110d973f0f73a02eea46
Instruction ID: d0922a5e16938c855184421009d09700f3208067639fa60f9036ad9418d6e760
Opcode Fuzzy Hash: 8725502f9c1b2ea3c263d48a6336b90e698b5cb4bb54110d973f0f73a02eea46
Instruction Fuzzy Hash: C521BFB0A007588FDB24CF69C8009DEBFF2BF88B54B10866DD886AB750D730A805CB60

Function 013567D0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e24379edba5ff104202aa0612d838f8d091aeece42258d00e00e681b82f74694
Instruction ID: 41081d690b2b4c9600e55ff1e16651deadba9d6cdf0cee3fda87c7cd22734a68
Opcode Fuzzy Hash: e24379edba5ff104202aa0612d838f8d091aeece42258d00e00e681b82f74694
Instruction Fuzzy Hash: F3116AB1B002199BDB44EBFD881836EBAEAABC8A51B61442DD50BD7784EF34880557A1

Function 0135A3E8 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ea5e9a461f9614a4bad114763d7fe0bf2ee214e0041d423f3d49ca07d7bdc52
Instruction ID: d00bb31b415266e5cbb738e193a8285be60d1cf998c701bba5c72663746da64d
Opcode Fuzzy Hash: 9ea5e9a461f9614a4bad114763d7fe0bf2ee214e0041d423f3d49ca07d7bdc52
Instruction Fuzzy Hash: 6321F471A007588FDF25CFA9C844A9EBBF2FF88720F10866DD886A7755D734A845CB90

Function 013518A0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 866992adcf6a853216b368e29828f7f03041b426ec4de8a8409f3ae4aa09f67a
Instruction ID: db816f3cc2183d0b4df45be23d1df1eb64c2605e90da5c479b409718c62823a0
Opcode Fuzzy Hash: 866992adcf6a853216b368e29828f7f03041b426ec4de8a8409f3ae4aa09f67a
Instruction Fuzzy Hash: 72218E32E012089FDF15DBA4D884ADEBFF6AF8A710F108566D902AB201DB315D14CB61

Function 0135A4D8 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73ee1807f6089b76cf0cc77ad7c52f0549f8410181de5610082350335e696f42
Instruction ID: 164607c774c7ccbb8ed205422d97fbd4a557432611858ad042323a84dbf463aa
Opcode Fuzzy Hash: 73ee1807f6089b76cf0cc77ad7c52f0549f8410181de5610082350335e696f42
Instruction Fuzzy Hash: FE219232E012099FDF05DFB8D980AEEBBF6AF89B20F104666D501BB241CB305D148B61

Function 0135DF70 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de08b7ac58f4b12786fd4d0a64cf6c1ccc97c6ace02f723e15409248eb2a1101
Instruction ID: 2c2291f4eb40914a204cf6642d0fbfa6dfab72835b5b2ca05653faad4372596e
Opcode Fuzzy Hash: de08b7ac58f4b12786fd4d0a64cf6c1ccc97c6ace02f723e15409248eb2a1101
Instruction Fuzzy Hash: 5D21E775A003058FDB12EF69D940ADDFBF6FF88614B14426DE855E7644DB30AD04CB90

Function 01350981 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 974c5c3010a007cffce1c947d2e0eabf26eeaa28346958739e3232fa7e5f5f8f
Instruction ID: 28147a31b0ab303eb1406527480fd09c999a876b0460dac044b8b7faf9679ac8
Opcode Fuzzy Hash: 974c5c3010a007cffce1c947d2e0eabf26eeaa28346958739e3232fa7e5f5f8f
Instruction Fuzzy Hash: 55211B7491030EDFDB01FFA8E8546AD7BB1FB94705F108AAAD0049B259EB701A49CF81

Function 01350C9A Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b624990cfb895b515fee0ec8a200e802040b47e7d02b122e809301bbb24338bf
Instruction ID: 830ec900aa9a16bfa260f594abb518a990498c82011055bb8defe3160456a62f
Opcode Fuzzy Hash: b624990cfb895b515fee0ec8a200e802040b47e7d02b122e809301bbb24338bf
Instruction Fuzzy Hash: B7210675E002498FDB05DFA9D4449DDFBF6FF89314F158066D809AB225E730A955CF10

Function 0135AE89 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41f9a870e490b1bd0126dfaaff3920151fc4e0a30306f0786e7871fb02760fc6
Instruction ID: fb5f10c7e3fd50e48b78fa076f4f1e6b9fed9c6e3a6522578a2fd4aa188597a5
Opcode Fuzzy Hash: 41f9a870e490b1bd0126dfaaff3920151fc4e0a30306f0786e7871fb02760fc6
Instruction Fuzzy Hash: BD113D32E1171A9FCB01CFA9D8404DDFBF2EFC9720B158626E515B7260E770295ACB61

Function 01350990 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fc7afeeb3ed97c2ca19a1405eab4b7db4cc36dc76bf57b654392eee528eb5f9
Instruction ID: 9ab05de8be85bf8876d4e7b37ff2a3013238d46add41420bdcea8962e668e24f
Opcode Fuzzy Hash: 2fc7afeeb3ed97c2ca19a1405eab4b7db4cc36dc76bf57b654392eee528eb5f9
Instruction Fuzzy Hash: 01212C7491030E9FDB01FFA8F8546ADBBB2FB94705F008679D404AB259EB705A49CF81

Function 01353709 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9137f9b6a29927fdb2cebb2f57322fd590fe31601d7e59a44926e6fbd4c8ea23
Instruction ID: e6aeecc5f18c0561c3116f2894b21294cde3954f470e949f4da4897975ebddd8
Opcode Fuzzy Hash: 9137f9b6a29927fdb2cebb2f57322fd590fe31601d7e59a44926e6fbd4c8ea23
Instruction Fuzzy Hash: 5A115B71A002088FDB04CF58D884DEEBBF5FF88760F2580A9D505AB725D731AD448B60

Function 013528A1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fe994bbc438bfdf891643538f2139f013544582af354529321ce6c1598167d0
Instruction ID: f75487b3417aad8a384073c51afa24d5ce1af7a141de09933299fc967e52665f
Opcode Fuzzy Hash: 1fe994bbc438bfdf891643538f2139f013544582af354529321ce6c1598167d0
Instruction Fuzzy Hash: E7115E32D1164A9FCB00CFA9D8805CDFBB2EF89720F11472AE914B7240E7707956CB50

Function 013531E4 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5dcf4c731da3f6bc770e62cec30569e823d7860682b47c526482d8937da3516
Instruction ID: ee03a922e62d91e9f448bd35b511493cd5260827f3b4c3928fa20b64635282ae
Opcode Fuzzy Hash: d5dcf4c731da3f6bc770e62cec30569e823d7860682b47c526482d8937da3516
Instruction Fuzzy Hash: B811A332D1978A8FCB02DBB8C8005DEFBB2AFCA710F1586ABD111B71A1D7702459CB61

Function 013539EA Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7718800317436aef0045c7381553934fbd42fcfd99014bf58249a10b4c727bf6
Instruction ID: ea1d15d9448eab49b18fcdfe099cfd0e7e9e8bf2a9e4f313d4c6a69ce345f396
Opcode Fuzzy Hash: 7718800317436aef0045c7381553934fbd42fcfd99014bf58249a10b4c727bf6
Instruction Fuzzy Hash: 8011E132E1170A9BCF00CBA9C8440CEF7B6EFC5720B254226E110B7250EB702856CB60

Function 01352BA8 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7627e83b9c808b69750a2834d10869708d64ac24a7429b811cd2f7935890e8fa
Instruction ID: 641dfdb1a2323038a5ce0d2d939dba87e4263f641852157f5f20f46078342309
Opcode Fuzzy Hash: 7627e83b9c808b69750a2834d10869708d64ac24a7429b811cd2f7935890e8fa
Instruction Fuzzy Hash: C3114832E1171A9FCB11CFA8D8804DEFBB2FFCA720B11422AD100B7150E770295ACB60

Function 0135A3D8 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 204993dc8dcefca31f14bc5d40c9a994d5fb10e57cd13eeaa4fb663ef65b4925
Instruction ID: 16b94f1f63b1fb39687163ca9f2ee4c837a21b9e91c998fda902dad7f47ec154
Opcode Fuzzy Hash: 204993dc8dcefca31f14bc5d40c9a994d5fb10e57cd13eeaa4fb663ef65b4925
Instruction Fuzzy Hash: 6911A031A003189FCB24CF59D8008DEBBF2FFC9724B01866ED985A3610D731A804CFA1

Function 0135461B Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5e8e5219dd1eb71464cf0f90ce0714372f632a78bbb0d92b2551ffd51d14cb1
Instruction ID: 3c616c93e271c3210d165f043fc26a68e97913708c3c2aa74fe1f9c10c20c631
Opcode Fuzzy Hash: b5e8e5219dd1eb71464cf0f90ce0714372f632a78bbb0d92b2551ffd51d14cb1
Instruction Fuzzy Hash: C9117C32D0674A9FCB01CBB9D8400DEBBB2EFDA720B26466BD100B7161E774295AC761

Function 01356278 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 440d5daa9a2c9f8b9ef3cfd1153a6cd8c73bd93fb47eff0a4f6b9e2fd61599b4
Instruction ID: 8c4fbed84e334aa1fb278203f86037bb141547b75a38055d81ad163af4b01527
Opcode Fuzzy Hash: 440d5daa9a2c9f8b9ef3cfd1153a6cd8c73bd93fb47eff0a4f6b9e2fd61599b4
Instruction Fuzzy Hash: FA016132E1074B9BCB00DBA9D8405EEB7B1EFCA720F11862AD51177160EB70195ACB61

Function 0135A2C8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f046fcf82930478ed8f3d00ccf9a6525dfd1e887f1747185e0e58715b6ec7557
Instruction ID: 847893e028fa4cd7f40ea5c53e15b260c52c584413e3703d203ca0f1a7c3827e
Opcode Fuzzy Hash: f046fcf82930478ed8f3d00ccf9a6525dfd1e887f1747185e0e58715b6ec7557
Instruction Fuzzy Hash: 97118432D1170B9FCB00CBA5D8404DEFBB6EFCA720B254667E110B7150E770295ACB61

Function 013528B0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 888752db2172cbdebd20dad6f414240c3b7124406ecf8c02ff17587631ed984b
Instruction ID: 363d56ab3929149ba64073c1e831bb215c6346236dbf279b7699559bff8fa6f0
Opcode Fuzzy Hash: 888752db2172cbdebd20dad6f414240c3b7124406ecf8c02ff17587631ed984b
Instruction Fuzzy Hash: 93113032D1160E9BCF00DFA9D8805DEF7B5EF99720F21462AE515B7240E7707A56CB50

Function 0135BCFF Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 792df090994f9c54dcfc84a22dff8794d30ccfafc00a81e4bf05400c1e119ef6
Instruction ID: 54e704b130d6271256ff65e43b83bcdb53e6139aa548568579b35c6d756ba295
Opcode Fuzzy Hash: 792df090994f9c54dcfc84a22dff8794d30ccfafc00a81e4bf05400c1e119ef6
Instruction Fuzzy Hash: 33018432E1170A9BCB00DFA4CD801CDFBB6EFCA720F250666D10477150E7702A5AC760

Function 0135AE98 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f53dd7cdca5e32478c2120b10fd677aa22876fb3e600e24dc4df794a94d45e4
Instruction ID: 5f5fac36e29e5f28bb9f12ec70b64e78e14c60e551d62953c2344ad6d83e2103
Opcode Fuzzy Hash: 0f53dd7cdca5e32478c2120b10fd677aa22876fb3e600e24dc4df794a94d45e4
Instruction Fuzzy Hash: 4D116132E1061E9BCB00DFA9C8405CDFBF6EFC9720F158626E515B7250EB70295ACBA0

Function 0135E2CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2e828af4ff0e083d27efacfaf8feafe2de9463569155f3e5247d22c7a46fecc
Instruction ID: 6278fae74014ce5016d5a4b76e6d73c0052a8422d97cda2efade188bc2e905b8
Opcode Fuzzy Hash: b2e828af4ff0e083d27efacfaf8feafe2de9463569155f3e5247d22c7a46fecc
Instruction Fuzzy Hash: 8A118275918396DFCB02DFB8DC144DEBFB0BF82300B0586A7C450EB252E6741949CBA1

Function 0135CF78 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54a8b7543cf6369f84ccaea7b2e8cff732bc13f4df2ff82b07f742a7c46dd43f
Instruction ID: b1a69aae4f60f6be27efc5b2a269243b7ece23532afb29a2eabb6ecf31e9c3f5
Opcode Fuzzy Hash: 54a8b7543cf6369f84ccaea7b2e8cff732bc13f4df2ff82b07f742a7c46dd43f
Instruction Fuzzy Hash: EE016132D1070A9BCB419BA4C8414EEFBB6EFCA724F594A15D11177150E770259A8BB1

Function 013519AA Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52dbdd3a6d8c3151dc808353bebab80dc990dbb93a8da5e3b2fd08274848e322
Instruction ID: 4b5ffd846342816d96bfa33d7bb15a59bcfcb49eeb3a25fa83de3cdda05f7d00
Opcode Fuzzy Hash: 52dbdd3a6d8c3151dc808353bebab80dc990dbb93a8da5e3b2fd08274848e322
Instruction Fuzzy Hash: B9018032D1570B9BCB05DBA5DC404DEF7B6EFC6720B118726E12477160EBB0251ACB91

Function 0135AA58 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 650a89f3e66e070b2af86cc304cea5c0129754e2b89d714417ad67f4f651309b
Instruction ID: 5dbf3ebb7535c39e4f7ec418e1f56cd4fc915d46bda8e7104099b751113c184e
Opcode Fuzzy Hash: 650a89f3e66e070b2af86cc304cea5c0129754e2b89d714417ad67f4f651309b
Instruction Fuzzy Hash: 2C018B32D0174A9BCB01DFA9D8404CDFBB6EFCA320F15466AE10077151EB702499CBA0

Function 0135B37C Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a529443ef322ee10612796357e7334ebfcaab22a4afb85e5798693e16172e7
Instruction ID: 188cafabc0994586fd062457f3094ac7ce82aaca9d41df50ddb2e771fd693af7
Opcode Fuzzy Hash: 81a529443ef322ee10612796357e7334ebfcaab22a4afb85e5798693e16172e7
Instruction Fuzzy Hash: 161133B59007498FDB20DF9AC488B9EFBF8EB48724F208419D919A7350C374A944CFA5

Function 0135DA98 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28a1813137eafe1a15d0e89f356b1d46b25d6c58e9aaf17788999bcaa44dc230
Instruction ID: 62a7e7cd6e5fc0720b3132a8bf63d3cf68533d50929abc85adeabe28761e2323
Opcode Fuzzy Hash: 28a1813137eafe1a15d0e89f356b1d46b25d6c58e9aaf17788999bcaa44dc230
Instruction Fuzzy Hash: 3E1122B99003498FDB20DFAAC585BDEBBF4EF48624F20841AD559B7650C374A944CFA0

Function 01355E58 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28d188e799ac6d3d7893e4dcd70aac7129f7e5f949dc168a43bbca186006c120
Instruction ID: b45947178da4cda606c6344a1a7dd80e372f1dd75b774e9b75e7fd257d3a1ce3
Opcode Fuzzy Hash: 28d188e799ac6d3d7893e4dcd70aac7129f7e5f949dc168a43bbca186006c120
Instruction Fuzzy Hash: 0801B132D1171B9FCB00DBA4DC548DEB7B6EFCA710F16462AD11177160EB702A6ACB61

Function 012ED149 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860064495.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_12ed000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca5d2746790907a907621f92958e748885218e4879e4a691abd19ae52ea91f9d
Instruction ID: db1d81d464964f2b61e49c88836da1a585f50d298ef30910ef67bbfe52883d49
Opcode Fuzzy Hash: ca5d2746790907a907621f92958e748885218e4879e4a691abd19ae52ea91f9d
Instruction Fuzzy Hash: 4801DB711183489BF7209A55CC88767BFD8DF45625F58C51AEE094F287C379D840CBB2

Function 0135C5E0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc1bd698b05e244afbd6866cb5df783176e6e032811eec717c887233e8a181bb
Instruction ID: 5235cc4015e9a064340bbecd8a44336f4101f85c7bfea66739b84b1d1fbf8fe9
Opcode Fuzzy Hash: dc1bd698b05e244afbd6866cb5df783176e6e032811eec717c887233e8a181bb
Instruction Fuzzy Hash: AF018C32D1160A9BCB01DFA9D8440CDFBB2EFC9320F154626E11077160EB702599CBA0

Function 01350877 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc400ba0d472c8a85f20a11831fd360484333cc4dbe243c54e8e6f551f0a2d
Instruction ID: 3509ccce7333f862efae034d23d591f7bf035e80c06510187143f532a5b8844e
Opcode Fuzzy Hash: eecc400ba0d472c8a85f20a11831fd360484333cc4dbe243c54e8e6f551f0a2d
Instruction Fuzzy Hash: 02015A32D1076A8BDB11DBB4DC444DDBBB2FFC6720F16062AD10177150E7B0295ACBA1

Function 0135C66E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d4d86a042e192d5c996b6b3143f1b4f85a5fafc8876828a6a6af9631d824bd5
Instruction ID: 87e2cca1c71e68fc283a26f95ff35780c3c8de5998cc3c392eb28d1f65d48249
Opcode Fuzzy Hash: 1d4d86a042e192d5c996b6b3143f1b4f85a5fafc8876828a6a6af9631d824bd5
Instruction Fuzzy Hash: A201D6329103098BDF44C764C455AEFBBAB9B84B18F495916D803A7240DF715902C6E1

Function 0135DE6A Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b87c894f69f9016098089561c5f951cbc1c9effd802fba8b7020a45de2ac6c2
Instruction ID: 37f07e57c852554c2e089808a4e7e635bb8dfc9e8626407b9120da67cf6df98f
Opcode Fuzzy Hash: 1b87c894f69f9016098089561c5f951cbc1c9effd802fba8b7020a45de2ac6c2
Instruction Fuzzy Hash: B6017C32D1070B9BCB00DBB8C8014EEBFB6AFCA730F154616D200771A0EB70259ACBA1

Function 013519B8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d6f3067511a5515a1ce66654b36478f07317ac12aefb897daf87705b4614590
Instruction ID: 7c0e884a0b0b653da435f7e80fed9f7b6f03b44d752a653308bef2994d2ebbc6
Opcode Fuzzy Hash: 0d6f3067511a5515a1ce66654b36478f07317ac12aefb897daf87705b4614590
Instruction Fuzzy Hash: E5017C32D1060A9BDB04DBA9E8404DEF7B6EFC9720B118726E12073160EB70251A8B90

Function 0135A2D8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df3efb9f54ceb2ee5d2cd0b63cb4aca362ec94e3451505d5abf3c0616492e29d
Instruction ID: 09e7d0e22c51edb69326556777ff5246e05fbf408d72b64e566db6dc0bc3d6ff
Opcode Fuzzy Hash: df3efb9f54ceb2ee5d2cd0b63cb4aca362ec94e3451505d5abf3c0616492e29d
Instruction Fuzzy Hash: 9E018F32D1270E9BCB00DBA5D8405DEF7B6EFC9720F214726E11073150EB702A5AC761

Function 01356511 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6247f58681935c6c6891d0b80ca3ba90748e6b626d75260ea8270f3d4f087ab
Instruction ID: 158333f8d1e7417ea3be394eac1dd19cace2feab01bbba00ff53f01f9fd3cebe
Opcode Fuzzy Hash: a6247f58681935c6c6891d0b80ca3ba90748e6b626d75260ea8270f3d4f087ab
Instruction Fuzzy Hash: 73F0FF32E002089BDB24CA64C869AFFBBB99FC4B14F01893ED402A7640DFB10906C6D1

Function 0135BD10 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a04f41082745b16c64c373fdda1121486e6e63deac4610698632b0fe7b84df
Instruction ID: b0705a6d81b82758ac452812894d78d2c84713ec4bd16e10cf3873fdebaa7372
Opcode Fuzzy Hash: c0a04f41082745b16c64c373fdda1121486e6e63deac4610698632b0fe7b84df
Instruction Fuzzy Hash: 77018F32E1160E9BCB00DFA5D9801CDF7B6EFC9720F210626E10573150EB703A5AC7A0

Function 0135C5F0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1acd3a78ca183ca4108f0f91f5db89c474fa2031bc87ac29b0e7571eb336cdef
Instruction ID: a4161f63911b5d6105f7e2a4b69434566da46d331efc6fee9379d578f98918f5
Opcode Fuzzy Hash: 1acd3a78ca183ca4108f0f91f5db89c474fa2031bc87ac29b0e7571eb336cdef
Instruction Fuzzy Hash: A9012832D1161A9BDF00DFA9D8405CEFBB6EFC9720F154726E11177150EB70259A8BA0

Function 0135CC20 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 400b16badb42903ed0eefd6dfd8a699d9082081db3bda7085ed9f65e7c6d2ffd
Instruction ID: 585034d78fbaeccb4b625056fd0cca6de54363eb971b29538ad4cfe594099173
Opcode Fuzzy Hash: 400b16badb42903ed0eefd6dfd8a699d9082081db3bda7085ed9f65e7c6d2ffd
Instruction Fuzzy Hash: 02015E32E1171A9BDB00DBB4EC045DDFBB2EFC9720F154626E1017B1A0EB702559CBA0

Function 01354630 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c622870ab073ca65c4f68bfccdd5e3da0e41930b2e5cf89803868e0924d2fab7
Instruction ID: 8e0e1611d0982821c94fa2d35b4d7d284eddd4cc965c237bf8d27fcef01affb9
Opcode Fuzzy Hash: c622870ab073ca65c4f68bfccdd5e3da0e41930b2e5cf89803868e0924d2fab7
Instruction Fuzzy Hash: E4017C32D0160A9BCB00DBA5E8401DEF7B6EFC9720F214626E11077150EB702A5A8761

Function 01353200 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0db125e8a7a222a159fd0015f34e65e36c9790e03fd877210e69fb496e0d872b
Instruction ID: 44c4d14e79228d8968ca9a72e24bc5d328910a9c37333e423513973502b0d5af
Opcode Fuzzy Hash: 0db125e8a7a222a159fd0015f34e65e36c9790e03fd877210e69fb496e0d872b
Instruction Fuzzy Hash: 7B014B32E1061B8BCF10DBB9D8405DEF7B6AFC9720F218626D61177250EB702599CBA1

Function 01356288 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 755aa011d1812d45fbd0caf9063572fd323953aa586588c2b2bdd37f4737d152
Instruction ID: 421e69cd268378e7923c1185bffafa7aef1bc5a0af9c48d757e7e49cf55866bb
Opcode Fuzzy Hash: 755aa011d1812d45fbd0caf9063572fd323953aa586588c2b2bdd37f4737d152
Instruction Fuzzy Hash: 1F014B32E1061F8BCF14DBA9D8405DEF7B6AFC9720F218626D61177260EB702599CBA1

Function 01356490 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 723fd3a25ce4b50b5647a2172e6255ea11b768cf518a43f10ff289cee41fb874
Instruction ID: 23d25bb5095132ab1186f4ce1fd1787a96ee90b654c02237c35237b39d82b87c
Opcode Fuzzy Hash: 723fd3a25ce4b50b5647a2172e6255ea11b768cf518a43f10ff289cee41fb874
Instruction Fuzzy Hash: BF015E32D1564B8BDB00DBB8DC004DEFB76EFCA610F158616C111771A0E7702559CBA1

Function 01355EE1 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce78df2f8a5df8075dff5133eb7b79bcad15b36549235e083124a23aed72c208
Instruction ID: a23fe497082400b3dd52aa56bfdcd68c66dd920021e671d5439ad0850044170f
Opcode Fuzzy Hash: ce78df2f8a5df8075dff5133eb7b79bcad15b36549235e083124a23aed72c208
Instruction Fuzzy Hash: 4A01AF32E10209DFDB55DB64C865AFFBBB5AFC4B10F12856ED402A7690DF70190A8791

Function 0135D002 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14252d74ced9d966f2e758edb81abc026e5e27cfb39d5fd2af13cd8dfdff59c5
Instruction ID: 8e6996032c8c5e07e4d985ddd636bc3f96019c4feecef34a2be46a47e50858cf
Opcode Fuzzy Hash: 14252d74ced9d966f2e758edb81abc026e5e27cfb39d5fd2af13cd8dfdff59c5
Instruction Fuzzy Hash: 3701D172E106099BDF05DBA8C414AEEBBF69F88B50F01446AD502AB641DF754802C7E1

Function 013508F9 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a31af259f6e791e29c2027025d6ef22e4b090efd98496f5f5bcff6a8699cdc12
Instruction ID: a1c2eec71c29c366fd4db0864ff46bf46b7895f60ab35a05d2c4a9b3a0fb5f7d
Opcode Fuzzy Hash: a31af259f6e791e29c2027025d6ef22e4b090efd98496f5f5bcff6a8699cdc12
Instruction Fuzzy Hash: 82F0F432D102098BDF15CB70C4A9AEFBBF59F84710F00886AD402AB240EF710906C781

Function 01353A82 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d782059d32ff07ecc614713837114f3437fc2ce631f813699d7b1a9b06a6d32
Instruction ID: 00a8adb9806cd0ee50d1dbab7a37f11ae8a64c7f004fc7e09417d1b1cd284fa2
Opcode Fuzzy Hash: 2d782059d32ff07ecc614713837114f3437fc2ce631f813699d7b1a9b06a6d32
Instruction Fuzzy Hash: 63F0AF31E002199BDF65CB64C869EEFBBF9AFC4714F02846ED402EB290DFB14906C690

Function 01355E68 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e1552c3b85188b76a468950767d4027b346b79f2d19603ca08f274a73ba3a4c
Instruction ID: 8fc4df05c16a4d49fa9a97d48b01ad72e89d5d96d1b518121791b7c5f66780cc
Opcode Fuzzy Hash: 2e1552c3b85188b76a468950767d4027b346b79f2d19603ca08f274a73ba3a4c
Instruction Fuzzy Hash: B6016D32D1171B9BCB00DBA5EC444DEF3B6EFC9720F114726D11177250EB70295A8791

Function 01353281 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b352e097d85002893e3bafb4c1e2e0b92a1519de470f3043871b974b3acb15d
Instruction ID: 2f0e5eeec024f52f6628dd07f03feec5aba0f4872424d801756e9be821de4330
Opcode Fuzzy Hash: 1b352e097d85002893e3bafb4c1e2e0b92a1519de470f3043871b974b3acb15d
Instruction Fuzzy Hash: 34F0AF32D1090A9BCB15CFA0C456AEEFBB7AB88751F04C62AD412A7240DFB16906CBC1

Function 01352C40 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3ce02acbc60b90243c7640f84eb151ad2562ea38897db8ae24c3f76b9f891b3
Instruction ID: ee67955c4e561d8f99d0deec08735743b070a6832ad7939aa3ccce2843c7af55
Opcode Fuzzy Hash: b3ce02acbc60b90243c7640f84eb151ad2562ea38897db8ae24c3f76b9f891b3
Instruction Fuzzy Hash: 6801F431E10249DBDF45CB64C465AFFBFB59F84710F41856AD402AB340DF701806C791

Function 01356308 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b113eb10016a7276403b65a4564b9ebdb47ad7cff337bcf954c4ee387bfcbb
Instruction ID: 0773350e9706d6983993c212d75318d21058ec4629973e37bdbf7a4043c25c0a
Opcode Fuzzy Hash: f7b113eb10016a7276403b65a4564b9ebdb47ad7cff337bcf954c4ee387bfcbb
Instruction Fuzzy Hash: 79F0C231E1020D9BDF54CB64D4249FFBBB5AF84B10F02453ED402A7650DF700906CB91

Function 0135CF88 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adf2092ea8d8a9a3dd3f0fe88cc8b6147cf8e4a95042ac4d891d3ecd1091a496
Instruction ID: 78eb10f8e8f045b45fb00bb0d5ba81833f0848177310c0572027fea710f9370d
Opcode Fuzzy Hash: adf2092ea8d8a9a3dd3f0fe88cc8b6147cf8e4a95042ac4d891d3ecd1091a496
Instruction Fuzzy Hash: E0F06D32D1070F8BCB00DBA5C8404DEFB76EFC9720F654611D21037150EB70219A8BB1

Function 01352949 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98ac58ef6e21cd1ee55a79eba6ebb72418b8e13d985556dbb2783bafca635956
Instruction ID: c577b422b35b1a04c7e32abe9b4f5c94eb4d9df70596a0a27b80f96ed207f6b3
Opcode Fuzzy Hash: 98ac58ef6e21cd1ee55a79eba6ebb72418b8e13d985556dbb2783bafca635956
Instruction Fuzzy Hash: 90F0FC72D1010997DF14DB74C414AEFBBF69F44700F018535D402A7380DFB1191587D1

Function 0135A34F Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f3907553e6ec032bad1bd16898cdf11c1ea464b6ca06776a0206c586ec546e
Instruction ID: b708bbe2d0f21b42c4bf3339755b18141c881d5ee75d23c5bba70c211ec8db84
Opcode Fuzzy Hash: 91f3907553e6ec032bad1bd16898cdf11c1ea464b6ca06776a0206c586ec546e
Instruction Fuzzy Hash: 95F0C272E10209DBDF05DBB0D565AEEBBF69F84710F01893AD402F7680EFB409069791

Function 01351A32 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2acc176752cbeffa2f4873026ba089c08deed28f1a9c53d6f5b17abe31b2e73e
Instruction ID: 16ba5dd2c31ef4ef3021ec294bc36e072faea1268ff6717f3de0d863c069b058
Opcode Fuzzy Hash: 2acc176752cbeffa2f4873026ba089c08deed28f1a9c53d6f5b17abe31b2e73e
Instruction Fuzzy Hash: 01F0C232E102099FEB55DB64C464AEFBBB59F84B14F01847ED402AB240DF7559068791

Function 0135AAE0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15144f09c3943035ccbb71e4f7b4c4be76f3c0e252051374fba6a05d634ccbb3
Instruction ID: 07a4b7c3720352ca86dad5c8e6c9abe03b3c7756d0b3a91d6c710014eb117f9b
Opcode Fuzzy Hash: 15144f09c3943035ccbb71e4f7b4c4be76f3c0e252051374fba6a05d634ccbb3
Instruction Fuzzy Hash: E0F02276E0010ADBDB05CBB4C055BEEBBA7AF88B00F048A2AC012B7740DF70650696D1

Function 013546A7 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a4dc5ffede7595e673a5a6d28970c10a2a0aebe1071714bb670ee5ea33881fe
Instruction ID: 2c81e11eb0c49e09633e47b4f5517ed4547b6779a82a461f00506ff09039f954
Opcode Fuzzy Hash: 3a4dc5ffede7595e673a5a6d28970c10a2a0aebe1071714bb670ee5ea33881fe
Instruction Fuzzy Hash: DDF0FF31A102489BDB09DB64C424AEFBBBA9F85B11F41483ED002AB240DF7149058792

Function 0135DEEA Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 157d0e232c2ea8a1367e19378bff1d32f3dace97e306cf2e30a0fab4290edd96
Instruction ID: 8714f4c402c6be42e56e04d53d1bee1a5ce93977175c1725d3eeba6e0fc10896
Opcode Fuzzy Hash: 157d0e232c2ea8a1367e19378bff1d32f3dace97e306cf2e30a0fab4290edd96
Instruction Fuzzy Hash: E4F02232E102098BDB45CBA4C555AFFBBBAAF84700F01842EC002BB640DF70590A87D0

Function 012ED148 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860064495.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_12ed000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70076bea6bb6a483d13a5a6317aa89d38d2b67339a259336761f32c2851bbc3e
Instruction ID: bbc9e73cda673465e56c79690f1d0cec512acfb2564770fdb380a146bb6d08e1
Opcode Fuzzy Hash: 70076bea6bb6a483d13a5a6317aa89d38d2b67339a259336761f32c2851bbc3e
Instruction Fuzzy Hash: FEF062714083489EEB109A1ADC88B66FFD8EB41634F18C55AEE485E287C2799844CBB1

Function 0135312A Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2de2c7287d6d3eb5c9560a6efa22caf3673163c3b9e80cc55e374cbe9f6b62c3
Instruction ID: 07faef0cca2b95db54e43763f628c65226c825f5117e84347cc72c67a1de20ed
Opcode Fuzzy Hash: 2de2c7287d6d3eb5c9560a6efa22caf3673163c3b9e80cc55e374cbe9f6b62c3
Instruction Fuzzy Hash: 46014B71A012448FDB05CFACD480A9CBFF2BF49364F158295E419EB2A2C730D981CB20

Function 0135BD87 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48bbee8aa36307fed18093c9689fd4c869864783bf317516df4950c26d79fb04
Instruction ID: cc56e7e734037be4018b057b8cca951563a5c164b30f909840e0289cf232baa0
Opcode Fuzzy Hash: 48bbee8aa36307fed18093c9689fd4c869864783bf317516df4950c26d79fb04
Instruction Fuzzy Hash: 13F0C232A1020C9BDF05CBA0C526AFEBBB69F84711F05486AD402B7350EF7429069791

Function 0135AF30 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bddb4128ad2700b8f4301d60bcfd190ff801f413fe2427f86390000b071754b
Instruction ID: 80717ce61855f7cc9761f81d138a2f99f3da9ac20b77c60acc0e7e0d2990f0d4
Opcode Fuzzy Hash: 3bddb4128ad2700b8f4301d60bcfd190ff801f413fe2427f86390000b071754b
Instruction Fuzzy Hash: 3FF0F076E10208DBCF15DBA0C815AEFBBBAAF44B10F01892AD402BB380DF745906C690

Function 0135DE78 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae2a50a54a2f0f1be757552c9a3cb788e3aada81dd7cf49adae1ef3738f6111a
Instruction ID: 6aeef23414a2e5fc4089a2d1f8a42c06e8064c836c308efe721f6f6fe189f4a1
Opcode Fuzzy Hash: ae2a50a54a2f0f1be757552c9a3cb788e3aada81dd7cf49adae1ef3738f6111a
Instruction Fuzzy Hash: 32F03C32D1060B9BDB00DBB9C8405DEFBB6EFCA730F554611D21037190EB70319A8BA1

Function 01354EC8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63244125a101bfe08865932abdd3ff6cdddfea2b489858af3bc2e58b837cd52a
Instruction ID: 04f785dc3299b8b4ab1cbd777c14af6927452bbb79c9bfd02babe3b051420264
Opcode Fuzzy Hash: 63244125a101bfe08865932abdd3ff6cdddfea2b489858af3bc2e58b837cd52a
Instruction Fuzzy Hash: 5EF0B4713096415FC355CE1DD448E1AFFA6EEC5A2431982AAF81CCB656DB30E841C790

Function 01350908 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38049b8f91ffde53f6e35434b0640dba7ea512991f7cbb38c6fb1baac625c759
Instruction ID: 36c4350e7ff10a5150c12ae96a7df03cd327e7861734d275d7dd57a60cf91037
Opcode Fuzzy Hash: 38049b8f91ffde53f6e35434b0640dba7ea512991f7cbb38c6fb1baac625c759
Instruction Fuzzy Hash: 00F0E232E1020D97EF19DB70C464AEFBBBA9F88B00F40852AD402BB384DFB1190687D1

Function 0135AAF0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e65fa1b89151fcfbc06c8efcc815670799652c3574344d932e4a7c3e56849fc7
Instruction ID: d10332ffaa7d640fb1f3c3a26706cdcc375edc8b943aa6d52bcaad7960f13a37
Opcode Fuzzy Hash: e65fa1b89151fcfbc06c8efcc815670799652c3574344d932e4a7c3e56849fc7
Instruction Fuzzy Hash: A0F0E932D1020D97DF15D760C458AEFBBFA5F88B10F40892AC402B7340DFB0590697D1

Function 01356520 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a6d7618ce9aebb635b738b3ad2ec928d6297215d64fe28218a7ce9c63b8bebe
Instruction ID: 4ca1d5a892ef4b5ad96275d50b375f706228d1cbfd394b575706a0c31f2d8983
Opcode Fuzzy Hash: 0a6d7618ce9aebb635b738b3ad2ec928d6297215d64fe28218a7ce9c63b8bebe
Instruction Fuzzy Hash: CBF0BE72E1020D97DF15DB60C465AEFBBBA9F84B14F40883AD402A7280DFB1290686D1

Function 01352C50 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dee04a47995485693af5948da1b92edeee2606e4f323bafef4b5bc8400422fd4
Instruction ID: 336c5759682c91dd511eda8360d00a04741e639f49307c5217708067dd236691
Opcode Fuzzy Hash: dee04a47995485693af5948da1b92edeee2606e4f323bafef4b5bc8400422fd4
Instruction Fuzzy Hash: AAF08232E10209D7DF15DBA4C455AEFBBFA9F84B10F41892AD402BB380DFB1590697D2

Function 0135CCB0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7d3b244ede66c3bf7e63c26073830e85c1603760443d3e4c9e13136817861aa
Instruction ID: 3ee8f1252b823f2e7fab0fa794f13044fa6a2cb21eb72b87cf2527c5834a01c6
Opcode Fuzzy Hash: e7d3b244ede66c3bf7e63c26073830e85c1603760443d3e4c9e13136817861aa
Instruction Fuzzy Hash: A0F0BE32E1020997DF15DB64C455AEFBFAA9F84B00F40882AD402F7280EFB4190686E1

Function 01356318 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b6a4dfb2bd72b52c4d65dd4f0512a1fcd8e8e897c6d59be9728382d79892cb5
Instruction ID: 626590f8990ac55f473cd8127629dc1f0159d252eb34eb1d28e674b50da86ec4
Opcode Fuzzy Hash: 5b6a4dfb2bd72b52c4d65dd4f0512a1fcd8e8e897c6d59be9728382d79892cb5
Instruction Fuzzy Hash: C3F08272E1010D9BDF14DB64C425AEFBBBA9B88710F45852AD403B7390DFB0590687D1

Function 01353A90 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01ff66983e5ebc9fa11355e79c9c4efe690e8830d059b0693732507a560db748
Instruction ID: 8e42975855cb99962cf5985c6de4f965cc3f313a8a4ec59b497401bd22bfb578
Opcode Fuzzy Hash: 01ff66983e5ebc9fa11355e79c9c4efe690e8830d059b0693732507a560db748
Instruction Fuzzy Hash: E7F08232E1010997DF15DB64C459AEFBBFAAF84750F01842AD513B7380DFB1590697D1

Function 013507F0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f0a57ca3d75916ed13a4cd0776b5e987a91afb2a1bc826a42aba8d87eb47e0d
Instruction ID: 2df692bdcdc7550a1bd5487d4a3c4bbf3fe83e9f44cc15a901333ba83940ab39
Opcode Fuzzy Hash: 6f0a57ca3d75916ed13a4cd0776b5e987a91afb2a1bc826a42aba8d87eb47e0d
Instruction Fuzzy Hash: 19F0826284D3D54FC707477448646543FB1AE53928B4A12CBD9808A46BE61B4C1BC3AA

Function 0135E300 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbc99321be9964c6f34175c5fd41c91997fafba297459ca6e44da78fe8a6449b
Instruction ID: 6f4393e6e7fa7df1f22d4e3068c94f32d24490c85d560d5741d186569b95f338
Opcode Fuzzy Hash: fbc99321be9964c6f34175c5fd41c91997fafba297459ca6e44da78fe8a6449b
Instruction Fuzzy Hash: 8BF03075D1022B9BCB00EFB9C8444DEFFB5FF95610B458A56C514A7200EB706648CBD1

Function 01355D08 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 883bc8f1486221b4dfb10a5aa41d3543ea152e19ec221c9807f89adf1ee9ea1d
Instruction ID: d156dd8b3a0a61c1033531b75829091bd3a6d2060b7146ce973dc76bfa33a2e4
Opcode Fuzzy Hash: 883bc8f1486221b4dfb10a5aa41d3543ea152e19ec221c9807f89adf1ee9ea1d
Instruction Fuzzy Hash: 3BE09B312183615FD742962D9804CD7BBE49FD1720706845AF4C0CB061C624AC45C7B1

Function 013513A2 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 518500037e4796e55407db4d5d41b32565656adccd9f7a8adfd162cccf57bac2
Instruction ID: aeb0bfd4acea4f19468686528f65522eba9e2e90a0b6a9a32049bdc66fb9dcab
Opcode Fuzzy Hash: 518500037e4796e55407db4d5d41b32565656adccd9f7a8adfd162cccf57bac2
Instruction Fuzzy Hash: 5BE06D70D0434A9FCB80DFBC88915FEBFF5AE8A214F1082AEC848E3601E23156208FC1

Function 01350839 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5782c21544c802774383e7d08b60843026fd9d32faa540c1c95212dcf89989d2
Instruction ID: 5b392c77daf19cd819f6d1de00ee8dc616419ffefbc1a85cff861ea293be7669
Opcode Fuzzy Hash: 5782c21544c802774383e7d08b60843026fd9d32faa540c1c95212dcf89989d2
Instruction Fuzzy Hash: DAE06570809388DFD752CBB88459A897FB0AF06260F2501EAE488CB222D6358E10CB56

Function 01354DA1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c8fcecc03a7c0a0947ff3307ee12f134b1a869895953e010d104ba059e138d3
Instruction ID: 716a23dfe18b33fc0d86466bce80c00c3951e9bd101bcf46edd1e8cba9a20e98
Opcode Fuzzy Hash: 6c8fcecc03a7c0a0947ff3307ee12f134b1a869895953e010d104ba059e138d3
Instruction Fuzzy Hash: 46E01A70A14349EFCB41DFB8E9158ADBBF5AF86214B1182AED808D7215D7B11E118B51

Function 01352B3D Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cad292b70c5b0f313cbef0e0feff80deb5ddb87632602986982f8c5b1489b965
Instruction ID: 925a0e03e991d5aa314ac60890a7fb7d9b88f0bed570ee077774d7fa4420abd3
Opcode Fuzzy Hash: cad292b70c5b0f313cbef0e0feff80deb5ddb87632602986982f8c5b1489b965
Instruction Fuzzy Hash: CBD05B32F147288FD7159F6998008EDFFA1EFC4934B1982A6C51597752C77486128BA2

Function 01352B4E Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d254e178647e208fcf318d30159c1483003d61d5483d0e7c77080efcbec50174
Instruction ID: 97261b0e0b9e60f870245192e5cd027953cac41d89ed4c732d74a406b397d813
Opcode Fuzzy Hash: d254e178647e208fcf318d30159c1483003d61d5483d0e7c77080efcbec50174
Instruction Fuzzy Hash: 97D05B71B143048FDB549FADA8445DDFFA1EAC4530B1441AED11AD7752D77085154B31

Function 01353C62 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7456a132d83d3b3c8ec30c42c2ac1b084c60bdf93bfc38fafb923449d78df3e2
Instruction ID: 87f6ab715ef9bd34668d063daef3ab7f05c4f87b948352c9903560a12db981f9
Opcode Fuzzy Hash: 7456a132d83d3b3c8ec30c42c2ac1b084c60bdf93bfc38fafb923449d78df3e2
Instruction Fuzzy Hash: F1D05E31B143489FDB549BADA8045ECFFA0AAC463171482ABD85AE7792DB308552C722

Function 0135317F Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3d85c48b814de9e858300301e48db8226733bb84f90a395bdd511298c80204c
Instruction ID: ba4ecc7322b61006c16e66281910796a8b89cda40a887321f6b39f5be0a538da
Opcode Fuzzy Hash: e3d85c48b814de9e858300301e48db8226733bb84f90a395bdd511298c80204c
Instruction Fuzzy Hash: 1FD05E31A152098FDB088BB8EC044ACBFA1EAC173571981BAD41A8B292D73085528721

Function 01353188 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16515ddabe67a7950ea10b703efbe9fc3e4c8f4b1579cadeb47f52710790a398
Instruction ID: b53309531597a9348608701a177a56eca6f81d2df43f4dc3026dea1304cd3fba
Opcode Fuzzy Hash: 16515ddabe67a7950ea10b703efbe9fc3e4c8f4b1579cadeb47f52710790a398
Instruction Fuzzy Hash: 4ED05E35B053098FCB089BBCE4044ACBFE0AA8463471581BBD51AC7292D73086518722

Function 01350848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd7248fb83b067ab942da3df3ef7575938a33bda1b44b83f60db7c64db683fe0
Instruction ID: 85b46a191d9d87e94debc0ab1d416a09d50d5759046c5268ce18268157c1500d
Opcode Fuzzy Hash: dd7248fb83b067ab942da3df3ef7575938a33bda1b44b83f60db7c64db683fe0
Instruction Fuzzy Hash: FAD01771905248AFEB51DFB8D409B5D7FB9FB05350F20459AE848C7205DB329E10D791

Function 013513B0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fef043d575c0f54f122b0501c9fa8b484036c79d8b33f2a125a1e09fb6ee5efe
Instruction ID: 13f4c08982063283bb418f0b7a81b54fc09d6be53bdfe16ca3a400a4d9b5a184
Opcode Fuzzy Hash: fef043d575c0f54f122b0501c9fa8b484036c79d8b33f2a125a1e09fb6ee5efe
Instruction Fuzzy Hash: 16E042B4D0530E9F8B84EFB988425AEBFF5AB48604F5085AA9908E3601E67156518BD1

Function 0135399E Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acda8713829652574fab2dcd03b8efdfb228b0f0dd55e358ab2859e13df76a1d
Instruction ID: 87f4a8a2e54d21927c39d2055993b6c651a2cb31b4a3368f3d7cc5e2e9afafd4
Opcode Fuzzy Hash: acda8713829652574fab2dcd03b8efdfb228b0f0dd55e358ab2859e13df76a1d
Instruction Fuzzy Hash: FBD0A732B052488FDB109BECA8006ECFBB0EAC41327048253C559A7651D7308511C733

Function 0135D1E3 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbd11165b43134977e59269cd011e4696ccb38e52636e9efff113ca718ba409e
Instruction ID: f0287760ad1bacf06eefa8158976c63e6ab938536d4f6a79bbb4a6000c2caff9
Opcode Fuzzy Hash: cbd11165b43134977e59269cd011e4696ccb38e52636e9efff113ca718ba409e
Instruction Fuzzy Hash: C5D0A932B04248CFEF018AECA8001ECBBA0EAC513871002A3C56AA7B90CB3088118B33

Function 0135B34F Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d74f73af105f90df55c3922a5d97a4c565538de3e144fd3b6ee80a3edda4590
Instruction ID: bfc01a0f21ce7703bd6fa936374de97226119775536ce78d1cc24829268abd66
Opcode Fuzzy Hash: 5d74f73af105f90df55c3922a5d97a4c565538de3e144fd3b6ee80a3edda4590
Instruction Fuzzy Hash: 23D0227201E2408FEB820B34E41A3C8BF30EF03B0AF0A00E7D820CA447C72000A6C36A

Function 01354DB0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b01f57fa4c66bf23e61e3f785a0ccac626482024936263651968cfe4e66c31f1
Instruction ID: 365078e65da104b5b23e4a07ad9e35921732dce908ec58e9a36911f939e079ac
Opcode Fuzzy Hash: b01f57fa4c66bf23e61e3f785a0ccac626482024936263651968cfe4e66c31f1
Instruction Fuzzy Hash: 27D01770A0020DEFCB00EFA8E9055ADBBF9EB44201F1082AAD808D3204EB716E009B81

Function 0135677A Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f37bdfe6455e8f73518a5a692a1846c3dedb6417b325ac8d42876cac5441dd3d
Instruction ID: 0317bc64f81685b14c612dc77b583ff2d60507970a00f47a55afd1289f476fe7
Opcode Fuzzy Hash: f37bdfe6455e8f73518a5a692a1846c3dedb6417b325ac8d42876cac5441dd3d
Instruction Fuzzy Hash: 06D0A772F063485FDF118BB8A80449CBF70FAC112571482D3C059C7262EB30C4148322

Function 0135E05A Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 347487144585ec9cd0de070652cf5a47a7c1db9c4df8cbbabb44619d96984c11
Instruction ID: 0be4d53de63206a3e703c08d69c161d6c41f90ce775fd85ddab899d53198cc40
Opcode Fuzzy Hash: 347487144585ec9cd0de070652cf5a47a7c1db9c4df8cbbabb44619d96984c11
Instruction Fuzzy Hash: 09D02233F082088FEB108BE8B8000DCFBB0EAC523970002B3C52AD36A0D73089118B33

Function 0135644B Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ccbb8cebc89ce1b586cbd3ec80a8c8e306aa8ea13fc741fcbef9320084fa1c
Instruction ID: 6e2d479a3825dee3226d90ab17e1474462c2b7fc900897e4788ce878e022d999
Opcode Fuzzy Hash: c0ccbb8cebc89ce1b586cbd3ec80a8c8e306aa8ea13fc741fcbef9320084fa1c
Instruction Fuzzy Hash: 90D0A9B2B002488FCB209BECA8006ECBFE1AAC413270042A7C959B7690CB248911CB33

Function 0135B7AB Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c53dae6cf0efe7a65564b21ae12de276c807e8265f07a22711a32bd2d73929e
Instruction ID: de977d3138626dbb12c5001cbba3524aa1868f77e8ad02fe6ba26ec8504f4166
Opcode Fuzzy Hash: 3c53dae6cf0efe7a65564b21ae12de276c807e8265f07a22711a32bd2d73929e
Instruction Fuzzy Hash: 1DD0A732B003084FCB109EBC94005DCFBA19EC4531B0401A6C52593652C760C5118732

Function 01352116 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e41c75935fe2edf513547074d2f317919c8715f2bde21c337c7595fa2f1226
Instruction ID: f558fcd335883aac9e6c32088eca8a57492249c265524e84a5447cf5e5c90ab7
Opcode Fuzzy Hash: 43e41c75935fe2edf513547074d2f317919c8715f2bde21c337c7595fa2f1226
Instruction Fuzzy Hash: 84D0A936B0020A8FCB148BA894000ECBBE0AAC813170002A2C62A976A1C7208B118773

Function 0135210D Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02535977c07acdab5dbda365bb694389fa8691252118a04c932ccad27bdd5002
Instruction ID: 5f81e7cf92ddf093b1d133b037eaefcc148f0f1181f7fa2a9d57371be02a1bc9
Opcode Fuzzy Hash: 02535977c07acdab5dbda365bb694389fa8691252118a04c932ccad27bdd5002
Instruction Fuzzy Hash: C1D023357003098FCF04CFB89C004DC7BB1E6C4631B4001F1C11557651C76046138731

Function 0135A498 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3860465646.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1350000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79534ffbfc009b467e30e9cd788ebdfa0e2cb8ecc1caa7f114f1eabc5ed88c71
Instruction ID: 4fefab82d1e4a7df24513fe4c15e50faa10cd7f6076d4a1a17b9e5a38db6f2b3
Opcode Fuzzy Hash: 79534ffbfc009b467e30e9cd788ebdfa0e2cb8ecc1caa7f114f1eabc5ed88c71
Instruction Fuzzy Hash: 20D0A932B002088FCB108BE8E4080ECBBE09AC423171002A2CA1D932A0C7208A518733

Analysis Process: oyCvLcfl3R.exePID: 7680, Parent PID: 660COMMON

Executed Functions

Function 00E60B15 Relevance: .6, Instructions: 574COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 810f01bbd741a03f87e945961bea8ca14d94d21cfa0dbe0e15df41a1674633e9
Instruction ID: df75af50b6f16256850bb22b7ea6f085b852f87b6e97e73de6633456225bf1f4
Opcode Fuzzy Hash: 810f01bbd741a03f87e945961bea8ca14d94d21cfa0dbe0e15df41a1674633e9
Instruction Fuzzy Hash: B9423874A002498FCB15DFA8D484A9DBBF2FF89714F1585A9E406EB3A9DB30AC45CF50

Function 00E60988 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94b535449a55ba370c50a9adb32e0d0929f6d19db3cc80a4a1fa228306ea5027
Instruction ID: 80ed0507f3813e93fb770535f6eb8eaea2799ffb5350385fa37260a352278a57
Opcode Fuzzy Hash: 94b535449a55ba370c50a9adb32e0d0929f6d19db3cc80a4a1fa228306ea5027
Instruction Fuzzy Hash: 7E21DC7490030A9FDB01FFA8E844B9D7BB1FB88705B5186AAD404DB359EB705E059B91

Function 00E607F0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bc3d0823f033f7eb3dc128cad0e6d45dff08fa9c88ecef147d5dd08aa067d48
Instruction ID: eaa93831f040c9cb28257288ce9d6e2843c9e85c513a9d61978d28b86592dc79
Opcode Fuzzy Hash: 5bc3d0823f033f7eb3dc128cad0e6d45dff08fa9c88ecef147d5dd08aa067d48
Instruction Fuzzy Hash: 69F0DAA180E3C59FD703CBB498296597F75AF07254B1A41CBD4C4CF1A3E6248D08D767

Function 00E60990 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a904e21af23de60939d0d3ddb1fea7384e7243cc685e7004cb2b7b42706ba66b
Instruction ID: 7486e6df4bd5683cfcb3ae072cd308ffa6010baed9d7fe3aafef1cf199fae0d1
Opcode Fuzzy Hash: a904e21af23de60939d0d3ddb1fea7384e7243cc685e7004cb2b7b42706ba66b
Instruction Fuzzy Hash: 7C21EC7490030A9FDB01FFA8E844B9D7BB1FB88705F5086AAD404DB359EB705E059F91

Function 00E60877 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee42e2d27d8f64a75a6d1705ce079ec493bfeeb2cbc81a680de070e151d3689
Instruction ID: ebf9bdf3f8ba2dd85734631d05c4fcd56537d28e3b3e48987208630ad9f3f875
Opcode Fuzzy Hash: 2ee42e2d27d8f64a75a6d1705ce079ec493bfeeb2cbc81a680de070e151d3689
Instruction Fuzzy Hash: 87017832D1176A8BCB01DBB4DC445CDBB72FFCA620F1A0656D101BB1A0EBB0295AC7A1

Function 00E608F9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcc04d2aed1f46c20b0ec35a2622e5bb96b20361597c159d6d332d03fc52ea8b
Instruction ID: b7f2e998e79b931dfa582e815cf49857ed1624ea7a30db3b5b566432f1afd3d0
Opcode Fuzzy Hash: dcc04d2aed1f46c20b0ec35a2622e5bb96b20361597c159d6d332d03fc52ea8b
Instruction Fuzzy Hash: 8AF0F432A102099BEB058B60D8986FF7BBADF88300F044466D002AB241DFB0190A97D1

Function 00E60908 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20bab5552e0126b137f6a0759c1c12c443d3ab62d29f65ba6c2575d545b5fb21
Instruction ID: aec60d3d88fa703daf89cb6e46d70e174a334d7b62f7dda9a05a2b1c01b70b4a
Opcode Fuzzy Hash: 20bab5552e0126b137f6a0759c1c12c443d3ab62d29f65ba6c2575d545b5fb21
Instruction Fuzzy Hash: C1F0E232E2020997EF05DB70C464AEFBBBA9FC4700F40852AD002BB380DFB0190697E1

Function 00E613A1 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 348ffc366b68333dabcf7573a33a8086dae270f4520bdd47b37ede8416a6dca6
Instruction ID: 8c0a737f792dc4a53e4daeb5ce30d0aa5c2404f3e09a8ff3281b0706c4afca1b
Opcode Fuzzy Hash: 348ffc366b68333dabcf7573a33a8086dae270f4520bdd47b37ede8416a6dca6
Instruction Fuzzy Hash: 3BF0A570D452498FCB41DFB9C8925AEBFF0AE4A210B1445AAC94AA7211E2702651DF91

Function 00E613B0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fef043d575c0f54f122b0501c9fa8b484036c79d8b33f2a125a1e09fb6ee5efe
Instruction ID: 603c3da293b70df302ac3456e1f69b7e691866e6eb52afe4757587dfe767f094
Opcode Fuzzy Hash: fef043d575c0f54f122b0501c9fa8b484036c79d8b33f2a125a1e09fb6ee5efe
Instruction Fuzzy Hash: 47E0E2B4D4030E9F8B40EFB998421AEBFF4AB48200F6085AA8908F3300E63066409BD1

Function 00E60848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1469010602.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_e60000_oyCvLcfl3R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caa8a5db3fe7859b9bc2d0f79b970c4d39f0780e605253b6549c8fbcb00a6c4e
Instruction ID: 11d38755134cb088cfded68aba3908aea5a85bc18e931abe9f76aa76516bc603
Opcode Fuzzy Hash: caa8a5db3fe7859b9bc2d0f79b970c4d39f0780e605253b6549c8fbcb00a6c4e
Instruction Fuzzy Hash: 01D01771945248AFDB02CFB8D80575D7BBAFB05380F204496E448D7211DB31DE10DBA1

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report oyCvLcfl3R.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: XenoRAT

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\oyCvLcfl3R.exe.log

C:\Users\user\AppData\Local\Temp\tmpD917.tmp

C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe

C:\Users\user\AppData\Roaming\XenoManager\oyCvLcfl3R.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Windows Analysis Report
oyCvLcfl3R.exe